1

___________________
Introduction

2
___________________
Description

SIMATIC NET
___________________
Assignment of an IP address 3

___________________
Technical basics 4
Industrial Ethernet switches
SCALANCE XB-200/XC-200/XF- Configuring with Web Based
___________________
Management 5
200BA/XP-200/XR-300WG Web
Based Management
___________________
Troubleshooting/FAQ 6
Configuration Manual

04/2018
C79000-G8976-C360-06
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.

DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION
indicates that minor personal injury can result if proper precautions are not taken.

NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:

WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.

Siemens AG C79000-G8976-C360-06 Copyright © Siemens AG 2015 - 2018.

Division Process Industries and Drives Ⓟ 06/2018 Subject to change All rights reserved
Postfach 48 48
90026 NÜRNBERG
GERMANY
Table of contents

1 Introduction ............................................................................................................................................. 9
2 Description ............................................................................................................................................ 13
2.1 System functions hardware equipment...................................................................................13
2.2 Product characteristics............................................................................................................16
2.3 Requirements for installation and operation ...........................................................................17
3 Assignment of an IP address................................................................................................................. 19
3.1 Structure of an IP address ......................................................................................................19
3.2 Initial assignment of an IP address .........................................................................................20
3.3 Address assignment with DHCP .............................................................................................22
4 Technical basics ................................................................................................................................... 23
4.1 Configuration limits .................................................................................................................23
4.2 PROFINET ..............................................................................................................................25
4.3 EtherNet/IP .............................................................................................................................25
4.4 Redundancy mechanism ........................................................................................................26
4.4.1 Spanning Tree ........................................................................................................................26
4.4.1.1 RSTP, MSTP, CIST ................................................................................................................27
4.4.2 HRP.........................................................................................................................................28
4.4.3 MRP ........................................................................................................................................29
4.4.3.1 MRP - Media Redundancy Protocol .......................................................................................29
4.4.3.2 Configuration in WBM .............................................................................................................32
4.4.3.3 Configuration in STEP 7 .........................................................................................................32
4.4.4 Standby ...................................................................................................................................38
4.4.5 Parallel Redundancy Protocol ................................................................................................39
4.4.6 DLR .........................................................................................................................................39
4.5 VLAN .......................................................................................................................................40
4.5.1 Basics......................................................................................................................................40
4.5.2 VLAN tagging ..........................................................................................................................40
4.5.3 Private VLAN ..........................................................................................................................42
4.5.4 VLAN tunnel ............................................................................................................................44
4.6 Mirroring ..................................................................................................................................45
4.7 SNMP ......................................................................................................................................46
4.8 Quality of service ....................................................................................................................47
4.9 NAT/NAPT ..............................................................................................................................48
4.10 Single-Hop Inter-VLAN-Routing ..............................................................................................51
5 Configuring with Web Based Management ............................................................................................ 53
5.1 Web Based Management .......................................................................................................53

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 3
Table of contents

5.2 Login ...................................................................................................................................... 54

5.3 The "Information" menu ......................................................................................................... 57
5.3.1 Start page............................................................................................................................... 57
5.3.2 Versions ................................................................................................................................. 62
5.3.3 I&M ......................................................................................................................................... 64
5.3.4 ARP table ............................................................................................................................... 65
5.3.5 Log Table ............................................................................................................................... 66
5.3.6 Faults ..................................................................................................................................... 67
5.3.7 Redundancy ........................................................................................................................... 69
5.3.7.1 Spanning tree ......................................................................................................................... 69
5.3.7.2 Ring Redundancy .................................................................................................................. 72
5.3.7.3 Standby .................................................................................................................................. 74
5.3.7.4 Link Check ............................................................................................................................. 76
5.3.8 Ethernet Statistics .................................................................................................................. 78
5.3.8.1 Interface Statistics .................................................................................................................. 78
5.3.8.2 Packet Size ............................................................................................................................ 79
5.3.8.3 Packet Type ........................................................................................................................... 80
5.3.8.4 Packet Error ........................................................................................................................... 81
5.3.8.5 History .................................................................................................................................... 83
5.3.9 Unicast ................................................................................................................................... 84
5.3.10 Multicast ................................................................................................................................. 86
5.3.11 LLDP ...................................................................................................................................... 87
5.3.12 Fiber Monitoring Protocol ....................................................................................................... 89
5.3.13 Routing ................................................................................................................................... 91
5.3.13.1 Routing table .......................................................................................................................... 91
5.3.13.2 NAT translations..................................................................................................................... 92
5.3.14 DHCP Server ......................................................................................................................... 93
5.3.15 Diagnostics ............................................................................................................................. 94
5.3.16 SNMP ..................................................................................................................................... 96
5.3.17 Security .................................................................................................................................. 97
5.4 The "System" menu ............................................................................................................... 98
5.4.1 Configuration .......................................................................................................................... 98
5.4.2 General ................................................................................................................................ 102
5.4.2.1 Device .................................................................................................................................. 102
5.4.2.2 Coordinates .......................................................................................................................... 103
5.4.3 Agent IP ............................................................................................................................... 104
5.4.4 Restart .................................................................................................................................. 106
5.4.5 Load & Save......................................................................................................................... 109
5.4.5.1 HTTP .................................................................................................................................... 110
5.4.5.2 TFTP .................................................................................................................................... 113
5.4.5.3 SFTP .................................................................................................................................... 116
5.4.5.4 Passwords ............................................................................................................................ 119
5.4.6 Events .................................................................................................................................. 121
5.4.6.1 Configuration ........................................................................................................................ 121
5.4.6.2 Severity Filters ..................................................................................................................... 125
5.4.7 SMTP Client ......................................................................................................................... 126
5.4.8 DHCP ................................................................................................................................... 128
5.4.8.1 DHCP Client ......................................................................................................................... 128
5.4.8.2 DHCP Server ....................................................................................................................... 131
5.4.8.3 Port-IP Address Mapping ..................................................................................................... 136
5.4.8.4 Port Range ........................................................................................................................... 138

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

4 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Table of contents

5.4.8.5 DHCP Options ......................................................................................................................139

5.4.8.6 Relay Agent Information .......................................................................................................142
5.4.8.7 Static Leases ........................................................................................................................143
5.4.9 SNMP ....................................................................................................................................145
5.4.9.1 General .................................................................................................................................145
5.4.9.2 Traps .....................................................................................................................................148
5.4.9.3 v3 Groups .............................................................................................................................149
5.4.9.4 v3 Users ................................................................................................................................152
5.4.10 System Time .........................................................................................................................154
5.4.10.1 Manual Setting ......................................................................................................................155
5.4.10.2 DST Overview .......................................................................................................................156
5.4.10.3 DST Configuration ................................................................................................................159
5.4.10.4 SNTP Client ..........................................................................................................................162
5.4.10.5 NTP Client .............................................................................................................................165
5.4.10.6 SIMATIC Time Client ............................................................................................................168
5.4.11 Automatic logout ...................................................................................................................169
5.4.12 Configuration of the SELECT/SET button ............................................................................170
5.4.13 Syslog Client .........................................................................................................................171
5.4.14 Ports ......................................................................................................................................173
5.4.14.1 Overview ...............................................................................................................................173
5.4.14.2 Configuration .........................................................................................................................177
5.4.15 Fault Monitoring ....................................................................................................................183
5.4.15.1 Power Supply ........................................................................................................................183
5.4.15.2 Link Change ..........................................................................................................................184
5.4.15.3 Redundancy ..........................................................................................................................186
5.4.16 PROFINET ............................................................................................................................187
5.4.17 EtherNet/IP ...........................................................................................................................188
5.4.18 PLUG ....................................................................................................................................189
5.4.18.1 Configuration .........................................................................................................................189
5.4.19 Ping .......................................................................................................................................193
5.4.20 DCP Discovery ......................................................................................................................194
5.4.21 Power over Ethernet (PoE) ...................................................................................................196
5.4.21.1 General .................................................................................................................................196
5.4.21.2 Port........................................................................................................................................197
5.4.22 Port Diagnostics ....................................................................................................................200
5.4.22.1 Cable Tester .........................................................................................................................200
5.4.22.2 SFP Diagnostics ...................................................................................................................201
5.5 The "Layer 2" menu ..............................................................................................................204
5.5.1 Configuration .........................................................................................................................204
5.5.2 Quality of Service (QoS) .......................................................................................................208
5.5.2.1 General .................................................................................................................................208
5.5.2.2 CoS Map ...............................................................................................................................210
5.5.2.3 DSCP Map ............................................................................................................................211
5.5.2.4 QoS Trust ..............................................................................................................................213
5.5.2.5 CoS Port Remap ...................................................................................................................215
5.5.3 Rate Control ..........................................................................................................................217
5.5.4 VLAN .....................................................................................................................................218
5.5.4.1 General .................................................................................................................................218
5.5.4.2 GVRP ....................................................................................................................................224
5.5.4.3 Port-based VLAN ..................................................................................................................225
5.5.5 Private VLAN ........................................................................................................................227
5.5.5.1 General .................................................................................................................................227

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 5
Table of contents

5.5.5.2 IP Interface Mapping ............................................................................................................ 229

5.5.6 Provider bridge ..................................................................................................................... 231
5.5.6.1 Tunnel ports ......................................................................................................................... 231
5.5.7 Mirroring ............................................................................................................................... 233
5.5.7.1 General ................................................................................................................................ 233
5.5.7.2 Port ....................................................................................................................................... 235
5.5.8 Dynamic MAC Aging ............................................................................................................ 236
5.5.9 Ring redundancy .................................................................................................................. 237
5.5.9.1 Ring ...................................................................................................................................... 237
5.5.9.2 Standby ................................................................................................................................ 241
5.5.9.3 Link Check ........................................................................................................................... 244
5.5.10 Spanning tree ....................................................................................................................... 246
5.5.10.1 General ................................................................................................................................ 246
5.5.10.2 CIST General ....................................................................................................................... 248
5.5.10.3 CIST port .............................................................................................................................. 250
5.5.10.4 MST General ........................................................................................................................ 254
5.5.10.5 MST Port .............................................................................................................................. 256
5.5.10.6 Enhanced Passive Listening Compatibility .......................................................................... 258
5.5.11 Loop Detection ..................................................................................................................... 258
5.5.12 Link Aggregation .................................................................................................................. 261
5.5.13 DCP Forwarding................................................................................................................... 264
5.5.14 LLDP .................................................................................................................................... 266
5.5.15 Fiber Monitoring Protocol ..................................................................................................... 267
5.5.16 Unicast ................................................................................................................................. 270
5.5.16.1 Filtering ................................................................................................................................ 270
5.5.16.2 Locked Ports ........................................................................................................................ 272
5.5.16.3 Learning ............................................................................................................................... 274
5.5.16.4 Blocking ................................................................................................................................ 275
5.5.17 Multicast ............................................................................................................................... 277
5.5.17.1 Groups ................................................................................................................................. 277
5.5.17.2 IGMP .................................................................................................................................... 280
5.5.17.3 GMRP .................................................................................................................................. 282
5.5.17.4 Multicast blocking ................................................................................................................. 284
5.5.18 Broadcast ............................................................................................................................. 285
5.5.19 RMON .................................................................................................................................. 286
5.5.19.1 Statistics ............................................................................................................................... 286
5.5.19.2 History .................................................................................................................................. 288
5.6 The "Layer 3" menu ............................................................................................................. 290
5.6.1 Subnets ................................................................................................................................ 290
5.6.1.1 Overview .............................................................................................................................. 290
5.6.1.2 Configuration ........................................................................................................................ 293
5.6.1.3 Default gateway ................................................................................................................... 294
5.6.2 DHCP Relay Agent .............................................................................................................. 294
5.6.2.1 General ................................................................................................................................ 294
5.6.2.2 Option ................................................................................................................................... 296
5.6.3 NAT ...................................................................................................................................... 299
5.6.3.1 NAT ...................................................................................................................................... 299
5.6.3.2 Static .................................................................................................................................... 301
5.6.3.3 Pool ...................................................................................................................................... 303
5.6.3.4 NAPT .................................................................................................................................... 304
5.7 The "Security" menu ............................................................................................................ 306

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

6 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Table of contents

5.7.1 User management ................................................................................................................306

5.7.2 Users .....................................................................................................................................308
5.7.2.1 Local Users ...........................................................................................................................308
5.7.3 Passwords ............................................................................................................................312
5.7.3.1 Passwords ............................................................................................................................312
5.7.3.2 Options ..................................................................................................................................314
5.7.3.3 Options ..................................................................................................................................314
5.7.4 AAA .......................................................................................................................................315
5.7.4.1 General .................................................................................................................................315
5.7.4.2 RADIUS Client ......................................................................................................................316
5.7.4.3 802.1X Authenticator ............................................................................................................319
5.7.5 Management ACL .................................................................................................................324
6 Troubleshooting/FAQ .......................................................................................................................... 329
6.1 Downloading new firmware using TFTP without WBM and CLI ...........................................329
6.2 Message: SINEMA configuration not yet accepted ..............................................................330
Index................................................................................................................................................... 331

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 7
Table of contents

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

8 Configuration Manual, 04/2018, C79000-G8976-C360-06
Introduction 1
Validity of this configuration manual
This Configuration Manual covers the following products:
● SCALANCE XB-200
● SCALANCE XC-200
● SCALANCE XF-200BA
● SCALANCE XP-200
● SCALANCE XR-300WG
Below, the products are also called IE switch, device or network component.
There are two variants of some devices with different article numbers. The two variants differ
only in their factory settings. All other properties are identical.
This Configuration Manual applies to the following software versions:
● SCALANCE XB-200 firmware as of version 4.0
● SCALANCE XC-200 firmware as of version 4.0
● SCALANCE XF-200BA firmware as of version 4.0
● SCALANCE XP-200 firmware as of version 4.0
● SCALANCE XR-300WG firmware as of version 4.0

Factory settings

PROFINET variants
● Industrial Ethernet protocol: PROFINET
● Base bridge mode: 802.1D transparent bridge
● Redundancy mechanism: Ring redundancy
● Trust mode: Trust CoS
● IGMP Snooping/IGMP Querier: Off
● IPv4 Address Collision Detection: Never give up

EtherNet/IP variants
● Industrial Ethernet protocol: EtherNet/IP
● Base bridge mode: 802.1Q VLAN Bridge
● Redundancy mechanism: RSTP
● Trust mode: Trust CoS-DSCP

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 9
Introduction

● IGMP Snooping/IGMP Querier: On

● IPv4 Address Collision Detection: Attempt to defend

Industrial Ethernet profile

● Industrial Ethernet protocol: PROFINET
● Base bridge mode: 802.1Q VLAN Bridge
● Redundancy mechanism: RSTP
● Trust mode: Trust CoS-DSCP
● IGMP Snooping/IGMP Querier: Off
● IPv4 Address Collision Detection: Never give up

Purpose of the Configuration Manual

This Configuration Manual is intended to provide you with the information you require to
install, commission and operate IE switches. It provides you with the information you require
to configure the IE switches.

Orientation in the documentation

Apart from the configuration manual you are currently reading, the products also have the
following documentation:
● Configuration manual "SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG
Command Line Interface""
This document contains the CLI commands that are supported by the IE switches.
● Operating Instructions "SCALANCE XB-200", "SCALANCE XC-200", "SCALANCE XF-
200BA", "SCALANCE XP-200" and "SCALANCE XR-300WG"
These documents contain information on installing, connecting up and approvals for the
products.
You will find the documentation here:
● On the data medium that ships with some products:
– Product CD / product DVD
– SIMATIC NET Manual Collection
● On the Internet pages of Siemens Industry Online Support at.
– SCALANCE XB-200 (https://support.industry.siemens.com/cs/ww/en/ps/15291/man)
– SCALANCE XC-200 (https://support.industry.siemens.com/cs/ww/en/ps/24185/man)
– SCALANCE XF-200BA
(https://support.industry.siemens.com/cs/ww/en/ps/15287/man)
– SCALANCE XP-200 (https://support.industry.siemens.com/cs/ww/en/ps/21869/man)
– SCALANCE XR-300WG
(https://support.industry.siemens.com/cs/ww/en/ps/15296/man)

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

10 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Introduction

Further documentation
In the system manuals "Industrial Ethernet / PROFINET Industrial Ethernet" and "Industrial
Ethernet / PROFINET passive network components", you will find information on other
SIMATIC NET products that you can operate along with the devices of this product line in an
Industrial Ethernet network.
There, you will find among other things optical performance data of the communications
partner that you require for the installation.
You will find the system manuals here:
● On the data medium that ships with some products:
– Product CD / product DVD
– SIMATIC NET Manual Collection
● On the Internet pages of Siemens Industry Online Support:
– Industrial Ethernet / PROFINET Industrial Ethernet System Manual
(https://support.industry.siemens.com/cs/ww/en/view/27069465)
– Industrial Ethernet / PROFINET Passive Network Components System Manual
(https://support.industry.siemens.com/cs/ww/en/view/84922825)

SIMATIC NET manuals

You will find the SIMATIC NET manuals here:
● On the data medium that ships with some products:
– Product CD / product DVD
– SIMATIC NET Manual Collection
● On the Internet pages of Siemens Industry Online Support
(https://support.industry.siemens.com/cs/ww/en/ps/15247).

SIMATIC NET glossary

Explanations of many of the specialist terms used in this documentation can be found in the
SIMATIC NET glossary.
You will find the SIMATIC NET glossary on the Internet at the following address:
50305045 (https://support.industry.siemens.com/cs/ww/en/view/50305045)

Security information
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 11
Introduction

connected to an enterprise network or the internet if and to the extent such a connection is
necessary and only when appropriate security measures (e.g. firewalls and/or network
segmentation) are in place.
Additionally, Siemens’ guidance on appropriate security measures should be taken into
account. For additional information on industrial security measures that may be
implemented, please visit
https://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity)
Siemens’ products and solutions undergo continuous development to make them more
secure. Siemens strongly recommends that product updates are applied as soon as they are
available and that the latest product versions are used. Use of product versions that are no
longer supported, and failure to apply the latest updates may increase customers’ exposure
to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial Security RSS
Feed under
https://www.siemens.com/industrialsecurity (https://www.siemens.com/industrialsecurity)

License conditions

Note
Open source software
Read the license conditions for open source software carefully before using the product.

You can download the license conditions in the WBM on the "System > Load&Save >
Copyright" page.

Trademarks
The following and possibly other names not identified by the registered trademark sign ® are
registered trademarks of Siemens AG:
SIMATIC NET, SCALANCE, C-PLUG, OLM

Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

12 Configuration Manual, 04/2018, C79000-G8976-C360-06
Description 2
2.1 System functions hardware equipment

Availability of the system functions

The following table shows the availability of the system functions on the IE switches. Note
that all functions are described in this configuration manual and in the online help.
Depending on your IE switch, some functions are not available.
We reserve the right to make technical changes.

SCALANCE SCALANCE SCALANCE SCALANCE SCALANCE

XB-200 XR-300WG XC-200 XP-200 XF-200BA
Infor- ARP table ✓ ✓ ✓ ✓ ✓
mation Log table ✓ ✓ ✓ ✓ ✓
Ethernet Statistics ✓ ✓ ✓ ✓ ✓
Diagnostics (tempera- - ✓ ✓ ✓ ✓
ture)
System SMTP client ✓ ✓ ✓ ✓ ✓
DHCP client ✓ ✓ ✓ ✓ ✓
DHCP server ✓ 1) ✓ 1) ✓ ✓ ✓
SNMP ✓ ✓ ✓ ✓ ✓
Manual time setting ✓ ✓ ✓ ✓ ✓
DST - - ✓ ✓ ✓
SNTP ✓ ✓ ✓ ✓ ✓
NTP ✓ ✓ ✓ ✓ ✓
SIMATIC Time Client ✓ ✓ ✓ ✓ ✓
Auto logout ✓ ✓ ✓ ✓ ✓
Syslog Client ✓ ✓ ✓ ✓ ✓
Fault monitoring ✓ ✓ ✓ ✓ ✓
PROFINET ✓ ✓ ✓ ✓ ✓
EtherNet/IP ✓ ✓ ✓ ✓ ✓ 2)
Cable tester ✓ ✓ ✓ ✓ ✓
SFP Diagnostics - ✓ ✓ - -
Fiber monitoring - - ✓ - -
Layer 2 Sending priorities - - ✓ ✓ ✓
CoS assignment ✓ ✓ ✓ ✓ ✓
DSCP Mapping ✓ ✓ ✓ ✓ ✓
QoS prioritization ✓ ✓ ✓ ✓ ✓
CoS port reassignment - - ✓ ✓ ✓
Load control ✓ ✓ ✓ ✓ ✓

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 13
Description
2.1 System functions hardware equipment

SCALANCE SCALANCE SCALANCE SCALANCE SCALANCE

XB-200 XR-300WG XC-200 XP-200 XF-200BA
GVRP - - ✓ ✓ ✓
Port-based VLAN ✓ ✓ ✓ ✓ ✓ 2)
Private VLAN - - ✓ ✓ -
Provider bridge - - ✓ ✓ ✓
Switch Port VLAN Trunk - - ✓ ✓ ✓ 2)
Port-based mirroring ✓ ✓ ✓ ✓ ✓
Dynamic MAC aging ✓ ✓ ✓ ✓ ✓
Ring redundancy ✓ ✓ ✓ ✓ ✓
H-Sync support - - ✓ ✓ ✓
S2 devices - - ✓ ✓ ✓
CiR/H-CiR support - - ✓ ✓ ✓
Ring with RSTP - - ✓ ✓ ✓
Standby (HRP) ✓ ✓ ✓ ✓ ✓ 2)
Observer (HRP) - - ✓ ✓ ✓
Link Check ✓ ✓ ✓ - ✓
Spanning Tree ✓ ✓ ✓ ✓ ✓
RSTP ✓ ✓ ✓ ✓ ✓
MSTP - - ✓ ✓ -
Enhanced Passive ✓ ✓ ✓ ✓ ✓
Listening Compatibility
Loop detection ✓ ✓ ✓ ✓ ✓
Link aggregation - - ✓ ✓ ✓ 2)
DCP forwarding ✓ ✓ ✓ ✓ ✓
LLDP ✓ ✓ ✓ ✓ ✓
Unicast filter ✓ ✓ ✓ ✓ ✓
Locked ports ✓ ✓ ✓ ✓ ✓
Unicast learning ✓ ✓ ✓ ✓ ✓
Unicast blocking ✓ ✓ ✓ ✓ ✓
Multicast groups ✓ ✓ ✓ ✓ ✓
IGMP ✓ ✓ ✓ ✓ ✓
GMRP - - ✓ ✓ ✓
Multicast blocking ✓ ✓ ✓ ✓ ✓
Broadcast blocking ✓ ✓ ✓ ✓ ✓
RMON ✓ ✓ ✓ ✓ ✓
RMON history ✓ ✓ ✓ ✓ ✓
Layer 3 Single-Hop Inter-VLAN- - - ✓ ✓ -
Routing
DHCP relay agent ✓ ✓ ✓ ✓ ✓
Common agent address - - ✓ ✓ -
NAT/NAPT - - ✓ ✓ -
Security Passwords ✓ ✓ ✓ ✓ ✓
RADIUS authentication ✓ ✓ ✓ ✓ ✓

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

14 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Description
2.1 System functions hardware equipment

SCALANCE SCALANCE SCALANCE SCALANCE SCALANCE

XB-200 XR-300WG XC-200 XP-200 XF-200BA
MAC authentication - - ✓ ✓ ✓
Guest VLAN - - ✓ ✓ ✓
802.1X reauthentication ✓ ✓ ✓ ✓ ✓
Management ACL ✓ ✓ ✓ ✓ ✓
1) Restricted
2) Not with DNA devices

Availability of hardware
The following table shows the hardware of the IE switches.
We reserve the right to make technical changes.

SCALANCE SCALANCE SCALANCE SCALANCE SCALANCE

XB-200 XR-300WG XC-200 XP-200 XF-200BA
C-PLUG support - - ✓ ✓ ✓
SELECT/SET button - - ✓ 2) 3) ✓ 3) -

RESET button ✓ 2) ✓ 2) - ✓ 2) -
SET button - - - - ✓ 2)
Signaling contact - - ✓ ✓ ✓
Serial interface ✓ ✓ ✓ ✓ -
Display modes - - ✓ ✓ -
Pluggable transceiver slots - - ✓ - -
Combo ports - ✓ - - -
Bus adapter slots - - - - ✓
NFC - - ✓ - -
Power over Ethernet - - - ✓ 1) -
1) "PoE" identifier in device name
Function of the buttons:
2) Restore Factory Defaults
3) Set Fault Mask

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 15
Description
2.2 Product characteristics

2.2 Product characteristics

The IE switches have the following properties:
● The Ethernet interfaces support the following modes:
– 10 Mbps and 100 Mbps both in full and half duplex
– 1000 Mbps full duplex (SCALANCE XC206-2SFP with the appropriate pluggable
transceivers, SCALANCE XC-200G, SCALANCE XP216 and SCALANCE XR-
300WG)
– Autonegotiation
– Autocrossing
– Autopolarity
● EtherNet/IP
EtherNet/IP (Ethernet/Industrial Protocol) is an open industry standard for industrial real-
time Ethernet based on TCP/IP and UDP/IP.
● PROFINET
PROFINET (Process Field Network) is an open industry standard for industrial real-time
Ethernet based on TCP/IP and IT standards. Via PROFINET distributed IO devices can
be connected to a controller.
● Redundancy method Spanning Tree Protocol.
The redundancy mechanism Spanning Tree defines several connection paths between
nodes in a network, only one of which is ever active. This suppresses loops and
optimizes the paths.
● Virtual networks (VLAN)
To structure Industrial Ethernet networks with a fast growing number of nodes, a physical
network can be divided into several virtual subnets.
● Load limitation when using multicast and broadcast protocols, for example video
transmission
By learning the multicast sources and destinations (IGMP snooping, IGMP querier), IE
switches can filter multicast data traffic and so reduce the load in the network. Multicast
and broadcast data traffic can be limited.
● Time-of-day synchronization
Diagnostics messages such as log table entries, e-mails are given a time stamp. The
local time is uniform throughout the network thanks to synchronization with a SICLOCK
time transmitter or SNTP/NTP server and therefore makes the identification of diagnostics
messages of several devices easier.
● Quality of Service for classification of the network traffic is according to CoS (Class of
Service - IEEE 802.11Q) and DSCP (Differentiated Services Code Point - RFC 2474)
● Port mirroring
Mirroring allows the data traffic of a port to be mirrored at another port (monitor port). The
data traffic can then be analyzed at this monitor port without any effects on the data
traffic.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

16 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Description
2.3 Requirements for installation and operation

● Network access protection complying with the standard IEEE 802.1X

Ports can be configured for end devices that support authentication according to IEEE
802.1X. The authentication is made via a RADIUS server that must be reachable over the
network.
● Log table
The log table logs events that occur during operation. The user can specify which events
cause an entry in the table.
● Link aggregation (IEEE 802.1AX) for bundling ports (SCALANCE XC-200/SCALANCE
XP-200)
● H-Sync support
For additional information, see section "Ring (Page 237)"
● S2 devices (PROFINET configuration with simple system redundancy)
S2 devices can establish two connections to the automation system, one application
relationship (AR) each to the two IO controllers. When a communication connection is
interrupted, all data and diagnostics functions remain available via the second
connection.
For information on which IE switches can be used as S2 device, refer to the section
"System functions and hardware equipment".
You only configure S2 devices via STEP 7 Basic or Professional.
For additional information, see also: PROFINET in SIMATIC PCS 7
(https://support.industry.siemens.com/cs/ww/en/view/72887082)
● CiR/H-CiR support (configuration in run)
Configuration in Run (CiR) is a function for making system and configuration changes
during operation. This function is available to a different extent for both standard
automation systems and H-systems (H-CiR).
For information on which IE switches support CiR, refer to the section "System functions
and hardware equipment".
You only configure CiR via STEP 7 Basic or Professional.
For additional information, see also: PROFINET in SIMATIC PCS 7
(https://support.industry.siemens.com/cs/ww/en/view/72887082)

2.3 Requirements for installation and operation

Requirements for installation and operation of the IE switches

A PG/PC with a network connection must be available in order to configure the IE switches.
An IP address must be assigned to the IE switch and it must be available in the network, see
also "Initial assignment of an IP address (Page 20)".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 17
Description
2.3 Requirements for installation and operation

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

18 Configuration Manual, 04/2018, C79000-G8976-C360-06
Assignment of an IP address 3
3.1 Structure of an IP address

Address classes

IP address range Max. number of networks Max. number of Class CIDR

hosts/network
1.x.x.x through 126.x.x.x 126 16777214 A /8
128.0.x.x through 191.255.x.x 16383 65534 B /16
192.0.0.x through 223.255.255.x 2097151 254 C /24
224.0.0.0 - 239.255.255.255 Multicast applications D
240.0.0.0 - 255.255.255.255 Reserved for future applications E

An IP address consists of 4 bytes. Each byte is represented in decimal, with a dot separating
it from the previous one. This results in the following structure, where XXX stands for a
number between 0 and 255:
XXX.XXX.XXX.XXX
The IP address is made up of two parts, the network ID and the host ID. This allows different
subnets to be created. Depending on the bytes of the IP address used as the network ID and
those used for the host ID, the IP address can be assigned to a specific address class.

Subnet mask
The bits of the host ID can be used to create subnets. The leading bits represent the address
of the subnet and the remaining bits the address of the host in the subnet.
A subnet is defined by the subnet mask. The structure of the subnet mask corresponds to
that of an IP address. If a "1" is used at a bit position in the subnet mask, the bit belongs to
the corresponding position in the IP address of the subnet address, otherwise to the address
of the computer.
Example of a class B network:
The standard subnet address for class B networks is 255.255.0.0; in other words, the last
two bytes are available for defining a subnet. If 16 subnets must be defined, the third byte of
the subnet address must be set to 11110000 (binary notation). In this case, this results in the
subnet mask 255.255.240.0.
To find out whether two IP addresses belong to the same subnet, the two IP addresses and
the subnet mask are ANDed bit by bit. If both logic operations have the save result, both IP
addresses belong to the same subnet, for example, 141.120.246.210 and 141.120.252.108.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 19
Assignment of an IP address
3.2 Initial assignment of an IP address

Outside the local area network, the distinction between network ID and host ID is of no
significance, in this case packets are delivered based on the entire IP address.

Note
In the bit representation of the subnet mask, the "ones" must be set left-justified; in other
words, there must be no "zeros" between the "ones".

3.2 Initial assignment of an IP address

Configuration options
An initial IP address for an IE switch cannot be assigned using Web Based Management
(WBM) because this configuration tool can only be used if an IP address already exists.
The following options are available to assign an IP address to an unconfigured device:
● DHCP (factory setting)
● Primary Setup Tool (PST)
– To be able to assign an IP address to the IE switch with the PST, it must be possible
to reach the IE switch via Ethernet.
– You will find the PST on the Internet pages of Siemens Industry Online Support under
the entry ID 19440762
(https://support.industry.siemens.com/cs/ww/en/view/19440762).
– For further information about assigning the IP address with the PST, refer to the
documentation "Primary Setup Tool (PST)".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

20 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Assignment of an IP address
3.2 Initial assignment of an IP address

● STEP 7
In STEP 7, you can configure the topology, the device name and the IP address. If you
connect an unconfigured IE switch to the controller, the controller assigns the configured
device name and the IP address to the IE switch automatically.
– STEP 7
SCALANCE XB-200: V5.5.4 and higher
SCALANCE XP-200: As of V5.5.4 HF9
SCALANCE XC-200: V5.5.4 HF11 and higher
SCALANCE XR-300WG: As of V5.5.4 HF13
SCALANCE XF-200BA: As of V5.6
SCALANCE XC-200G: As of V5.6 HSP11
For further information on the assignment of the IP address using STEP 7 refer to the
documentation "Configuring Hardware and Communication Connections STEP 7", in
the section "Steps For Configuring a PROFINET IO System".
– STEP 7 Basic or Professional
SCALANCE XB-200: V13 SP1 and higher
SCALANCE XC-200: V14 and higher
SCALANCE XP-200: V14 and higher
For further information on assigning the IP address using STEP 7, refer to the online
help "Information system", section "Addressing PROFINET devices".
● CLI via the serial interface
For additional information on assigning the IP address via the serial interface, refer to the
operating instructions for the relevant device. See also section "Introduction", paragraph
"Orientation in the documentation".
● NCM PC
For further information on assigning the IP address using NCM PC, refer to the
documentation "Commissioning PC stations - Manual and Quick Start", in the section
"Creating a PROFINET IO system".

Note
When the product ships and after factory settings are restored, DHCP is enabled. If a DHCP
server is available in the local area network, and this responds to the DHCP request of an IE
switch, the IP address, subnet mask and gateway are assigned automatically when the
device first starts up.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 21
Assignment of an IP address
3.3 Address assignment with DHCP

3.3 Address assignment with DHCP

Properties of DHCP
DHCP (Dynamic Host Configuration Protocol) is a method for automatic assignment of IP
addresses. It has the following characteristics:
● DHCP can be used both when starting up a device and during ongoing operation.
● The assigned IP address remains valid only for a limited time known as the lease time.
When half the period of validity has elapsed. the DHCP client can extend the period of
the assigned IPv4 address. When the entire time has elapsed, the DHCP client needs to
request a new IPv4 address.
● If the device does not reach the DHCP server with a new request on expiry of the lease
time, the assigned IP address, the subnet mask and the gateway continue to be used.
The device therefore remains accessible under the last assigned IP address even without
a DHCP server. This is not the standard behavior of office devices but is necessary for
problem-free operation of the plant.
● There is normally no fixed address assignment; in other words, when a client requests an
IP address again, it normally receives a different address from the previous address. It is
possible to configure the DHCP server so that the DHCP client always receives the same
fixed address in response to its request. The parameter with which the DHCP client is
identified for the fixed address assignment is set on the DHCP client and server. The
address can be assigned via the MAC address, the DHCP client ID, the PROFINET or
the system name. You configure the parameter in "System > DHCP > DHCP Client".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

22 Configuration Manual, 04/2018, C79000-G8976-C360-06
Technical basics 4
4.1 Configuration limits

Configuration limits of the device

The following table lists the configuration limits for Web Based Management and the
Command Line Interface of the device.
Depending on your IE switch, some functions are not available.

Configurable function Maximum number

SCALANCE SCALANCE SCALANCE SCALANCE SCALANCE
XB-200 XR-300WG XC-200 XP-200 XF-200BA
Sys- Maximum frame size (ingress) 1632/2048 bytes 7)
tem Syslog server 3
E-mail server 3
DHCP pools 16 1) 28 1) 24
IPv4 addresses per DHCP pool 1 24
IPv4 addresses managed by the 16 1) 28 1) 576
DHCP server (dynamic + static)
DHCP static assignments per DHCP - 24
pool
SNMPv1 trap recipient 10
SNTP server 1
NTP server - 1
Agent/TIA interfaces 2) 1
Devices displayed via DCP Discovery 100
Layer QoS priority queues 4 4/8 6) 4
2 Virtual LANs (port-based, including 17 257 3)

VLAN 1)
Private VLAN - 1 -
Primary PVLANs - 1 -
Secondary isolated PVLANs - 24 -
Secondary community PVLANs - 256 -
Mirroring sessions 1
Standby ports 1
Multiple Spanning Tree instances - 4 -
Link aggregations - 4/8 5)
Ports in a link aggregation - 8 4
Unicast filtering 128

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 23
Technical basics
4.1 Configuration limits

Configurable function Maximum number

SCALANCE SCALANCE SCALANCE SCALANCE SCALANCE
XB-200 XR-300WG XC-200 XP-200 XF-200BA
Static MAC addresses in the FDB 128
(Forward Database)
Multicast addresses without activated 512
GMRP
Multicast addresses with activated - 50
GMRP
Addresses learned using IGMP 512
snooping
Layer VLAN IP interfaces 1 24 1
3 DHCP Relay Agent interfaces 1 24 1
DHCP Relay Agent server 4
NAT interfaces - 1 -
Dynamic NAT configurations (pools) 100
Static NAT configurations - 100 -
Secu- Users 18
rity (incl. user preset in the factory "admin")
IP addresses from RADIUS servers 4
Simultaneous MAC authentications 4000
(authenticated and blocked) per de-
vice 4)
Simultaneous MAC authentications 100
(authenticated and blocked) per port
(configurable) 4)
Management ACLs (access rules for 10
management)
1) With the SCALANCE XB-200 and SCALANCE XR-300WG, the number of DHCP pools and manageable IPv4 address-
es depends on the number of ports. The number of ports corresponds to the maximum number of DHCP pools and
manageable IPv4 addresses.
2) This is an IP interface.
3) Devices with Y functionality do not support VLANs
4) If the maximum number of MAC authentications per device is exceeded, all MAC authentications of the port at which the
value was exceeded are reset.
If the maximum number of MAC authentications per port is exceeded, all MAC authentications of the port are reset
5) The following applies to devices of the SCALANCE XC-200 and SCALANCE XP-200 product groups:
Because a link aggregation consists of at least 2 ports, the maximum number of link aggregations depends on the num-
ber of ports. A maximum of 4 link aggregations is possible in devices with up to 8 ports and a maximum of 8 link aggre-
gations is possible in devices with more than 8 ports.
6) The devices of the SCALANCE XC-200G product group support 8 queues. All other XC-200 devices support 4 queues.
7) In devices of the SCALANCE XC-200G product group, the maximum frame size (ingress) is 2048 bytes. In all other
devices, it is 1632 bytes.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

24 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.2 PROFINET

4.2 PROFINET

PROFINET
PROFINET is an open standard (IEC 61158/61784) for industrial automation based on
Industrial Ethernet. PROFINET uses existing IT standards and allows end-to-end
communication from the field level to the management level as well as plant-wide
engineering. PROFINET also has the following features:
● Use of TCP/IP
● Automation of applications with real-time requirements
– Real-Time (RT) communication
– Isochronous Real-Time (IRT) communication
● Seamless integration of fieldbus systems
You configure PROFINET in "System > PROFINET (Page 187)".

PROFINET IO
Within the framework of PROFINET, PROFINET IO is a communications concept for
implementing modular, distributed applications. PROFINET IO is implemented by the
PROFINET standard for programmable controllers (IEC 61158-x-10).

4.3 EtherNet/IP

EtherNet/IP
EtherNet/IP (Ethernet/Industrial Protocol) is an open industry standard for industrial real-time
Ethernet based on TCP/IP and UDP/IP. With EtherNet/IP, Ethernet is expanded by the
Common Industrial Protocol (CIP) at the application layer. In EtherNet/IP, the lower layers of
the OSI reference model are adopted by Ethernet with the physical, network and transport
functions.
You configure EtherNet/IP in "System > EtherNet/IP (Page 188)".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 25
Technical basics
4.4 Redundancy mechanism

Common Industrial Protocol

The Common Industrial Protocol (CIP) is an application protocol for automation that supports
transition of the field buses in Industrial Ethernet and in IP networks. This industry protocol is
used by field buses/industrial networks such as DeviceNet, ControlNet and EtherNet/IP at
the application layer as an interface between the deterministic fieldbus world and the
automation application (controller, I/O, HMI, OPC, ...). The CIP is located above the transport
layer and expands the pure transport services with communications services for automation
engineering. These include services for cyclic, time-critical and event-controlled data traffic.
CIP distinguishes between time-critical I/O messages (implicit messages) and individual
query/response frames for configuration and data acquisition (explicit messages). CIP is
object-oriented; all data "visible" from the outside is accessible in the form of objects. CIP
has a common configuration basis: EDS (Electronic Data Sheet).

Electronic Data Sheet

Electronic Data Sheet (EDS) is an electronic datasheet for describing devices.
The EDS required for EtherNet/IP operation can be found in "System > Load&Save
(Page 109)".

4.4 Redundancy mechanism

4.4.1 Spanning Tree

Avoiding loops on redundant connections

The spanning tree algorithm allows network structures to be created in which there are
several connections between two IE switches / bridges. Spanning tree prevents loops being
formed in the network by allowing only one path and disabling the other (redundant) ports for
data traffic. If there is an interruption, the data can be sent over an alternative path. The
functionality of the spanning tree algorithm is based on the exchange of configuration and
topology change frames.

Definition of the network topology using the configuration frames

The devices exchange configuration frames known as BPDUs (Bridge Protocol Data Units)
with each other to calculate the topology. The root bridge is selected and the network
topology created using these frames. BPDUs also bring about the status change of the root
ports.
The root bridge is the bridge that controls the spanning tree algorithm for all involved
components.
Once the root bridge has been specified, each device sets a root port. The root port is the
port with the lowest path costs to the root bridge.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

26 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

Response to changes in the network topology

If nodes are added to a network or drop out of the network, this can affect the optimum path
selection for data packets. To be able to respond to such changes, the root bridge sends
configuration messages at regular intervals. The interval between two configuration
messages can be set with the "Hello Time" parameter.

Keeping configuration information up to date

With the "Max Age" parameter, you set the maximum age of configuration information. If a
bridge has information that is older than the time set in "Max Age", it discards the message
and initiates recalculation of the paths.
New configuration data is not used immediately by a bridge but only after the period
specified in the "Forward Delay" parameter. This ensures that operation is only started with
the new topology after all the bridges have the required information.

4.4.1.1 RSTP, MSTP, CIST

Rapid Spanning Tree Protocol (RSTP)

One disadvantage of STP is that if there is a disruption or a device fails, the network needs
to reconfigure itself: The devices start to negotiate new paths only when the interruption
occurs. This can take up to 30 seconds. Fur this reason, STP was expanded to create the
"Rapid Spanning Tree Protocol" (RSTP, IEEE 802.1w). This differs from STP essentially in
that the devices are already collecting information about alternative routes during normal
operation and do not need to gather this information after a disruption has occurred. This
means that the reconfiguration time for an RSTP controlled network can be reduced to a few
seconds.
This is achieved by using the following functions:
● Edge ports (end node port)
Edge ports are ports connected to an end device.
A port that is defined as an edge port is activated immediately after connection
establishment. If a spanning tree BPDU is received at an edge port, the port loses its role
as edge port and it takes part in (R)STP again. If no further BPDU is received after a
certain time has elapsed (3 x hello time), the port returns to the edge port status.
● Point-to-point (direct communication between two neighboring devices)
By directly linking the devices, a status change (reconfiguration of the ports) can be made
without any delays.
● Alternate port (substitute for the root port)
A substitute for the root port is configured. If the connection to the root bridge is lost, the
device can establish a connection over the alternate port without any delay due to
reconfiguration.
● Reaction to events
Rapid spanning tree reacts to events, for example an aborted connection, without delay.
There is no waiting for timers as in spanning tree.
● Counter for the maximum bridge hops
The number of bridge hops a package is allowed to make before it automatically
becomes invalid.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 27
Technical basics
4.4 Redundancy mechanism

In principle, therefore with rapid spanning tree, alternatives for many parameters are
preconfigured and certain properties of the network structure taken into account to reduce
the reconfiguration time.

Multiple Spanning Tree Protocol (MSTP)

The Multiple Spanning Tree Protocol (MSTP) is a further development of the Rapid
Spanning Tree Protocol. Among other things, it provides the option of operating several
RSTP instances within different VLANs or VLAN groups and, for example, making paths
available within the individual VLANs that the single Rapid Spanning Tree Protocol would
globally block.

Common and Internal Spanning Tree (CIST)

CIST identifies the internal instance used by the switch that is comparable in principle with
an internal RSTP instance.

4.4.2 HRP

HRP - High Speed Redundancy Protocol

HRP is the name of a redundancy method for networks with a ring topology. The switches
are interconnected via ring ports. One of the switches is configured as the redundancy
manager (RM). The other switches are redundancy clients. Using test frames, the
redundancy manager checks the ring to make sure it is not interrupted. The redundancy
manager sends test frames via the ring ports and checks that they are received at the other
ring port. The redundancy clients forward the test frames.
If the test frames of the RM no longer arrive at the other ring port due to an interruption, the
RM switches through its two ring ports and informs the redundancy clients of the change
immediately. The reconfiguration time after an interruption of the ring is a maximum of 300
ms.
Standby redundancy
Standby redundancy is a method with which rings each of which is protected by high-speed
redundancy can be linked together redundantly. In the ring, a master/slave device pair is
configured and these monitor each other via their ring ports. If a fault occurs, the data traffic
is redirected from one Ethernet connection (standby port of the master or standby server) to
another Ethernet connection (standby port of the slave).

Requirements

HRP
● HRP is supported in ring topologies with up to 50 devices.
Exceeding this number of devices can lead to a loss of data traffic.
● For HRP, only devices that support this function can be used in the ring.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

28 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

● Devices that do not support HRP must be linked to the ring using special devices with
HRP capability. Up to the ring, this connection is not redundant.
● All devices must be interconnected via their ring ports. Multimode connections up to 3 km
and single mode connections up to 26 km between two IE switches are possible. At
greater distances, the specified reconfiguration time may be longer.
● A device in the ring must be configured as redundancy manager by selecting the "HRP
manager" setting. On all other devices in the ring, either the "HRP Client" or "Automatic
Redundancy Detection" mode must be activated.
● The standby ports must be disabled in spanning tree.
● You configure HRP in Web Based Management, Command Line Interface or using
SNMP.

Standby redundancy
● With standby coupling partners HRP must be set permanently.
● The ports of the standby coupling partners must be disabled in spanning tree.
● You configure standby redundancy in Web Based Management, Command Line Interface
or using SNMP.

4.4.3 MRP

4.4.3.1 MRP - Media Redundancy Protocol

The "MRP" method conforms to the Media Redundancy Protocol (MRP) specified in the
following standard:
IEC 62439-2 Release 1.0 (2010-02) Industrial communication networks - High availability
automation networks Part 2: Media Redundancy Protocol (MRP)
The reconfiguration time after an interruption of the ring is a maximum of 200 ms.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 29
Technical basics
4.4 Redundancy mechanism

Topology
The following figure shows a possible topology for devices in a ring with MRP.

Figure 4-1 Example of a ring topology with the MRP media redundancy protocol

The following rules apply to a ring topology with media redundancy using MRP:
● All the devices connected within the ring topology are members of the same redundancy
domain.
● One device in the ring is acting as redundancy manager.
● All other devices in the ring are redundancy clients.
Non MRP-compliant devices can be connected to the ring via a SCALANCE X switch or via
a PC with a CP capable of MRP.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

30 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

Requirements
The requirements for problem-free operation with the MRP media redundancy protocol are
as follows:
● MRP is supported in ring topologies with up to 50 devices.
Exceeding this number of devices can lead to a loss of data traffic.
● The ring in which you want to use MRP may only consist of devices that support this
function.
These include, for example, some of the Industrial Ethernet SCALANCE X switches,
some of the communications processors (CPs) for SIMATIC S7 and PG/PC or non-
Siemens devices that support this function.
● All devices must be interconnected via their ring ports.
Multimode connections up to 3 km and single mode connections up to 26 km between
two SCALANCE X IE switches are possible. At greater distances, the specified
reconfiguration time may be longer.
● "MRP" must be enabled for all devices in the ring.
● The connection settings (transmission medium / duplex) must be set to full duplex and at
least 100 Mbps for all ring ports. Otherwise there may be a loss of data traffic.
– STEP 7: Set all the ports involved in the ring to "Automatic settings" in the "Options"
tab of the properties dialog.
– WBM: If you configure with Web Based Management, the ring ports are set
automatically to autonegotiation.

See also
Configuration in STEP 7 (Page 32)

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 31
Technical basics
4.4 Redundancy mechanism

4.4.3.2 Configuration in WBM

Role
The choice of role depends on the following use cases:
● You want to use MRP in a ring topology only with Siemens devices:
– For at least one device in the ring select "Automatic Redundancy Detection" or "MRP
Auto Manager".
– For all other devices in the ring select "MRP Client" or "Automatic Redundancy
Detection".
● You want to use MRP in a ring topology that also includes non-Siemens devices:
– For exactly one device in the ring select the role "MRP Auto Manager".
– For all other devices in the ring topology, select the role of "MRP client".

Note
The use of "Automatic Redundancy Detection" is not possible when using non-Siemens
devices.

● You configure the devices in an MRP ring topology partly with WBM and partly with STEP
7:
– With the devices you configure using WBM, select "MRP Client" for all devices.
– With the devices that you configure using STEP 7, select precisely one device as
"Manager" or "Manager (Auto)" and "MRP Client" for all other devices.

Note
If a device is assigned the role of "Manager" with STEP 7, all other devices in the ring
must be assigned the "MRP Client" role. If there is a device with the "Manager" role and a
device with the "Manager (Auto)"/"MRP Auto-Manager" in a ring, this can lead to
circulating frames and therefore to failure of the network.

Configuration
In WBM, you configure MRP on the following pages:
● Configuration (Page 204)
● Ring (Page 237)

4.4.3.3 Configuration in STEP 7

Configuration in STEP 7
To create the configuration in STEP 7, select the parameter group "Media redundancy" on
the PROFINET interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

32 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

Set the following parameters for the MRP configuration of the device:
● Domain
● Role
● Ring port
● Diagnostic interrupts
These settings are described below.

Note
Valid MRP configuration
In the MRP configuration in STEP 7, make sure that all devices in the ring have a valid MRP
configuration before you close the ring. Otherwise, there may be circulating frames that will
cause a failure in the network.
One device in the ring needs to be configured as "redundancy manager" and all other
devices in the ring as "clients".

Note
Note factory settings
MRP is disabled and spanning tree enabled for the following brand new IE switches and
those set to the factory settings:
• SCALANCE XB-200 (Ethernet/IP variants)
• SCALANCE XC-200 (EtherNet/IP variants)
• SCALANCE XP-200 (Ethernet/IP variants)
• SCALANCE XR-300WG
• SCALANCE XM-400
• SCALANCE XR-500
To load a PROFINET configuration into one of the specified devices, first disable spanning
tree on the device.

Note
Reconfiguration only when the ring is open
First open the ring before you
• change the MRP role or
• reconfigure ring ports

Note
Starting up and restarting
The MRP settings are still effective after a restart of the device or a power failure and hot
restart as long as the power failure does not occur within 90 seconds after the configuration
change.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 33
Technical basics
4.4 Redundancy mechanism

Note
Prioritized startup
If you configure MRP in a ring, you cannot use the "prioritized startup" function in PROFINET
applications on the devices involved.
If you want to use the "prioritized startup" function, then disable MRP in the configuration.
In the STEP 7 configuration, set the role of the relevant device to "Not a node in the ring".

Domain

Single MRP rings

If you want to configure a single MRP ring, leave the factory setting "mrpdomain 1" in the
"Domain" drop-down list.
All devices configured in a ring with MRP must belong to the same redundancy domain. A
device cannot belong to more than one redundancy domain in a single ring.

Multiple MRP rings

If you configure multiple single MRP rings, the nodes of the ring will be assigned to the
individual rings with the "Domain" parameter. Set the same domain for all devices within a
ring. Set different domains for different rings. Devices that do not belong to the same ring
must have different domains.
If you want to configure MRP multiple rings, as the central redundancy manager for up to
four rings select a device that is capable of multiple rings. Specify different domains for all
ring instances and assign these to the corresponding ring ports of the redundancy manager.
Configure the other devices as clients. The same domain must be set for all devices within a
ring.

Note
Suitable devices for MRP multiple rings
You can use all products from the following product lines as redundancy manager
connecting multiple rings:
• SCALANCE X-300 as of firmware version V4.0
• SCALANCE X-400 SCALANCE
– X408-2 as of firmware version V4.0
– SCALANCE X414-3E as of firmware version V3.10

Note
Suitable devices for MRP interconnection
You can use all products from the following product lines as media redundancy
interconnection manager and media redundancy interconnection client:
• SCALANCE XM-400 as of firmware version V6.2
• SCALANCE XR-500 as of firmware version V6.2

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

34 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

Role

Note
Reconfiguration only when the ring is open!

The choice of role depends on the following use cases.

● You want to use MRP in a topology with one ring only with Siemens devices and without
monitoring diagnostic interrupts:
Assign all devices to the "mrpdomain-1" domain and the role "Manager (Auto)".
The device that actually takes over the role of redundancy manager, is negotiated by
Siemens devices automatically.
● You want to use MRP in a topology with multiple rings only with Siemens devices and
without monitoring diagnostic interrupts (MRP multiple rings):
– Assign all instances of the device that connects the rings the role of "Manager".
– For all other devices in the ring topology, select the role of "Client".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 35
Technical basics
4.4 Redundancy mechanism

● You want to use MRP in a ring topology that also includes non-Siemens devices or you
want to receive diagnostic interrupts relating to the MRP status from a device (see
"Diagnostic interrupts"):
– Assign precisely one device in the ring the role of "Manager (Auto)".
– For all other devices in the ring topology, select the role of "Client".
● You want to disable MRP:
Select the option "Not node in the ring" if you do not want to operate the device within a
ring topology with MRP.

Note
Role after resetting to factory settings
With brand new Siemens devices and those reset to the factory settings the following
MRP role is set:
• "Manager (Auto)"
CPs
• "Automatic Redundancy Detection"
– SCALANCE X-200
– SCALANCE XB-200 (PROFINET variants)
– SCALANCE XC-200 (PROFINET variants)
– SCALANCE XF-200BA
– SCALANCE XP-200 (PROFINET variants)
– SCALANCE X-300
– SCALANCE X-400
If you are operating a non-Siemens device as the redundancy manager in the ring, this
may cause loss of the data traffic.
MRP is disabled and spanning tree enabled for the following brand new IE switches and
those set to the factory settings:
• SCALANCE XB-200 (Ethernet/IP variants)
• SCALANCE XC-200 (EtherNet/IP variants)
• SCALANCE XP-200 (Ethernet/IP variants)
• SCALANCE XR-300WG
• SCALANCE XM-400
• SCALANCE XR-500

Ring port 1 / ring port 2

Here, select the port you want to configure as ring port 1 and ring port 2.
With devices with more than 8 ports, not all ports can be selected as ring port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

36 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

The drop-down list shows the selection of possible ports for each device type. If the ports are
specified in the factory, the boxes are grayed out.

NOTICE
Ring ports after resetting to factory settings
If you reset to the factory settings, the ring port settings are also reset.
If other ports were used previously as ring ports before resetting, with the appropriate
attachment, a previously correctly configured device can cause circulating frames and
therefore the failure of the data traffic.

Note
Reconfiguration only when the ring is open
First open the ring before you reconfigure the ring ports of a ring manager.

Diagnostic interrupts
Enable the "Diagnostic interrupts" option, if you want diagnostic interrupts relating to the
MRP status on the local CPU to be output.
The following diagnostic interrupts can be generated:
● Wiring or port error
Diagnostic interrupts are generated if the following errors occur at the ring ports:
– Connection abort on a ring port
– A neighbor of the ring port does not support MRP.
– A ring port is connected to a non-ring port.
– A ring port is connected to the ring port of another MRP domain.
● Status change active/passive (redundancy manager only)
If the status changes (active/passive) in a ring, a diagnostics interrupt is generated.

Parameter assignment of the redundancy is not set by STEP 7 (redundancy alternatives)

This option only affects SCALANCE X switches. Select this option if you want to set the
properties for media redundancy using alternative mechanisms such as WBM, CLI or SNMP.
If you enable this option, existing redundancy settings are retained and are not overwritten.
The parameters in the "MRP configuration" box are then reset and grayed out. The entries
then have no meaning.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 37
Technical basics
4.4 Redundancy mechanism

4.4.4 Standby

General
SCALANCE X switches support not only ring redundancy within a ring but also redundant
linking of rings or open network segments (linear bus). In the redundant link, rings are
connected together over Ethernet connections. This is achieved by configuring a
master/slave device pair in one ring so that the devices monitor each other and, in the event
of a fault, redirect the data traffic from the normally used master Ethernet connection to the
substitute (slave) Ethernet connection.

Standby redundancy

Figure 4-2 Example of a redundant link between rings

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

38 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.4 Redundancy mechanism

For a redundant link as shown in the figure, two devices must be configured as standby
redundancy switches within a network segment. In this case, network segments are rings
with a redundancy manager. Instead of rings, network segments might also be linear.
The two standby redundancy switches connected in the configuration exchange data frames
with each other to synchronize their operating statuses (one device is master and the other
slave). If there are no problems, only the link from the master to the other network segment
is active. If this link fails (for example due to a link-down or a device failure), the slave
activates its link as long as the problem persists.

4.4.5 Parallel Redundancy Protocol

Parallel Redundancy Protocol

The "Parallel Redundancy Protocol" (PRP) is a redundancy protocol for Ethernet networks. It
is defined in Part 3 of the IEC 62439 standard. This redundancy method allows data
communication to be maintained without interruption/reconfiguration time if there are
interruptions in the network.
The PRP method is supported, for example, by the devices of the SCALANCE X-200RNA
product line.

Overlong frames
When sending PRP frames, the IE switch expands the frame with a PRP trailer. With frames
with the maximum length, appending the PRP trailer results in an overlong frame that
exceeds the maximum permitted frame length (according to the IEEE 802.3 standard).
To prevent data loss with overlong frames, all network components located in a PRP
network must support a frame length of at least 1528 bytes.
The devices described in this manual can be used in PRP networks, see also section
"Configuration limits (Page 23)".

4.4.6 DLR

SCALANCE XC-200G and DLR

DLR (Device Level Ring) is the redundancy method of the EtherNet/IP protocol. Devices of
the SCALANCE XC-200G series behave like "non-DLR devices" according to the
specifications of the Open DeviceNet Vendor Association (ODVA).

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 39
Technical basics
4.5 VLAN

4.5 VLAN

4.5.1 Basics

Network definition regardless of the spatial location of the nodes

VLAN (Virtual Local Area Network) divides a physical network into several logical networks
that are shielded from each other. Here, devices are grouped together to form logical groups.
Only nodes of the same VLAN can address each other. Since multicast and broadcast
frames are only forwarded within the particular VLAN, they are also known as broadcast
domains.
The particular advantage of VLANs is the reduced network load for the nodes and network
segments of other VLANs.
To identify which packet belongs to which VLAN, the frame is expanded by 4 bytes (VLAN
tagging (Page 40)). This expansion includes not only the VLAN ID but also priority
information.

Options for the VLAN assignment

Each port of a device is assigned a VLAN ID (port-based VLAN). You configure port-based
VLAN in "Layer 2 > VLAN > Port-based VLAN (Page 225)".

4.5.2 VLAN tagging

Expansion of the Ethernet frames by four bytes

For CoS (Class of Service, frame priority) and VLAN (virtual network), the IEEE 802.1Q
standard defined the expansion of Ethernet frames by adding the VLAN tag.

Note
The VLAN tag increases the permitted total length of the frame from 1518 to 1522 bytes.
The end nodes on the networks must be checked to find out whether they can process this
length / this frame type. If this is not the case, only frames of the standard length may be
sent to these nodes.

The additional 4 bytes are located in the header of the Ethernet frame between the source
address and the Ethernet type / length field:

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

40 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.5 VLAN

Figure 4-3 Structure of the expanded Ethernet frame

The additional bytes contain the tag protocol identifier (TPID) and the tag control information
(TCI).

Tag protocol identifier (TPID)

The first 2 bytes form the Tag Protocol Identifier (TPID) and always have the value 0x8100.
This value specifies that the data packet contains VLAN information or priority information.

Tag Control Information (TCI)

The 2 bytes of the Tag Control Information (TCI) contain the following information:
QoS Trust
The tagged frame has 3 bits for the priority that is also known as Class of Service (CoS), see
also IEEE 802.1Q.

CoS bits Priority Type of the data traffic

000 0 (lowest) Background
001 1 Best Effort
010 2 Excellent Effort
011 3 Critical Applications
100 4 Video, < 100 ms delay (latency and jitter)
101 5 Voice (language), < 10 ms delay (latency and jitter)
110 6 Internetwork Control
111 7 (highest) Network Control

The prioritization of the data packets is possible only if there is a queue in the components in
which they can buffer data packets with lower priority.
The device has multiple parallel queues in which the frames with different priorities can be
processed. As default, first, the frames with the highest priority are processed. This method
ensures that the frames with the highest priority are sent even if there is heavy data traffic.
Canonical Format Identifier (CFI)

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 41
Technical basics
4.5 VLAN

The CFI is required for compatibility between Ethernet and the token Ring.
The values have the following meaning:

Value Meaning
0 The format of the MAC address is canonical. In the canonical representation of the MAC
address, the least significant bit is transferred first. Standard-setting for Ethernet switches.
1 The format of the MAC address is not canonical.

VLAN ID
In the 12-bit data field, up to 4096 VLAN IDs can be formed. The following conventions
apply:

VLAN ID Meaning
0 The frame contains only priority information (priority tagged frames) and no valid
VLAN identifier.
1- 4094 Valid VLAN identifier, the frame is assigned to a VLAN and can also include priori-
ty information.
4095 Reserved

4.5.3 Private VLAN

With a private VLAN (PVLAN) you can divide up the layer 2 broadcast domains of a VLAN.
A private VLAN consists of the following units:
● A primary private VLAN (primary PVLAN)
The VLAN that is divided up is called primary private VLAN.
● secondary private VLANs (secondary PVLAN)
Secondary PVLANs exist only within a primary PVLAN. Every secondary PVLAN has a
specific VLAN ID and is connected to the primary PVLAN.
Secondary PVLANs are divided into the following types:
– Isolated Secondary PVLAN
Devices within an isolated secondary PVLAN cannot communicate with each other via
layer 2.
– Community Secondary PVLAN
Devices within a community secondary PVLAN can communicate with each other
directly via layer 2. The devices cannot communicate with devices in other
communities of the PVLAN via layer 2.

Note
VLAN ID with secondary PVLANs
If you use the same VLAN ID for secondary PVLANs on different IE switches, the end
devices in these secondary PVLANs can communicate with other via layer 2 across the
different switches.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

42 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.5 VLAN

Note
Private VLAN functionality and RADIUS authentication
When VLAN assignment is activated via RADIUS authentication for one or more ports of a
VLAN, you should not configure this VLAN additionally as private VLAN.
The private VLAN functionality in connection with VLAN assignment via RADIUS
authentication can result in an inconsistent system state.

In this example, the ports of the IE switches that connect them to other IE switches are
promiscuous ports. These network ports are tagged members in all PVLANs: Primary
PVLAN and all secondary PVLANs.
The ports to which the PCs are connected are host ports. The host ports are all untagged
members in the primary PVLAN and in their secondary PVLAN.
The port to which the server is connected is a promiscuous port. This promiscuous port ports
is an untagged member in all PVLANs: Primary PVLAN and all secondary PVLANs.
In this example all PCs can communicate with the server. The server can communicate with
all PCs. PC1 cannot communicate with any other PC. The PCs within a community

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 43
Technical basics
4.5 VLAN

secondary PVLAN can communicate with each other but not with the PCs in another
secondary PVLAN.

4.5.4 VLAN tunnel

With the Q-in-Q VLAN Tunnel function it is possible to forward the data traffic from different
customer networks using a VLAN tunnel via a provider network. Every customer network has
the full number of possible VLANs available.
A VLAN tunnel is established between provider switches that are configured at the
boundaries of a provider network. A provider switch has the following types of ports:
● Access port
The provider switch is connected to a customer network via an access port.
– Incoming data traffic
The incoming data traffic at an access port is treated as if it were untagged ①. All
incoming frames are expanded by a tag with the port VID of the access port ②. With
frames that are already tagged, this means they are expanded by a second 802.1Q
tag ③ the outer VLAN tag.

– Outgoing data traffic

With outgoing data traffic the outer tag is removed again at an access port.
● Core port
The provider switch is connected to a provider network via a core port.
Core ports are members in the port VLAN of the access port or configured with the port
type "Switch-Port VLAN Trunk".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

44 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.6 Mirroring

In this example the data traffic from the customer networks A, B and C is forwarded over the
provider network using a VLAN tunnel. The frames from customer network A are tagged with
a VLAN ID. The frames from customer network B are tagged with a priority. The frames from
customer network C are untagged.
When the frames reach the relevant access port, they are expanded by a tag with the port
VID of the access port and tunneled through the provider network. As soon as the frames
leave the provider network, the outer VLAN tag (PVID) is removed again. The frames are
forwarded in their original form. The priority of the frame is retained.

4.6 Mirroring
The device provides the option of simultaneously channeling incoming or outgoing data
streams via other interfaces for analysis or monitoring. This has no effect on the monitored
data streams. This procedure is known as mirroring. In this menu section, you enable or
disable mirroring and set the parameters.

Mirroring ports
Mirroring a port means that the data traffic at a port (mirrored port) of the IE switch is copied
to another port (monitor port). You can mirror one or more ports to a monitor port.
If a protocol analyzer is connected to the monitor port, the data traffic at the mirrored port
can be recorded without interrupting the connection. This means that the data traffic can be
investigated without being affected. This is possible only if a free port is available on the
device as the monitor port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 45
Technical basics
4.7 SNMP

4.7 SNMP

Introduction
With the aid of the Simple Network Management Protocol (SNMP), you monitor and control
network components from a central station, for example routers or switches. SNMP controls
the communication between the monitored devices and the monitoring station.
Tasks of SNMP:
● Monitoring of network components
● Remote control and remote parameter assignment of network components
● Error detection and error notification
In versions v1 and v2c, SNMP has no security mechanisms. Each user in the network can
access data and also change parameter assignments using suitable software.
For the simple control of access rights without security aspects, community strings are used.
The community string is transferred along with the query. If the community string is correct,
the SNMP agent responds and sends the requested data. If the community string is not
correct, the SNMP agent discards the query. Define different community strings for read and
write permissions. The community strings are transferred in plain text.
Standard values of the community strings:
● public
has only read permissions
● private
has read and write permissions

Note
Because the SNMP community strings are used for access protection, do not use the
standard values "public" or "private". Change these values following the initial
commissioning.

Further simple protection mechanisms at the device level:

● Allowed Host
The IP addresses of the monitoring systems are known to the monitored system.
● Read Only
If you assign "Read Only" to a monitored device, monitoring stations can only read out
data but cannot modify it.
SNMP data packets are not encrypted and can easily be read by others.
The central station is also known as the management station. An SNMP agent is installed on
the devices to be monitored with which the management station exchanges data.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

46 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.8 Quality of service

The management station sends data packets of the following type:

● GET
Request for a data record from the SNMP agent
● GETNEXT
Calls up the next data record.
● GETBULK (available as of SNMPv2c)
Requests multiple data records at one time, for example several rows of a table.
● SET
Contains parameter assignment data for the relevant device.
The SNMP agent sends data packets of the following type:
● RESPONSE
The SNMP agent returns the data requested by the manager.
● TRAP
If a certain event occurs, the SNMP agent itself sends traps.
SNMPv1/v2c/v3 use UDP (User Datagram Protocol) and use the UDP ports 161 and 162.
The data is described in a Management Information Base (MIB).

SNMPv3
Compared with the previous versions SNMPv1 and SNMPv2c, SNMPv3 introduces an
extensive security concept.
SNMPv3 supports:
● Fully encrypted user authentication
● Encryption of the entire data traffic
● Access control of the MIB objects at the user/group level

4.8 Quality of service

Quality of Service (QoS) is a method to allow efficient use of the existing bandwidth in a
network.
QoS is implemented by prioritization of the data traffic. Incoming frames are sorted into a
Queue according to a certain prioritization and further processed. This gives certain frames
priority.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 47
Technical basics
4.9 NAT/NAPT

The different QoS methods influence each other and are therefore taken into account in the
following order:
1. The switch first checks whether the incoming frame is a broadcast or agent frame.
→ When the first condition is met, the switch takes into account the priority set on the
"General (Page 208)" page.
The switch sorts the frame into a queue according to the assignment on page "CoS Map
(Page 210)".
2. If the first condition is not met the switch checks whether the frame contains a VLAN tag.
→ If the second condition is met the switch checks the settings for the priority on the
"General (Page 208)" page. The switch checks whether a value other than "Do not force"
is set for the priority.
If the priority is set the switch sorts the frame into a queue according to the assignment
on page "CoS Map (Page 210)".
3. If the second condition is also not met the frames are further processed according to the
Trust mode. You configure the Trust mode on the page "QoS Trust (Page 213)".

See also
General (Page 218)

4.9 NAT/NAPT

Note
NAT/NAPT is possible only on layer 3 of the ISO/OSI reference model. To use the NAT
function, the networks must use the IP protocol.
When using the ISO protocol that operates at layer 2, it is not possible to use NAT.

In Network Address Translation (NAT) IP subnets are divided into "Inside" and "Outside".
The division is from the perspective of a NAT interface. All networks reachable via the NAT
interface itself count as "Outside" for this interface. All networks reachable via other IP
interfaces of the same device count as "Inside" for the NAT interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

48 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.9 NAT/NAPT

If there s routing via the NAT interface, the source or destination IP addresses of the
transferred data packets are changed at the transition between "Inside" and "Outside".
Whether or not the source or destination IP address is changed depends on the
communications direction. It is always the IP address of the communications node that is
located "Inside" that is adapted. Depending on the perspective the IP address of a
communications node is always designated as "Local" or "Global".

Perspective
Local Global
Position Inside An actual IP address that is as- An IP address at which an internal
signed to a device in the internal device can be reached from the
network. This address cannot be external network.
reached from the external net-
work.
Outside An actual IP address that is assigned to a device in the external net-
work.
Since only "Inside" addresses are converted, there is no distinction
made between outside local and outside global.

Example
In the example two IP subnets are connected together via an IE switch. The division is from
the perspective of the NAT interface 10.0.0.155. The communication of PC2 with PC1 is
implemented via NAT/NAPT.

The actual IP address of PC1 (inside local) is implemented statically with NAT. For PC2,
PC1 can be reached at the inside global address.

Perspective
Local Global
Position Inside 192.168.16.150 10.0.0.7
Outside 10.0.0.10

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 49
Technical basics
4.9 NAT/NAPT

The actual IP address of PC1 (inside local) is implemented with NAPT (Network Address
and Port Translation).. For PC2, PC1 can be reached at the inside global address.

Perspective
Local Global
Position Inside 192.168.16.150:80 10.0.0.7:80
Outside 10.0.0.10:1660

Computing capacity
Due to the load limitation of the CPU packet receipt of the device is limited to 300 packets a
second. This corresponds to a maximum data through of 1.7 Mbps. This load limitation does
not apply per interface but generally for all packets going the CPU.
The entire NAT communication runs via the CPU and therefore represents competition for IP
communication going to the CPU, e.g. WBM and Telnet.
Note that a large part of the computing capacity is occupied if you use NAT. This can slow
down access via Telnet or WBM.

NAT
With Network Address Translation (NAT), the IP address in a data packet is replaced by
another. NAT is normally used on a gateway between an internal network and an external
network.
With source NAT, the inside local source address of an IP packet from a device in the
internal network is rewritten by a NAT device to an inside global address at the gateway.
With destination NAT, the inside global source address of an IP packet from a device in the
external network is rewritten by a NAT device to an inside local address at the gateway.
To translate the internal into the external IP address and back, the NAT device maintains a
translation list. The address assignment can be dynamic or static. You configure NAT in
"Layer 3 (IPv4) > NAT (Page 299)".

NAPT
In "Network Address Port Translation" (NAPT), several internal source IP addresses are
translated into the same external IP address. To identify the individual nodes, the port of the
internal device is also stored in the translation list of the NAT device and translated for the
external address.
If several internal devices send a query to the same external destination IP address via the
NAT device, the NAT device enters its own external source IP address in the header of
these forwarded frames. Since the forwarded frames have the same external source IP
address, the NAT device assigns the frames to the devices using a different port number.
If a device from the external network wants to use a service in the internal network, the
translation list for the static address assignment needs to be configured. You configure
NAPT in "Layer 3 (IPv4) > NAT > NAPT (Page 304)".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

50 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Technical basics
4.10 Single-Hop Inter-VLAN-Routing

NAT/NAPT and IP routing

You can enable NAT/NAPT and IP routing at the same time. In this case, you need to
regulate the reachability of internal addresses from external networks with ACL rules.

4.10 Single-Hop Inter-VLAN-Routing

Introduction
A physical network is divided into broadcast domains and subnets by VLANs.
Devices (hosts) within a VLAN can communicate with each other directly via layer 2. The
frames are forwarded to the relevant device based on the MAC address.
Devices from different VLANs cannot communicate with each other directly via layer 2. The
data traffic must be routed based on the IP address.
With the Single-Hop Inter-VLAN-Routing function it is possible that devices from different
VLANs communicate with each other without a router being necessary.

Requirements
● The IE switch can manage several IP interfaces.
● The switch is a member in the VLANs to be routed.
● With the hosts, the IP address of the VLAN is entered as default gateway.

Single-Hop Inter-VLAN-Routing
The IE switch receives a frame and recognizes that it is addressed to a device in another
VLAN. It forwards the frame to the corresponding port in the VLAN.
The IE switch only knows VLANs with which it is directly connected (Connected). With
Single-Hop Inter-VLAN-Routing it is therefore only possible to route between two local IP
interfaces.

Example

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 51
Technical basics
4.10 Single-Hop Inter-VLAN-Routing

In this example, the host A is connected to the IE switch via VLAN1. Host A is connected to
the IE switch via VLAN2. With host A the IP address of VLAN 1 is entered as the default
gateway. With host B the IP address of VLAN 2 is entered as the default gateway.
If the Single-Hop Inter-VLAN-Routing function is enabled on the SCALANCE XP216PoE,
host A and host B can communicate with each other.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

52 Configuration Manual, 04/2018, C79000-G8976-C360-06
Configuring with Web Based Management 5
5.1 Web Based Management

How it works
The device has an integrated HTTP server for Web Based Management (WBM). If a device
is addressed using an Internet browser, it returns HTML pages to the client PC depending on
the user input.
The user enters the configuration data in the HTML pages sent by the device. The device
evaluates this information and generates reply pages dynamically.
The advantage of this method is that only an Internet browser is required on the client.

Note
Secure connection
WBM also allows you to establish a secure connection via HTTPS.
Use HTTPS for protected transfer of your data. If you wish to access WBM only via a secure
connection, activate the option "HTTPS Server only" under "System > Configuration".

Requirements
WBM display
● The device has an IP address.
● There is a connection between the device and the client PC. With the ping command, you
can check whether or not a device can be reached.
● Access using HTTPS is enabled.
● JavaScript is activated in the Internet browser.
● The Internet browser must not be set so that it reloads the page from the server each
time the page is accessed. The updating of the dynamic content of the page is ensured
by other mechanisms. In the Internet Explorer, you can make the appropriate setting in
the "Options > Internet Options > General" menu in the section "Browsing history" with
the "Settings" button. Under "Check for newer versions of stored pages:", select
"Automatically".
● If a firewall is used, the relevant ports must be opened.
– For access using HTTP: TCP port 80
– For access using HTTPS: TCP port 443

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 53
Configuring with Web Based Management
5.2 Login

The display of the WBM was tested with the following desktop Internet browsers:
● Microsoft Internet Explorer 11
● Mozilla Firefox 52.6.0
● Google Chrome V63

Note
Compatibility view
In Microsoft Internet Explorer, disable the compatibility view to ensure correct display and to
allow problem-free configuration using WBM.

Display of the WBM on mobile devices

For mobile devices, the following minimum requirements must be met:

Resolution Operating system

960 x 640 pixels Android as of version 4.2.1
iOS as of version 6.0.2

Tested with the following Internet browsers for mobile devices:

● Apple Safari as of version 8 on iOS as of V8.1.3 (iPad Mini Model A1432)
● Google Chrome as of version 40 on Android as of version 5.0.2 (Nexus 7C Asus)
● Mozilla Firefox as of version 35 on Android as of version 5.0.2 (Nexus 7C Asus)

Note
Display of the WBM and working with it on mobile devices
The display on the WBM pages and how you work with them on mobile devices may differ
compared with the same pages on desktop devices. Some pages also have an optimized
display for mobile devices.

5.2 Login

Establishing a connection to a device

Follow the steps below to establish a connection to a device using an Internet browser:
1. There is a connection between the device and the client PC. With the ping command, you
can check whether or not a device can be reached.
2. In the address box of the Internet browser, enter the IP address or the URL of the device.
If there is a connection to the device, the login page of Web Based Management (WBM)
is displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

54 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.2 Login

Logging on using the Internet browser

Selecting the language of the WBM
1. From the drop-down list at the top right, select the language version of the WBM pages.
2. Click the "Go" button to change to the selected language.

Note
Available languages
In this version German and English are available.

Login with HTTP

There are two ways in which you can log in via HTTP. You either use the login option in the
center of the browser window or the login option in the upper left area of the browser
window. Both options involve the same steps.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 55
Configuring with Web Based Management
5.2 Login

Log in to a device with factory settings

When you log in for the first time or after restoring the factory settings, follow these steps:
1. In the "Name" input box, enter the factory-set user "admin".
With this user account, you can change the settings of the device (read and write access
to the configuration data).

Note
User "user" preset in the factory
As of firmware version 2.1, the default user set in the factory "user" is no longer available
when the product ships.
If you update a device to firmware V2.1, the user "user" is initially still available. If you
reset the device to the factory settings ("Restore Factory Defaults and Restart"), the user
"user" is deleted.
You can create users with the role "user".

2. In the "Password" input box, enter the password of the factory-set user "admin": "admin".
3. Click the "Login" button or confirm your input with "Enter".
The following page appears.

4. In the "Current User Password" input box, enter the password of the factory-set user
"admin".
5. Enter a new user name, if required, in the "New Admin Account Name" input box.
When you log in for the first time or following a "Restore Factory Defaults and Restart",
you can rename the user preset in the factory "admin" once. Afterwards, renaming
"admin" is no longer possible.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

56 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

6. Enter the new password for the user in the "New Password" input box.
The new password must meet the following password policies:
– Password length: at least 8 characters, maximum 32 characters
– At least 1 uppercase letter
– At least 1 special character
– At least 1 number
7. Enter the password again in the "Password Confirmation" box. The password entries
must match.
Click the "Set Values" button to complete the action and activate the new password.
Once you have logged in successfully, the start page appears.

Log in to a configured device

When you log in to a configured device, follow these steps:
1. Enter the user name of the created user account in the "Name" input box.
You configure local user accounts in "Security > Users".
2. Enter the password of the relevant user account in the "Password" input box.
3. Click the "Login" button or confirm your input with "Enter".
Once you have logged in successfully, the start page appears.

Login with HTTPS

If you want to connect to the device via HTTPS, follow these steps:
1. Click on the link "Switch to secure HTTP" on the login page or enter "https://" and the IP
address of the device in the address box of the Internet browser.
2. Check the displayed certificate warning and confirm it if applicable.
The logon page of Web Based Management appears.
3. Then, follow the instructions under "Login with HTTP".

5.3 The "Information" menu

5.3.1 Start page

View of the Start page

When you enter the IP address of the device, the start page is displayed after a successful
login. You cannot configure anything on this page.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 57
Configuring with Web Based Management
5.3 The "Information" menu

General layout of the WBM pages

The following areas are generally available on every WBM page:
● Selection area (1): Top area
● Display area (2): Top area
● Navigation area (3): Left-hand area
● Content area (4): Middle area

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

58 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Selection area (1)

The following is available in the selection area:
● Logo of Siemens AG
When you click on the logo, you arrive at the Internet page of the corresponding basic
device in Siemens Industry Online Support.
● Display of: "System Location / System Name"
– "System location" contains the location of the device.
With the settings when the device ships, the IP address of the device is displayed.
– "System name" is the device name.
With the settings when the device ships, the device type is displayed.
You can change the content of this display with "System > General > Device".
● Drop-down list for language selection
● System date and system time with status display
You can change the content of this display under "System > System Time".
If the system time is not set, the status is . If the system time is configured, but the
system time cannot be synchronized, a yellow warning triangle can be seen. Check
whether the time server can be reached. If necessary adapt your configuration. If the
system time is set and/or can be synchronized, the status is .

Display area (2)

In the upper part of the display area, you can see name of the currently logged in user and
the full title of the currently selected menu item.
In the lower part of the display area, you will find the following:
● Logging out
You can log out from any WBM page by clicking the "Logout" link.
● LED simulation
Each device has one or more LEDs that provide information on the operating state of the
device. Depending on its location, direct access to the device may not always be
possible. Web Based Management therefore displays simulated LEDs. Unused
connectors are displayed as gray LEDs. The meaning of the LED displays is described in
the operating instructions.
If you click this button, you open the window for the LED simulation. You can show this
window during a change of menu and move it as necessary. To close the LED simulation,
click the close button in the LED simulation window.
● Help
When you click this button, the help page of the currently selected menu item is opened
in a new browser window. The help page contains a description of the content area.
Under certain circumstances, options are described that are not available on the device.
On every search page, there is an input box for the search function at the top edge. In
this input box, enter a term for which you need additional information and start the search
by pressing Enter. A dialog box displays a list of WBM pages that contain the term

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 59
Configuring with Web Based Management
5.3 The "Information" menu

searched for. The corresponding WBM page is opened in a new tab of the browser after
clicking a list element.
● Print
If you click this button, a popup window opens. The popup window contains a view of the
page content optimized for printers.

Note
Printing larger tables
If you want to print large tables, please use the "Print preview" function of your Internet
browser.

Navigation area (3)

In the navigation area, you have various menus available. Click the individual menus to
display the submenus. The submenus contain pages on which information is available or
with which you can create configurations. These pages are always displayed in the content
area.

Content area (4)

The content area shows a graphic of the device. The graphic always shows the device
whose WBM you have called up.
The following is displayed below the device graphic:
● PROFINET Name of Station
Shows the PROFINET device name.
● Diagnostics Mode
Shows whether EtherNet/IP or PROFINET IO is enabled.
● System Name
Shows the name of the device.
● Device Type
Shows the type designation of the device.
● PROFINET AR Status
Shows the PROFINET application relation status.
– Online
There is a connection to a PROFINET controller. The PROFINET controller has
downloaded its configuration data to the device. The device can send status data to
the PROFINET controller.
In this status, the parameters set via the PROFINET controller cannot be configured
on the device.
– Offline
There is no connection to a PROFINET controller.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

60 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

● Power Supply 1 / Power Supply 2

– Up
Power supply 1 or 2 is applied
– Down:
Power supply 1 or 2 is not applied or is below the permitted voltage.
● PLUG Configuration
Shows the status of the configuration data on the PLUG, refer to the section "System >
PLUG > Configuration".
● Fault Status
Shows the fault status of the device.

Buttons you require often

The pages of the WBM contain the following standard buttons:
● Refresh the display with "Refresh"
Web Based Management pages that display current parameters have a "Refresh" button
at the lower edge of the page. Click this button to request up-to-date information from the
device for the current page.

Note
If you click the "Refresh" button, before you have transferred your configuration changes
to the device using the "Set Values" button, your changes will be deleted and the
previous configuration will be loaded from the device and displayed here.

● Save entries with "Set Values"

Pages in which you can make configuration settings have a "Set Values" button at the
lower edge. The button only becomes active if you change at least one value on the
page. Click this button to save the configuration data you have entered on the device.
Once you have saved, the button becomes inactive again.

Note
Changing configuration data is possible only with the "admin" role.

● Create entries with "Create"

Pages in which you can make new entries have a "Create" button at the lower edge. Click
this button to create a new entry. When you create an entry the page is updated.
● Delete entries with "Delete"
Pages in which you can delete entries have a "Delete" button at the lower edge. Click this
button to delete the previously selected entries from the device memory. When you
delete an entry the page is updated.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 61
Configuring with Web Based Management
5.3 The "Information" menu

● Page down with "Next"

On pages with a lot of data records the number of data records that can be displayed on
a page is limited. Click the "Next" button to page down through the data records.
● Page back with "Prev"
On pages with a lot of data records the number of data records that can be displayed on
a page is limited. Click the "Prev" button to page back through the data records.

Messages
If you have enabled the "Automatic Save" mode and you change a parameter the the
following message appears in the display area "Changes will be saved automatically in x
seconds. Press 'Write Startup Config' to save the changes immediately.

Note
Interrupting the save
Saving starts only after the timer in the message has elapsed. In this case the following
message appears "Saving configuration data in progress. Please do not switch off the
device". How long saving takes depends on the device.
• Do not switch off the device immediately after the timer has elapsed.

5.3.2 Versions

Versions of hardware and software

This page shows the versions of the hardware and software of the device. You cannot
configure anything on this page.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

62 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

Table 1 has the following columns:
● Hardware - Basic Device
Shows the basic device.
● Name
Shows the name of the device or module.
● Revision
Shows the hardware version of the device.
● Order ID
Shows the article number of the device or described module.
Table 2 has the following columns:
● Software
– Firmware
Shows the current firmware version. If a new firmware file was downloaded and the
device has not yet restarted, the firmware version of the downloaded firmware file is
displayed here. After the next restart, the downloaded firmware is activated and used.
– Bootloader
Shows the version of the boot software stored on the device.
– Firmware_Running
Shows the firmware version currently being used on the device.
● Description
Shows the short description of the software.
● Version
Shows the version number of the software version.
● Date
Shows the date on which the software version was created.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 63
Configuring with Web Based Management
5.3 The "Information" menu

5.3.3 I&M

Identification and Maintenance data

This page contains information about device-specific vendor and maintenance data such as
the order number, serial number, version number etc. You cannot configure anything on this
page.

Description of the displayed values

The table has the following rows:
● Manufacturer ID
Shows the manufacturer ID.
● Order ID
Shows the order number.
● Serial Number
Shows the serial number.
● Hardware Revision
Shows the hardware version.
● Software version
Shows the software version.
● Revision Counter
Regardless of a version change, this box always displays the value "0".
● Revision Date
Shows the date and time of the last revision.
● Function tag
Shows the function tag (plant designation) of the device. The plant designation (HID) is
created during configuration of the device with HW Config of STEP 7.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

64 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

● Location tag
Shows the location tag of the device. The location identifier (LID) is created during
configuration of the device with HW Config of STEP 7.
● Date
Shows the date created during configuration of the device with HW Config of STEP 7.
● Descriptor
Shows the description created during configuration of the device with HW Config of
STEP 7.

5.3.4 ARP table

Assignment of MAC address and IPv4 address

With the Address Resolution Protocol (ARP), there is a unique assignment of MAC address
to IPv4 address. This assignment is kept by each network node in its own separate ARP
table. The WBM page shows the ARP table of the device.

Description of the displayed values

The table has the following columns:
● Interface
Shows the interface via which the row entry was learnt.
● MAC Address
Shows the MAC address of the destination or source device.
● IP Address
Shows the IPv4 address of the destination device.
● Media Type
Shows the type of connection.
– Dynamic
The device recognized the address data automatically.
– Static
The addresses were entered as static addresses.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 65
Configuring with Web Based Management
5.3 The "Information" menu

5.3.5 Log Table

Logging events
The device allows you to log occurring events, some of which you can specify on the page of
the "System > Events" menu. This, for example, allows you to record when an authentication
attempt failed or when the connection status of a port has changed.
The content of the events log table is retained even when the device is turned off.

Description of the displayed values

Severity Filters
You can filter the entries in the table according to severity. Select the required entries in the
check boxes above the table.
● Info
When this parameter is enabled, all entries of the category "Info" are displayed.
● Warning
When this parameter is enabled, all entries of the category "Warning" are displayed.
● Critical
When this parameter is enabled, all entries of the category "Critical" are displayed.
To display all entries, select either all of them or leave the check boxes empty.
The table has the following columns:
● Restart
Counts the number of restarts since you last reset to factory settings and shows the
device restart after which the corresponding event occurred.
● System Up Time
Shows the time the device has been running since the last restart when the described
event occurred.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

66 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

● System Time
If the system time is set, the date and time are also displayed at which the event
occurred.
● Severity
Sorts the entry into the categories above.
● Log Message
Displays a brief description of the event that has occurred.

Description of the buttons and input boxes

"Clear" button
Click this button to delete the content of the event log file. All entries are deleted regardless
of what you have selected under "Severity Filters".
The display is also cleared. The restart counter is only reset after you have restored the
device to the factory settings and restarted the device.

Note
The number of entries in this table is restricted to 1200. The table can contain 400 entries for
each severity. When this number is reached, the oldest entries of the relevant severity are
discarded. The table remains permanently in memory.

"Show all" button

Click this button to display all the entries on the WBM page. Note that displaying all
messages can take some time.
"Next" button
Click this button to go to the next page.
"Prev" button
Click this button to go to the previous page.
Drop-down list for page change
From the drop-down list, select the page you want to go to.
"Update" button
Refreshes the display of the values in the table.

5.3.6 Faults

Error status
if an error occurs, it is shown on this page. On the device, errors are indicated by red fault
LED lighting up.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 67
Configuring with Web Based Management
5.3 The "Information" menu

Internal errors of the device and errors that you configure on the following pages are
indicated:
● System > Events"
● "System" > Fault Monitoring"
Errors of the "Cold/Warm Start" event can be deleted by a confirmation.
The calculation of the time of an error always begins after the last system start.
If there are no errors present, the fault LED switches off.

Description of the displayed values

● No. of Signaled Faults
Number of errors displayed since the last startup.
● Reset Counters
Click "Reset Counters" to reset all counters. The counter is reset when there is a restart.
The table contains the following columns:
● Fault Time
Shows the time the device has been running since the last system restart when the
described error/fault occurred.
● Fault Description
Displays a brief description of the fault/error that has occurred.
● Clear Fault State
If the "Clear Fault State" button is enabled, you can delete the fault.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

68 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

5.3.7 Redundancy

5.3.7.1 Spanning tree

Introduction
The page shows the current information about the spanning tree and the settings of the root
bridge.

Description of the displayed values

The following fields are displayed:
● Spanning Tree Mode
Shows the set mode. You specify the mode in "Layer 2 > Configuration" and in "Layer 2 >
Spanning Tree > General".
The following values are possible:
– '-'
– STP
– RSTP
– MSTP
● Instance ID
Shows the number of the instance. The parameter depends on the configured mode.
● Bridge Priority / Root Priority
Which device becomes the root bridge is decided by the bridge priority. The bridge with
the highest priority (in other words, with the lowest value for this parameter) becomes the
root bridge. If several devices in a network have the same priority, the device whose MAC

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 69
Configuring with Web Based Management
5.3 The "Information" menu

address has the lowest numeric value will become the root bridge. Both parameters,
bridge priority and MAC address together form the bridge identifier. Since the root bridge
manages all path changes, it should be located as centrally as possible due to the delay
of the frames. The value for the bridge priority is a whole multiple of 4096 with a range of
values from 0 to 32768.
● Bridge address / root address
The bridge address shows the MAC address of the device and the root address shows
the MAC address of the root switch.
● Root Cost
Shows the path costs from the device to the root bridge.
● Bridge Status
Shows the status of the bridge, e.g. whether or not the device is the root bridge.
● Regional root priority (available only with MSTP)
For a description, see Bridge priority / Root priority.
● Regional root address (available only with MSTP)
Shows the MAC address of the device.
● Regional Root Cost (available only with MSTP)
Shows the path costs from the regional root bridge to the root bridge.
The table has the following columns:
● Port
Shows the port via which the device communicates. The port is made up of the module
number and the port number, for example port 0.1 is module 0, port 1.
● Role
Shows the status of the port. The following values are possible:
– Disabled
The port was removed manually from the spanning tree and will no longer be taken
into account by the spanning tree.
– Designated
The ports leading away from the root bridge.
– Alternate
The port with an alternative path to a network segment
– Backup
If a switch has several ports to the same network segment, the "poorer" Port becomes
the backup port.
– Root
The port that provides the best route to the root bridge.
– Master
This port points to a root bridge located outside the MST region.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

70 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

● Status
Displays the current status of the port. The values are only displayed. The parameter
depends on the configured protocol. The following values are possible:
– Discarding
The port receives BPDU frames. Other incoming or outgoing frames are discarded.
– Listening
The port receives and sends BPDU frames. The port is involved in the spanning tree
algorithm. Other outgoing and incoming frames are discarded.
– Learning
The port actively learns the topology; in other words, the node addresses. Other
outgoing and incoming frames are discarded.
– Forwarding
Following the reconfiguration time, the port is active in the network. The port receives
and sends data frames.
● Oper. Version
Shows the compatibility mode of Spanning Tree used by the port.
● Priority
If the path calculated by the spanning tree is possible over several ports of a device, the
port with the highest priority (in other words the lowest value for this parameter) is
selected. A value between 0 and 240 can be entered for the priority in steps of 16. If you
enter a value that cannot be divided by 16, the value is automatically adapted. The
default is 128.
● Path Cost
This parameter is used to calculate the path that will be selected. The path with the
lowest value is selected. If several ports of a device have the same value, the port with
the lowest port number will be selected.
If the value in the "Cost Calc." box is "0", the automatically calculated value is shown.
Otherwise, the value of the "Cost Calc." box is displayed.
The calculation of the path costs is largely based on the transmission speed. The higher
the achievable transmission speed is, the lower the value of the path costs.
Typical values for path costs with rapid spanning tree:
– 10,000 Mbps = 2,000
– 1000 Mbps = 20,000
– 100 Mbps = 200,000
– 10 Mbps = 2,000,000
You configure the "Cost Calc." on the pages "Layer 2 > Spanning Tree > CIST Port" and
"Layer 2 > Spanning Tree > MST Port".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 71
Configuring with Web Based Management
5.3 The "Information" menu

● Edge Type
Shows the type of the connection. The following values are possible:
– Edge Port
There is an end device at this port.
– No Edge Port
There is a spanning tree device at this port.
● P.t.P Type
Shows the type of the point-to-point link. The following values are possible:
– P.t.P.
With half duplex, a point-to-point link is assumed.
– Shared Media
With a full duplex connection, a point-to-point link is not assumed.

5.3.7.2 Ring Redundancy

Information on ring redundancy

On this tab, you obtain information about the status of the device in terms of ring
redundancy. The text boxes on this page are read-only.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

72 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

The following boxes are displayed:
● Redundancy Function
The "Redundancy Function" column shows the role of the device within the ring:
– no Ring Redundancy
The IE switch is operating without redundancy function.
– HRP Client
The IE switch operates as an HRP client.
– HRP Manager
The IE switch operates as an HRP manager.
– MRP Client
The IE switch operates as an MRP client.
– MRP Manager
The IE switch operates as an MRP manager. Using STEP 7, the role "Manager" was
set for the device.
– MRP Auto-Manager
The IE switch is operating as an MRP manager. Using WBM or CLI the role "MRP
Auto-Manager" or using STEP 7 the role "Manager (Auto)" was set.
● RM Status
The "RM Status" column shows whether or not the IE switch is operating as redundancy
manager and whether it has opened or closed the ring in this role.
– Passive
The IE switch is operating as redundancy manager and has opened the ring; in other
words, the line of switches connected to the ring ports is operating problem free. The
"Passive" status is also displayed if the IE switch is not operating as the redundancy
manager (Redundancy manager disabled).
– Active
The IE switch is operating as redundancy manager and has closed the ring; in other
words, the line of switches connected to the ring ports is interrupted (problem). The
redundancy manager connects its ring ports through and restores an uninterrupted
linear topology.
– "-"
The redundancy function is disabled.
● Observer Status
Shows the current status of the observer.
● Ring Port 1/Ring Port 2
The "Ring Port 1"and "Ring Port 2" columns show the ports being used as ring ports. If
media redundancy in ring topologies is completely disabled, ring ports configured last are
displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 73
Configuring with Web Based Management
5.3 The "Information" menu

● No. of Changes to RM Active State

Shows how often the device as redundancy manager switched to the active status, i.e.
closed the ring.
If the redundancy function is disabled or the device is an "HRP/MRP client" , the text
"Redundancy manager disabled" appears.
● Max. Delay of RM Test Packets [ms]
Shows the maximum delay time of the test frames of the redundancy manager.
If the redundancy function is disabled or the device is an "HRP/MRP client" , the text
"Redundancy manager disabled" appears.

Description of the button

"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.

5.3.7.3 Standby

Information on standby redundancy

On this tab, you obtain information about the status of the device in terms of standby
redundancy. The text boxes on this page are read-only.

Note
Device with the higher MAC address becomes master
When linking HRP rings redundantly, two devices are always configured as a master/slave
pair. This also applies to interrupted HRP rings = linear buses. When operating normally, the
device with the higher MAC address adopts the role of master.
This type of assignment is important in particular when a device is replaced. Depending on
the MAC addresses, the previous device with the slave function can take over the role of the
standby master.

The Standby tab shows the status of the standby function:

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

74 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

The following boxes are displayed:
● Standby ports
Shows the standby port.
● Standby Name
Standby Connection Name
● Standby Function
– Master
The device has a connection to the partner device and is operating as master. In
normal operation, the standby port of this device is active.
– Slave
The device has a connection to the partner device and is operating as slave. In normal
operation, the standby port of this device is inactive.
– Disabled
The standby link is disabled. The device is operating neither as master nor slave. The
port configured as a standby port works as a normal port without standby function.
– Waiting for connection
No connection has yet been established to the partner device. The standby port is
inactive. In this case, either the configuration on the partner device is inconsistent (for
example incorrect connection name, standby link disabled) or there is a physical fault
(for example device failure, link down).
– Connection lost
The existing connection to the partner device has been lost. In this case, either the
configuration on the partner device was modified (for example a different connection
name, standby link disabled) or there is a physical fault (for example device failure,
link down).

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 75
Configuring with Web Based Management
5.3 The "Information" menu

● Standby Status
The "Standby Status" display box shows the status of the standby port:
– Active
The standby port of this device is active; in other words is enabled for frame traffic.
– Passive
The standby port of this device is inactive; in other words is blocked for frame traffic.
– "-":
The standby function is disabled.
● No. of Changes to Standby Active State
Shows how often the IE switch has changed the standby status from "Passive" to
"Active". If the connection of a standby port fails on the standby master, the IE switch
changes to the "active" status.
If the standby function is disabled, the text "Standby Disabled" appears in this box.

Description of the button

"Reset Counters" button
Click "Reset Counters" to reset all counters. The counter is reset when there is a restart.

5.3.7.4 Link Check

Monitoring optical connections in the ring

The page shows the following information on the link check:
● The ports on which you can enable Link Check
● The current status
● The statistics of sent and received Link Check frames of the monitored connections.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

76 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

The following fields are displayed:
● Port
Shows the port to which the following information relates. The port is made up of the
module number and the port number, for example port 0.1 is module 0, port 1.
● Link Check
Shows whether the Link Check function is enabled or disabled.
● OperState
Shows the status of the Link Check function. The following statuses are possible:
– Disabled
The function is disabled.
– Enabled
The function is enabled. The connection partner has not yet confirmed the monitoring.
– Running
The function is enabled. The connection monitoring is enabled. The outgoing and
incoming test frames are counted and matched up.
– Faults
The function is enabled. Link Check has detected a fault on the monitored section and
turned off the port.
● Frames in
Shows how many Link Check test frames were received.
● Frames out
Shows how many Link Check test frames were sent

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 77
Configuring with Web Based Management
5.3 The "Information" menu

5.3.8 Ethernet Statistics

5.3.8.1 Interface Statistics

Interface statistics
The page shows the statistics from the interface table of the Management Information Base
(MIB).

Description of the displayed values

The table has the following columns:
● In Octet
Shows the number of received bytes.
● Out Octet
Shows the number of sent bytes.
● In Unicast
Shows the number of received unicast frames.
● In Non Unicast
Shows the number of received frames that are not of the type unicast.
● Out Unicast
Shows the number of sent unicast frames.
● Out Non Unicast
Shows the number of sent frames that are not of the type unicast.
● In Errors
Shows the number of all possible RX errors, refer to the tab "Packet Error".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

78 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description of the button

"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.

5.3.8.2 Packet Size

Frames sorted by length

This page displays how many frames of which length were sent and received at each port.
You cannot configure anything on this page.
The displayed values are transferred by RMON.
On the page "Layer 2 > RMON > Statistics", you can set the ports for which values will be
displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 79
Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

The table has the following columns:
● Port
Shows the available ports and link aggregations. The port is made up of the module
number and the port number, for example port 0.1 is module 0, port 1.

Note
Display of frame statistics
In the statistics relating to frame lengths, note that both incoming and outgoing frames
are counted.

● Frame lengths
The other columns after the port number contain the absolute numbers of frames
according to their frame length.
The following frame lengths are distinguished:
– 64 bytes
– 65 - 127 bytes
– 128 - 255 bytes
– 256 - 511 bytes
– 512 - 1023 bytes
– 1024 - Max.

Note
Data traffic on blocked ports
For technical reasons, data packets can be indicated on blocked ports.

Description of the button

"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.

5.3.8.3 Packet Type

Received frames sorted by Packet Type

This page displays how many frames of the type "unicast", "multicast", and "broadcast" were
received at each port. You cannot configure anything on this page.
The displayed values are transferred by RMON.
On the page "Layer 2 > RMON > Statistics", you can set the ports for which values will be
displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

80 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

The table has the following columns:
● Port
Shows the available ports and link aggregations. The port is made up of the module
number and the port number, for example port 0.1 is module 0, port 1.
● Unicast / Multicast / Broadcast
The other columns after the port number contain the absolute numbers of the incoming
frames according to their Packet Type "Unicast", "Multicast" and "Broadcast".

Description of the button

"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.

5.3.8.4 Packet Error

Received bad frames

This page shows how many bad frames were received per port. You cannot configure
anything on this page.
The displayed values are transferred by RMON.
On the page "Layer 2 > RMON > Statistics", you can set the ports for which values will be
displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 81
Configuring with Web Based Management
5.3 The "Information" menu

Description of the displayed values

The table has the following columns:
● Port
Shows the available ports and link aggregations. The port is made up of the module
number and the port number, for example port 0.1 is module 0, port 1.
● Error types
The other columns after the port number contain the absolute numbers of the incoming
frames according to their error type.
In the columns of the table, a distinction is made according to the following error types:
– CRC
Packets whose content does not match the CRC checksum.
– Undersize
Packets with a length less than 64 bytes.
– Oversize
Packets discarded because they were too long.
– Fragments
Packets with a length less than 64 bytes and a bad CRC checksum.
– Jabbers
VLAN-tagged packets with an incorrect CRC checksum that were discarded because
they were too long.
– Collisions
Collisions that were detected.

Description of the button

"Reset Counters" button
Click "Reset Counters" to reset all counters. The counters are reset by a restart.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

82 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

5.3.8.5 History

Samples of the statistics

The page shows samples from each port with information from the RMON statistics.
On the page "Layer 2 > RMON > History", you can set the ports for which samples will be
taken.

Figure 5-1 History

Settings
● Port
Select the port for which the history will be displayed.

Description of the displayed values

● Entries
Maximum number of samples that can be saved at the same time.
● Interval [s]
Interval after which the current status of the statistics will be saved as a sample.
The table has the following columns:
● Sample
Number of the sample
● Sample Time
System up time at which the sample was taken.
● Unicast
Number of received unicast frames.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 83
Configuring with Web Based Management
5.3 The "Information" menu

● Multicast
Number of received multicast frames.
● Broadcast
Number of received broadcast frames.
● CRC
Number of frames with a bad CRC checksum.
● Undersize
Number of frames that are shorter than 64 bytes.
● Oversize
Number of frames discarded because they were too long.
● Fragments
Number of frames that are shorter than 64 bytes and have a bad CRC checksum.
● Jabbers
Number of frames with a VLAN tag that have a bad CRC checksum and will be discarded
because they are too long.
● Collisions
Number of collisions of received frames.
● Utilization [%]
Utilization of the port during a sample.

5.3.9 Unicast

Status of the unicast filter table

This page shows the current content of the unicast filter table. This table lists the source
addresses of unicast address frames. Entries can be made either dynamically when a node
sends a frame to a port or statically by the user setting parameters.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

84 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Dependency on the "Base bridge mode"

The displayed columns depend on which "Base bridge mode" is set. If you change the "Base
bridge mode" the existing entries are lost.

Figure 5-2 Base bridge mode: 802.1D transparent bridge

Figure 5-3 Base bridge mode: 802.1Q VLAN Bridge

Description
This table can contain the following columns:
● VLAN ID
Shows the VLAN-ID assigned to this MAC address.
● MAC Address
Shows the MAC address of the node that the device has learned or the user has
configured.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 85
Configuring with Web Based Management
5.3 The "Information" menu

● Status
Shows the status of each address entry:
– Learnt
The specified address was learned by receiving a frame from this node and will be
deleted when the aging time expires if no further packets are received from this node.

Note
If there is a link down, learned MAC entries are deleted.

– Static
Configured by the user. Static addresses are stored permanently; in other words, they
are not deleted when the aging time expires or when the switch is restarted.
– Other
The specified address is learned indirectly through private VLAN.
● Port
Shows the port via which the node with the specified address can be reached. Frames
received by the device whose destination address matches this address will be forwarded
to this port.

5.3.10 Multicast

Status of the multicast filter table

This table shows the multicast frames currently entered in the multicast filter table and their
destination ports. The entries can be dynamic (the device has learned them) or static (the
user has set them).

Dependency on the "Base bridge mode"

If you change the "Base bridge mode" the existing entries are lost.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

86 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description
This table can contain the following columns:
● VLAN ID
Shows VLAN ID of the VLAN to which the MAC multicast address is assigned.
● MAC Address
Shows the MAC multicast address that the device has learned or the user has
configured.
● Status
Shows the status of each address entry. The following information is possible:
– Static
The address was entered statically by the user. Static addresses are stored
permanently; in other words, they are not deleted when the aging time expires or
when the device is restarted. These can be deleted by the user.
– IGMP
The destination port for this address was obtained using IGMP.
– GMRP
The destination port for this address was registered by a received GMRP frame.
● Port List
There is a column for each slot. Within a column, the multicast group to which the port
belongs is shown:
– M
(Member) Multicast frames are sent via this port.
– R
(Registered) Member of the multicast group, registration was by a GMRP frame.
– I
(IGMP) Member of the multicast group, registration was by an IGMP frame.
– –
Not a member of the multicast group. No multicast frames with the defined multicast
MAC address are sent via this port.
– F
(Forbidden) Not a member of the multicast group. Moreover, on this port may not be
learned dynamically with IGMP.

5.3.11 LLDP

Status of the neighborhood table

This page shows the current content of the neighborhood table. This table stores the
information that the LLDP agent has received from connected devices.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 87
Configuring with Web Based Management
5.3 The "Information" menu

You set the interfaces via which the LLDP agent receives or sends information in the
following section: "Layer 2 > LLDP".

Figure 5-4 Information LLDP

Description of the displayed values

This table contains the following columns:
● System Name
System name of the connected device.
● Device ID
Device ID of the connected device. The device ID corresponds to the device name
assigned via PST (STEP 7). If no device name is assigned, the MAC address of the
device is displayed.
● Local Interface
Port at which the IE switch received the information.
● Hold Time
An entry remains stored on the device for the time specified here. If the IE switch does
not receive any new information from the connected device during this time, the entry is
deleted.
● Capability
Shows the properties of the connected device:
– Router
– Bridge
– Telephone
– DOCSIS Cable Device
– WLAN Access Point
– Repeater
– Station
– Other
● Port ID
Port of the device with which the IE switch is connected.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

88 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

5.3.12 Fiber Monitoring Protocol

Monitoring optical links

With Fiber Monitoring, you can monitor optical links. The table shows the current status of
the ports.
You set the values to be monitored on the following page: "Layer 2 > FMP".

Description of the displayed values

Port
Shows the optical ports that support fiber monitoring. This depends on the transceivers.
Rx Power State
● disabled
Fiber monitoring is disabled.
● ok
The value for the received power of the optical link is within the set limits.
● maint. req.
Check the link.
A warning is signaled.
● maint. dem.
The link needs to be checked.
An alarm is signaled and the fault LED is lit.
● link down
The connection to the communications partner is down. No link is detected.
Rx Power [dBm]
Shows the current value of the received power. The value can have a tolerance of +/- 3 dB.
If there is no connection (link down) or fiber monitoring is disabled, "-" is displayed. If fiber
monitoring is not enabled on the partner port, the value 0.0 is displayed.
Power Loss State

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 89
Configuring with Web Based Management
5.3 The "Information" menu

To be able to monitor the power loss of the connection the function fiber monitoring must be
enabled for the optical port of the connection partner.
● disabled
Fiber monitoring is disabled.
● ok
The value for the power loss of the optical link is within the defined limits.
● maint. req.
Check the link.
A warning is signaled.
● maint. dem.
The link needs to be checked.
An alarm is signaled and the fault LED is lit.
● idle
The port has no connection to another port with fiber monitoring enabled.
If no diagnostics information is received from the optical port of the connection partner for
5 cycles, the fiber monitoring connection is assumed to be interrupted. A cycle lasts 5
seconds.
Power Loss [dB]
Shows the current value of the power loss. The value can have a tolerance of +/- 3 dB.
If there is no connection (link down), fiber monitoring is disabled or the partner port does not
support fiber monitoring, "-" is displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

90 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

5.3.13 Routing

5.3.13.1 Routing table

Introduction
This page shows the routes currently being used.

Description of the displayed values

The table has the following columns:
● Destination Network
Shows the destination address of this route.
● Subnet Mask
Shows the subnet mask of this route.
● Interface
Shows the interface for this route.
● Routing Protocol
Shows the routing protocol from which the entry in the routing table originates. The
following entries are possible:
– Connected: Connected routes
– Static: Static routes
– RIP: Routes via RIP
– OSPF: Routes via OSPF
– Other: Other routes

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 91
Configuring with Web Based Management
5.3 The "Information" menu

5.3.13.2 NAT translations

Overview
This page displays the active NAT connections.

Description of the displayed values

The table has the following columns:

● Interface
Shows the IP interface.
● Inside Local Address
Shows the actual address of the device that should be reachable from external.
● Inside Local Port
Shows the port that is assigned to the Inside Local Address.
● Inside Global Address
Shows the address at which the device can be reached from external.
● Inside Global Port
Shows the port that is assigned to the Inside Global Address.
● Outside Local/Global Address
Shows the address of the communications partner.
● Outside Local/Global Port
Displays the port of the external communications partner.
● Last Use Time [s]
Shows the time at which the last packet was transferred.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

92 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

5.3.14 DHCP Server

This page shows which IPv4 addresses were assigned to the devices by the DHCP server.

Description
● IP Address
Shows the IPv4 address assigned to the DHCP client.
● Pool ID
Shows the number of the IPv4 address band.
● Identification method
Shows the method according to which the DHCP client is identified.
● Identification value
Shows the MAC address ot he client ID of the DHCP client.
● Allocation Method
Shows whether the IPv4 address was assigned statically or dynamically. You configure
the static entries in "System > DHCP > Static Leases".
● Binding State
Shows the status of the assignment.
– Assigned
The assignment is used.
– Not used
The assignment is not used.
– Probing
The assignment is being checked.
– Unknown
The status of the assignment is unknown.
● Expire Time
Shows until when the assigned IPv4 address is still valid. Up to this time, the DHCP client
must either request a new IPv4 address or extend the lease time of the assigned IPv4
address.

Description of the buttons and input boxes

"Show all" button

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 93
Configuring with Web Based Management
5.3 The "Information" menu

Click this button to display all the entries on the WBM page. Note that displaying all
messages can take some time.
"Next" button
Click this button to go to the next page.
"Prev" button
Click this button to go to the previous page.
Drop-down list for page change
From the drop-down list, select the page you want to go to.
"Refresh" button
Refreshes the display of the values in the table.

5.3.15 Diagnostics
This page shows the temperature values of internal and external modules of the device. The
modules are only shown if they make temperature information available. If you add or
remove a module, the display is automatically adapted.
If the temperature value falls below or exceeds the displayed threshold values, the status
changes accordingly.
The threshold values are preset by the device and cannot be modified. If no threshold values
are preset, "-" is displayed.
On the "System > Events > Configuration" page, you can specify how the device signals the
status change.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

94 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

Description
● Name
Shows the name of the module.
The information in the row "Chassis" relates to the inner temperature of the housing.
With plugable transceivers, the port and type are specified.
● Status
Depending on the relationship between the threshold values and the current temperature
the following status values are displayed in ascending priority.
– OK
The temperature value is within the preset threshold values.
– WARNING
The lower or upper threshold value of the severity level "Warning" was exceeded. The
temperature is still in a normal range. The device has detected a fall or rise in
temperature, e.g. due to changed cooling of the cabinet. The temperature should be
checked.
– CRITICAL
The lower or upper threshold value of the severity level "Critical" was exceeded. The
device needs to be checked. A too low or too high temperature can lead to restricted
performance or damage to the device.
– INVALID
The value could not be read out or is invalid. In the "Temperature [°C]" box "-" is
displayed.
– INITIAL
No data has been read out yet. "-" is displayed in all boxes.
● Temperature [°C]
Shows the current value of the temperature. The display is updated at regular intervals.
The value can have a tolerance of +/- 3 °C This means that with the same devices with
similar ambient temperatures the value can differ.
● Lower Threshold [°C] (Critical)
If the value falls below this value, the status changes to "CRITICAL". You can configure
that you are informed by a message.
● Lower Threshold [°C] (Warning)
If the value falls below this value, the status changes to "WARNING". You can configure
that you are informed by a message.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 95
Configuring with Web Based Management
5.3 The "Information" menu

● Upper Threshold [°C] (Warning)

If the value exceeds this value, the status changes to "WARNING". You can configure
that you are informed by a message.
● Upper Threshold [°C] (Critical)
If the value exceeds this value, the status changes to "CRITICAL". You can configure that
you are informed by a message.

5.3.16 SNMP
This page displays the created SNMPv3 groups. You configure the SNMPv3 groups in
"System > SNMP".

Description
The table has the following columns:
● Group Name
Shows the group name.
● User Name
Shows the user that is assigned to the group.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

96 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.3 The "Information" menu

5.3.17 Security
This page shows the security settings and the local user accounts.

Description
The "Services" list shows the security settings.
● SSH Server
You configure the setting in "System > Configuration".
– Enabled: Encrypted access to the CLI.
– Disabled: No encrypted access to the CLI.
● Web Server
You configure the setting in "System > Configuration".
– HTTP/HTTPS: Access to the WBM is possible with HTTP and HTTPS.
– HTTPS: Access to the WBM is only possible with HTTPS.
● SNMP
You can configure the setting in "System > SNMP > General".
– "-" (SNMP disabled)
Access to device parameters via SNMP is not possible.
– SNMPv1/v2c/v3
Access to device parameters is possible with SNMP versions 1, 2c or 3.
– SNMPv3
Access to device parameters is possible only with SNMP version 3.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 97
Configuring with Web Based Management
5.4 The "System" menu

● Management ACL
You configure the setting in "Security > ManagementACL".
– Disabled: no access restriction
The access control is disabled.
– Enabled: no access restriction
The access control is enabled but no access rules have been defined.
– Enabled: restricted access only
The access control is enabled and access rules have been defined.
● Login Authentication
You configure the setting in "Security > AAA > General".
– Local
The authentication must be made locally on the device.
– RADIUS
The authentication must be handled via a RADIUS server.
– Local and RADIUS
The authentication is possible both with the users that exist on the device (user name
and password) and via a RADIUS server.
The user is first searched for in the local database. If the user does not exist there, a
RADIUS query is sent.
– RADIUS and fallback local
The authentication must be handled via a RADIUS server.
A local authentication is performed only when the RADIUS server cannot be reached
in the network.
● Password Policy
Shows which password policy is currently being used.

5.4 The "System" menu

5.4.1 Configuration

System configuration
The WBM page contains the configuration overview of the access options of the device.
Specify the services that access the device. With some services, there are further
configuration pages on which more detailed settings can be made.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

98 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The page contains the following boxes:
● Telnet server
Enable or disable the "Telnet server" service for unencrypted access to the CLI.
● SSH Server
Enable or disable the "SSH Server" service for encrypted access to the CLI.
● HTTPS Server only
If this function is enabled, you can only access the WBM via HTTPS.
● SMTP Client
Enable or disable the SMTP client. You can configure other settings in "System > SMTP
Client".
● Syslog Client
Enable or disable the Syslog client. You can configure other settings in "System > Syslog
Client".
● DCP Server
Specify whether or not the device can be accessed with DCP (Discovery and
Configuration Protocol):
– "-" (disabled)
DCP is disabled. Device parameters can neither be read nor modified.
– Read/Write
With DCP, device parameters can be both read and modified.
– Read Only
With DCP, device parameters can be read but cannot be modified.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 99
Configuring with Web Based Management
5.4 The "System" menu

● Time
Select the setting from the drop-down list. The following settings are possible:
– Manual
The system time is set manually. You can configure other settings in "System >
System Time > Manual Setting".
– SIMATIC Time
The system time is set using a SIMATIC time transmitter. You can configure other
settings in "System > System Time > SIMATIC Time Client".
– SNTP client
The system time is set via an SNTP server. You can configure other settings in
"System > System Time > SNTP Client".
– NTP client
The system time is set via an NTP server. You can configure other settings in "System
> System Time > NTP Client".
● SNMP
Select the protocol from the drop-down list. The following settings are possible:
– "-" (SNMP disabled)
Access to device parameters via SNMP is not possible.
– SNMPv1/v2c/v3
Access to device parameters is possible with SNMP versions 1, 2c or 3. You can
configure other settings in "System > SNMP > General".
– SNMPv3
Access to device parameters is possible only with SNMP version 3. You can configure
other settings in "System > SNMP > General".
● SNMPv1/v2 Read Only
Enable or disable write access to SNMP variables with SNMPv1/v2c.
● SNMPv1 Traps
Enable or disable the sending of SNMPv1 traps (alarm frames). You can configure other
settings in "System > SNMP > Traps".
● NFC
Activate or deactivate the "NFC" (near field communication) function.
You will find further information on NFC in the operating instructions.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

100 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● SINEMA configuration interface

If the SINEMA configuration interface is enabled, you can download configurations to the
IE switch using STEP 7 Basic/Professional.
● Configuration Mode
Select the mode from the drop-down list. The following modes are possible:
– Automatic Save
Automatic backup mode. Approximately 1 minute after the last parameter change or
before you restart the device, the configuration is automatically saved.
In addition to this, the following message appears in the display area "Changes will be
saved automatically in x seconds. Press 'Write Startup Config' to save the changes
immediately.

Note
Interrupting the save
Saving starts only after the timer in the message has elapsed. How long saving takes
depends on the device.
• Do not switch off the device immediately after the timer has elapsed.

– Trial
Trial mode. In Trial mode, although changes are adopted, they are not saved in the
configuration file (startup configuration).
To save changes in the configuration file, use the "Write startup config" button. The
display area also shows the message "Trial Mode Active – Click the "Write Startup
Config" button to make your settings persistent" as soon as there are unsaved
modifications. This message can be seen on every WBM page until the changes
made have either been saved or the device has been restarted.

Steps in configuration
1. To use the required function, select the corresponding check box.
2. Select the options you require from the drop-down lists.
3. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 101
Configuring with Web Based Management
5.4 The "System" menu

5.4.2 General

5.4.2.1 Device

General device information

This page contains the general device information.

The boxes "Current System Time", "System Up Time" and "Device Type" cannot be
changed.

Description
The page contains the following boxes:
● Current System Time
Shows the current system time. The system time is either set by the user or by a time-of-
day frame: either SINEC H1 time-of-day frame, NTP or SNTP. (readonly)
● System Up Time
Shows the operating time of the device since the last restart. (readonly)
● Device Type
Shows the type designation of the device. (readonly)
● System Name
You can enter the name of the device. The entered name is displayed in the selection
area. A maximum of 255 characters are possible.
The system name is also displayed in the CLI input prompt. The number of characters in
the CLI input prompt is limited. The system name is truncated after 16 characters.
● System Contact
You can enter the name of a contact person responsible for managing the device. A
maximum of 255 characters are possible.
● System Location
You can enter the location where the device is installed. The entered installation location
is displayed in the selection area. A maximum of 255 characters are possible.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

102 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Note
The ASCII code 0x20 to 0x7e is used in the input boxes.

Procedure
1. Enter the contact person responsible for the device in the "System Contact" input box.
2. Enter the identifier for the location at which the device is installed in the "System
Location" input box.
3. Enter the name of the device in the "System Name" input box.
4. Click the "Set Values" button.

5.4.2.2 Coordinates

Information on geographic coordinates

In the "Geographic Coordinates" window, you can enter information on the geographic
coordinates. The parameters of the geographic coordinates (latitude, longitude and the
height above the ellipsoid according to WGS84) are entered directly in the input boxes of the
"Geographic Coordinates" window.
Getting the coordinates
Use suitable maps for obtaining the geographic coordinates of the device.
The geographic coordinates can also be obtained using a GPS receiver. The geographic
coordinates of these devices are normally displayed directly and only need to be entered in
the input boxes of this page.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 103
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following input boxes with a maximum length of 32 characters.
● "Latitude" input box
Geographical latitude: Here, enter the value for the northerly or southerly latitude of the
location of the device.
For example, the value +49° 1´31.67" means that the device is located at 49 degrees, 1
arc minute and 31.67 arc seconds northerly latitude.
A southerly latitude is shown by a preceding minus character.
You can also append the letters N (northerly latitude) or S (southerly latitude) to the
numeric information (49° 1´31.67" N).
● "Longitude" input box
Geographic longitude: Here, you enter the value of the eastern or western longitude of
the location of the device.
The value +8° 20´58.73" means that the device is located at 8 degrees, 20 minutes and
58.73 seconds east.
A western longitude is indicated by a preceding minus sign.
You can also add the letter E (easterly longitude) or W (westerly longitude) to the numeric
information (8° 20´58.73" E).
● Input box: "Height"
Height Here, you enter the value of the geographic height above sea level in meters.
For example, 158 m means that the device is located at a height of 158 m above sea
level.
Heights below sea level (for example the Dead Sea) are indicated by a preceding minus
sign.

Procedure
1. Enter the calculated latitude in the "Latitude" input box.
2. Enter the calculated longitude in the "Longitude" input box.
3. Enter the height above sea level in the "Height" input box.
4. Click the "Set Values" button.

5.4.3 Agent IP

Note
With devices with more than one IP interface, this call references the "Subnets >
Configuration" menu item in the "Layer 3" menu and the configuration of the TIA interface
there.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

104 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Configuration of the IP address

On this WBM page, you configure the IP address for the device.

Description
The page contains the following boxes:
● IP Assignment Method
Shows how the IP address is assigned.
– Static
The IP address is static. You enter the IP settings in tjhe input boxes "IP Address" and
"Subnet Mask".
– Dynamic (DHCP)
The device obtains a dynamic IP address from a DHCP server.
● IP Address
Enter the IP address of the device.
The following occurs after the "Set Values" button is clicked:
– DHCP client is disabled. You enable the DHCP client on the page "System > DHCP >
DHCP-Client".
– The IP address is also displayed in the address bar of the Internet browser. If this
does not take place automatically, you will need to enter the IP address in the address
bar of the Internet browser manually.
● Subnet Mask
Enter the subnet mask of the device.
● Default gateway
Enter the IP address of the default gateway to be able to communicate with devices in
another subnet, for example diagnostics stations, e-mail server.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 105
Configuring with Web Based Management
5.4 The "System" menu

● Agent VLAN ID
Select the VLAN ID from the drop-down list. You can only select VLANs that have already
been configured.
In the mode "802.1D Transparent Bridge", this drop-down list is grayed out, see also
"Layer 2 > VLAN > General".

Note
Changing the agent VLAN ID
If the configuration PC is connected directly to the device via Ethernet and you change
the agent VLAN ID , the device is no longer reachable via Ethernet following the change.

● MAC Address
Shows the MAC address of the device. The MAC address is linked to the hardware and
cannot be modified.

Procedure
1. In the input boxes, enter the IP address, subnet mask and the default gateway.
2. Select the assigned VLAN ID from the "Agent VLAN ID" drop-down list.
3. Click the "Set Values" button.

5.4.4 Restart

Resetting to the defaults

In this menu, there is a button with which you can restart the device and the option of
resetting to the factory setting or reset the default settings of various profiles.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

106 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Restart
Note the following points about restarting a device:
● You can only restart the device with administrator privileges.
● A device should only be restarted with the buttons of this menu or with the appropriate
CLI commands and not by a power cycle on the device.
● If the device is in "Trial" mode, configuration modifications must be saved manually
before a restart. Any modifications you have made only become active on the device after
clicking the "Set values" button on the relevant WBM page.
● If the device is in "Automatic Save" mode, the last changes are saved automatically
before a restart.

Reset to Factory Defaults

By resetting all the settings to the factory settings, the IP address and the passwords are
also lost. Following this, the device can only be accessed via the serial interface, using the
Primary Setup Tool or using DHCP.

NOTICE

With the appropriate attachment, a previously correctly configured device can cause
circulating frames after the reset and therefore the failure of the data traffic.

Resetting to defaults (profiles)

The profiles provide a preconfiguration for various use cases of the devices.
When you start a device with the default settings of a profile, the settings are reset to the
factory settings and some parameters are set so that they are designed for a certain use
case. In contrast to resetting to the factory settings. the users and passwords are retained
after the restart. The configured IP address is lost so that device can then only be accessed
via the serial interface, using the Primary Setup Tool or using DHCP.

NOTICE

With the appropriate attachment, a previously correctly configured device can cause
circulating frames after the reset and therefore the failure of the data traffic.

Which settings were set specially for a profile are displayed before the restart.
The profiles can be used independently of the factory setting of the device.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 107
Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

Note
Note the effects of the individual functions described in the sections above.

To restart the device, the buttons on this page provide you with the following options:
● Restart
Click this button to restart the system. You must confirm the restart in a dialog box.
During a restart, the device is reinitialized, the internal firmware is reloaded, and the
device runs a self-test. The settings of the start configuration are retained, e.g. the IP
address of the device. The learned entries in the address table are deleted. You can
leave the browser window open while the device restarts. After the restart you will need to
log in again.
● Restore Factory Defaults and Restart
Click this button to restore the factory defaults of the device and to restart the device. You
must confirm the restart in a dialog box.
The factory defaults depend on the device.
To restart the device with a predefined profile, the buttons on this page provide you with the
following options:
● PROFINET Defaults
Click this button to restore the default settings of the PROFINET profile and to restart the
device. You must confirm the restart in a dialog box. The dialog box displays the settings
specially made for operation with the PROFINET protocol.
● EtherNet/IP Defaults
Click this button to restore the default settings of the EtherNet/IP profile and to restart the
device. You must confirm the restart in a dialog box. The dialog box displays these
settings specially made for operation with the EtherNet/IP protocol.
● Industrial Ethernet Defaults
Click this button to restore the default settings of the Industrial Ethernet profile and to
restart the device. You must confirm the restart in a dialog box. The dialog box displays
these settings specially made for operation in the Industrial Ethernet environment.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

108 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.5 Load & Save

Overview of the file types

File type Description

Config This file contains the start configuration.
Among other things, this device contains the definitions of the users. The
passwords are stored the file "Users".
ConfigPack Detailed configuration information, for example, start configuration, users and
certificates.
ZIP file consisting of the Config, Users and LSYS fle.
Debug This file contains information for Siemens Support.
It is encrypted and can be sent by e-mail to Siemens Support without any se-
curity risk.
EDS Electronic Data Sheet (EDS)
Electronic data sheet for describing devices in the EtherNet/IP mode
Firmware The firmware is signed and encrypted. This ensures that only firmware created
by Siemens can be downloaded to the device.
GSDML PROFINET information on the device properties
HTTPSCert Default HTTPS certificates including key
The preset and automatically created HTTPS certificates are self-signed.
We strongly recommend that you create your own HTTPS certificates and
make them available. We recommend that you use HTTPS certificates signed
either by a reliable external or by an internal certification authority. The HTTPS
certificate checks the identity of the device and controls the encrypted data
exchange.
Certificates with a different format cannot be copied in.
LogFile File with entries from the event log table
MIB Private MSPS MIB file
RunningCLI Text file with CLI commands
This file contains an overview of the current configuration in the form of CLI
commands. You can download the text file. The file is not intended to be up-
loaded again unchanged.
Script Text file with CLI commands
You can upload a script file into a device. The CLI commands it contains are
executed appropriately.
StartupInfo Startup log file
This file contains the messages that were entered in the log during the last
startup.
Users This file contains the assignment of the user names to the corresponding
passwords.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 109
Configuring with Web Based Management
5.4 The "System" menu

5.4.5.1 HTTP

Loading and saving data via HTTP

The WBM allows you to store device data in an external file on your client PC or to load such
data from an external file from the client PC to the device. This means, for example, that you
can also load new firmware from a file located on your client PC.

Note
This WBM page is available both for connections using HTTP and for connections using
HTTPS.

Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.

Note
Incompatibility with previous firmware versions with/without PLUG inserted
During the installation of a previous version, the configuration data can be lost. In this case,
the device starts up with the factory settings after the firmware has been installed.
In this situation, if a PLUG is inserted in the device, following the restart, this has the status
"Not Accepted" since the PLUG still has the configuration data of the previous more up-to-
date firmware. This allows you to return to the previous, more up-to-date firmware without
any loss of configuration data. If the original configuration on the PLUG is no longer required,
the PLUG can be deleted or rewritten manually using the WBM page "System > PLUG".

Configuration files

Note
Configuration files and Trial mode /Automatic save
In "Automatic Save" mode, the data is saved automatically before the configuration files
(ConfigPack and Config) are transferred.
In Trial mode, although the changes are adopted, they are not saved in the configuration
files (ConfigPack and Config). Use the "Write Startup Config" button on the "System >
Configuration" WBM page to save changes in the configuration files.

CLI script file

You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts
(Script).

Note
The downloadable CLI script is not intended to be uploaded again unchanged.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

110 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The table has the following columns:
● Type
Shows the file type.
● Description
Shows the short description of the file type.
● Load
With this button, you can upload files to the device. The button can be enabled, if this
function is supported for the file type.
● Save
With this button, you can download files from the device. The button can only be enabled
if this function is supported for the file type and the file exists on the device.
● Delete
With this button, you can delete files from the device. The button can only be enabled if
this function is supported for the file type and the file exists on the device.

Note
Following a firmware update, delete the cache of your Internet browser.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 111
Configuring with Web Based Management
5.4 The "System" menu

Steps in configuration

Uploading files using HTTP

1. Start the upload function by clicking the one of the "Load" buttons.
A dialog for uploading a file opens.
2. Select the required file and confirm the upload.
The file is uploaded.
3. If a restart is necessary, a message to this effect will be output. Click the "OK" button and
a restart will follow. If you click the "Abort" button, there is no device restart. The changes
only take effect after a restart.

Downloading files using HTTP

1. Start the download by clicking the one of the "Save" buttons.
2. Select a storage location and a name for the file.
3. Save the file.
The file is downloaded and saved.
Deleting files using HTTP
1. Start the delete function by clicking the one of the "Delete" buttons.
The file is deleted.
Reusing configuration data
If several identical devices are to receive the same configuration and the IP addresses are
assigned using DHCP, the effort for reconfiguration can be reduced by saving and reading in
the configuration data.
Follow the steps below to reuse configuration data:
1. Save the configuration data of a configured device on your PC.
2. Load this configuration file on all other devices you want to configure in this way.
3. If individual settings are necessary for specific devices, these must be made online on the
relevant device.

Note
Configuration data has a checksum. If you change the data, you can no longer upload it to
the IE switch.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

112 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.5.2 TFTP

Loading and saving data via a TFTP server

On this page, you can configure the TFTP server and the file names. The WBM allows you
to store device data in an external file on a TFTP server or to load such data from an
external file from the TFTP server to the devices. This means, for example, that you can also
load new firmware from a file located on a TFTP server.

Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.

Note
Incompatibility with previous firmware versions with/without PLUG inserted
During the installation of a previous version, the configuration data can be lost. In this case,
the device starts up with the factory settings after the firmware has been installed.
In this situation, if a PLUG is inserted in the device, following the restart, this has the status
"Not Accepted" since the PLUG still has the configuration data of the previous more up-to-
date firmware. This allows you to return to the previous, more up-to-date firmware without
any loss of configuration data. If the original configuration on the PLUG is no longer required,
the PLUG can be deleted or rewritten manually using the WBM page "System > PLUG".

Configuration files

Note
Configuration files and Trial mode /Automatic save
In "Automatic Save" mode, the data is saved automatically before the configuration files
(ConfigPack and Config) are transferred.
In Trial mode, although the changes are adopted, they are not saved in the configuration
files (ConfigPack and Config). Use the "Write Startup Config" button on the "System >
Configuration" WBM page to save changes in the configuration files.

CLI script file

You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts
(Script).

Note
The downloadable CLI script is not intended to be uploaded again unchanged.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 113
Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The page contains the following boxes:
● TFTP Server Address
Here, enter the IP address of the TFTP server with which you exchange data.
● TFTP Server Port
Here, enter the port of the TFTP server over which data exchange will be handled. If
necessary, you can change the default value 69 to your own requirements.
The table has the following columns:
● Type
Shows the file type.
● Description
Shows the short description of the file type.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

114 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Filename
A file name is preset here for every file type.

Note
Changing the file name
You can change the file name preset in this column. After clicking the "Set Values"
button, the changed name is saved on the device and can also be used with the
Command Line Interface.

● Actions
Select the action from the drop-down list. The selection depends on the selected file type,
for example you can only save the log file.
The following actions are possible:
– Save file
With this selection, you save a file on the TFTP server.
– Load file
With this selection, you load a file from the TFTP server.

Steps in configuration
Loading or saving data using TFTP
1. Enter the IP address of the TFTP server in the "TFTP Server Address" input box.
2. Enter the server port of the TFTP server to be used in the in the "TFTP Server Port" input
box.
3. If applicable, enter the name of a file in which you want to save the data or take the data
from in the "File name" input box.
4. Select the action you want to execute from the "Actions" drop-down list.
5. Click the "Set Values" button to start the selected action.
6. If a restart is necessary, a message to this effect will be output. Click the "OK" button and
a restart will follow. If you click the "Abort" button, there is no device restart. The changes
only take effect after a restart.
Reusing configuration data
If several identical devices are to receive the same configuration and the IP addresses are
assigned using DHCP, the effort for reconfiguration can be reduced by saving and reading in
the configuration data.
Follow the steps below to reuse configuration data:
1. Save the configuration data of a configured device on your PC.
2. Load this configuration file on all other devices you want to configure in this way.
3. If individual settings are necessary for specific devices, these must be made online on the
relevant device.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 115
Configuring with Web Based Management
5.4 The "System" menu

Note
Configuration data has a checksum. If you change the data, you can no longer upload it to
the IE switch.

5.4.5.3 SFTP

Loading and saving data via a SFTP server

SFTP (SSH File Transfer Protocol) transfers the files encrypted. On this page, you configure
the access data for the SFTP server.
The WBM also allows you to store device data in an external file on your client PC or to load
such data from an external file from the PC to the devices. This means, for example, that you
can also load new firmware from a file located on your Admin PC.
On this page, the certificates required to establish a secure VPN connection can also be
loaded.
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.
Configuration files

Note
Configuration files and Trial mode /Automatic Save
In "Automatic Save" mode, the data is saved automatically before the configuration files
(ConfigPack and Config) are transferred.
In "Trial" mode, although the changes are adopted, they are not saved in the configuration
files (ConfigPack and Config). Use the "Write Startup Config" button on the "System >
Configuration" WBM page to save changes in the configuration files.

CLI script file

You can download existing CLI configurations (RunningCLI) and upload your own CLI scripts
(Script).

Note
The downloadable CLI script is not intended to be uploaded again unchanged.
CLI commands for saving and loading files cannot be executed with the CLI script file
(Script).

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

116 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● SFTP Server Address
Enter the IP address of the SFTP server with which you exchange data.
● SFTP Server Port
Enter the port of the SFTP server via which data exchange will be handled. If necessary,
you can change the default value 22 to your own requirements.
● SFTP User
Enter the user for access to the SFTP server. This assumes that a user with the
corresponding rights has been created on the SFTP server.
● SFTP Password
Enter the password for the user
● SFTP Password Confirmation
Confirm the password.
The table has the following columns:
● Type
Shows the file type.
● Description
Shows the short description of the file type.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 117
Configuring with Web Based Management
5.4 The "System" menu

● Filename
A file name is preset here for every file type.

Note
Changing the file name
You can change the file name preset in this column. After clicking the "Set Values"
button, the changed name is saved on the device and can also be used with the
Command Line Interface.

● Actions
Select the action from the drop-down list. The selection depends on the selected file type,
for example you can only save the log file.
The following actions are possible:
– Save file
With this selection, you save a file on the SFTP server.
– Load file
With this selection, you load a file from the SFTP server.

Procedure
Loading or saving data using SFTP
1. Enter the address of the SFTP server in "SFTP Server Address".
2. Enter the port of the SFTP server to be used in "SFTP Server Port".
3. Enter the user data (user name and password) required for access to the SFTP server.
4. If applicable, enter the name of a file in which you want to save the data or take the data
from in "Filename".

Note
Files whose access is password protected
To be able to load these files on the device successfully, you need to enter the password
specified for the file in "System" > "Load&Save" > "Passwords".

5. Select the action you want to execute from the "Actions" drop-down list.
6. Click "Set Values" to start the selected action.
7. If a restart is necessary, a message to this effect will be output. Click the "OK" button to
run the restart. If you click the "Abort" button, there is no device restart. The changes only
take effect after a restart.
Reusing configuration data
If several identical devices are to receive the same configuration and the IP addresses are
assigned using DHCP, the effort for reconfiguration can be reduced by saving and reading in
the configuration data.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

118 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Follow the steps below to reuse configuration data:

1. Save the configuration data of a configured device on your PC.
2. Load these configuration files on all other devices you want to configure in this way.
3. If individual settings are necessary for specific devices, these must be made online on the
relevant device.

Note
Configuration data has a checksum. If you change the data, you can no longer upload it to
the IE switch.

5.4.5.4 Passwords
There are files to which access is password protected. For example to be able to use the
HTTPS certificate, you need to specify the corresponding password on this WBM page.

Description
The table has the following columns:
● Type
Shows the file type.
● Description
Shows the short description of the file type.
● Enabled
When selected, the file is used. Can only be enabled if the password is configured.
● Password
Enter the password for the file.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 119
Configuring with Web Based Management
5.4 The "System" menu

● Password Confirmation
Confirm the password.
● Status
Shows whether the current settings for the file match the device.
– Valid
The "Enabled" check box is selected and the password matches the file.
– Invalid
The "Enabled" check box is selected but the password does not match the file or no
file has been loaded yet.
– '-'
The password cannot be evaluated or is not yet being used. The "Enabled" check box
is not selected.

Procedure
1. Enter the password in "Password".
2. To confirm the password, enter the password again in "Password Confirmation".
3. Select the "Enabled" option.
4. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

120 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.6 Events

5.4.6.1 Configuration

Selecting system events

On this page, you specify how a device reacts to system events. To enable or disable the
options, click the relevant check boxes of the columns.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 121
Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The page contains the following boxes:
● Signaling Contact Method
Select the reaction of the signaling contact from the drop-down list. The following
reactions are possible:
– conventional
Default setting for the signaling contact. An error/fault is displayed by the fault LED
and the signaling contact is opened. When the error/fault state no longer exists, the
fault LED goes off and the signaling contact is closed.
– User Defined
The way the signaling contact works does not depend on the error/fault that has
occurred. The signaling contact can be opened or closed as required by user actions.
● Signaling Contact Status
To change the status of the signaling contact, select the "User defined" method from the
"Signaling Contact Method" drop-down list.
Select the status of the signaling contact from the drop-down list. The following statuses
are possible:
– Closed
Signaling contact is closed.
– Open
Signaling contact is opened.
With Table 1, you can enable or disable all check boxes of a column of Table 2 at once.
Table 1 has the following columns:
● All Events
Shows that the settings are valid for all events of table 2.
● E-mail / Trap / Log Table / Syslog / Faults
Enable or disable the required type of notification for all events. If "No Change" is
selected, the entries of the corresponding column in table 2 remain unchanged.
● Copy to Table
If you click the button, the setting is adopted for all events of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

122 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Table 2 has the following columns:

● Event
The column contains the following values:
– Cold/Warm Start
The device was turned on or restarted by the user. In the error memory of the device,
a new entry is generated with the type of restart performed.
– Link Change
This event occurs only when the port status is monitored and has changed, see
"System > Fault Monitoring > Link Change".
– Authentication Failure
This event occurs when access is attempted with an incorrect password.
– RMON Alarm
An alarm or event has occurred relating to the remote monitoring of the system.
– Power Change
This event occurs only when power supply lines 1 and 2 are monitored. It indicates
that there was a change to line 1 or line 2. See "System > Fault Monitoring > Power
Supply".
– RM State Change
The redundancy manager has recognized an interruption or restoration of the ring and
has switched the line over or back.
– Spanning Tree Change
The spanning tree topology has changed.
– Fault State Change
The fault status has changed. The fault state can relate to the activated port
monitoring, the response of the signaling contact or the power supply monitoring.
– Standby State Change
A device with an established standby connection (master or slave) has activated or
deactivated the link to the other ring (standby port). The data traffic was redirected
from one Ethernet connection (standby port of the master) to another Ethernet
connection (standby port of the slave).
– Loop detection
A loop was detected in the network segment.
– Diagnostics Alarms
A diagnostics value has fallen below or exceeded a certain limit.
– 802.1X Port Authentication State Change
This event occurs with 802.1X authentications.
– Link Check
Disruptions were detected on an optical transmission link.

Note
You can only configure this event in devices with optical interfaces.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 123
Configuring with Web Based Management
5.4 The "System" menu

– PoE State Change

The status of PoE has changed.

Note
You can only configure this event in devices that support PoE.

– Secure NTP
An error occurred when using Secure NTP, e.g. a key with the wrong length was
specified.
● E-mail
The device sends an e-mail. This is only possible if the SMTP server is set up and the
"SMTP client" function is enabled.
● Trap
The device sends an SNMP trap. This is only possible if "SNMPv1 Traps" is enabled in
"System > Configuration".
● Log Table
The device writes an entry in the event log table, see "Information > Log Table"
● Syslog
The device writes an entry to the system log server. This is only possible if the system log
server is set up and the "Syslog client" function is enabled.
● Faults
The device triggers an error. The error LED lights up

Steps in configuration
1. Select the check box in the row of the required event. Select the event in the column
under the following actions:
– E-mail
– Trap
– Log Table
– Syslog
– Faults
2. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

124 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.6.2 Severity Filters

Setting the Severity Filters

On this page, set the threshold levels for sending system event notifications.

The first table column shows the client type for which you are making the settings:
● E-mail
Sending system event messages by e-mail
● Log Table
Entry of system events in the log table
● Syslog
Sending of system event messages to a Syslog server.
Select the required level from the drop-down lists of the second table column.
You can select from the following values:
● Critical
System events are processed as of the severity level "Critical".
● Warning
System events are processed as of the severity level "Warning".
● Info
System events are processed as of the severity level "Info".

Procedure
Follow the steps below to configure the required level:
1. Select the required values from the drop-down lists of the second table column after the
client types.
2. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 125
Configuring with Web Based Management
5.4 The "System" menu

5.4.7 SMTP Client

Network monitoring with e-mails

The device provides the option of automatically sending an e-mail if an alarm event occurs
(for example to the network administrator). The e-mail contains the identification of the
sending device, a description of the cause of the alarm in plain language, and a time stamp.
This allows centralized network monitoring to be set up for networks with few nodes based
on an e-mail system. When an e-mail error message is received, the WBM can be started by
the Internet browser using the identification of the sender to read out further diagnostics
information.
On this page, you can configure up to three SMTP servers and the corresponding e-mail
addresses.

Description
The page contains the following boxes:
● SMTP Client
Enable or disable the SMTP client.
● Sender Email Address
Enter the name of the sender to be included in the e-mail, for example the device name.
This setting applies to all configured SMTP servers.
● Send Test Mail
Send a test e-mail to check your configuration.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

126 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● SMTP Port
Enter the port via which your SMTP server can be reached.
Factory settings: 25
This setting applies to all configured SMTP servers.
● SMTP Server Address
Enter the IP address of the SMTP server.
This table contains the following columns:
● Select
Select the check box in a row to be deleted.
● SMTP Server Address
Shows the IP address of the SMTP server.
● Receiver Email Address
Enter the e-mail address to which the device sends an e-mail if a fault occurs.

Procedure
1. Enable the "SMTP Client" option.
2. Enter the relevant e-mail address in the "Sender Email Address" input box.
3. If necessary send a test e-mail.
4. Enter the IP address of a the SMTP server in the "SMTP Server Address" input box.
5. Click the "Create" button. A new entry is generated in the table.
6. In the Receiver Email Address input box. enter the e-mail address to which the device
sends an e-mail if a fault occurs.
7. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 127
Configuring with Web Based Management
5.4 The "System" menu

5.4.8 DHCP

5.4.8.1 DHCP Client

Setting of the DHCP mode

If the device is configured as a DHCP client, it starts a DHCP query. As the reply to the
query the device receives an IPv4 address from the DHCP server. The server manages an
address range from which it assigns IPv4 addresses. It is also possible to configure the
server so that the client always receives the same IPv4 address in response to its request.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

128 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● DHCP client configuration file request (opt 66, 67)
When enabled, the DHCP client uses the options to download the configuration file
(option 67) from the TFTP server (option 66). After the restart, the device uses the data
from the configuration file.

Note
Configuration file and firmware version
The configuration file is used to store and read in configuration data within a firmware
version, e.g. 4.3. Configuration files created with a firmware version <4.2 cannot be read
in to a device with a firmware version 4.3.

● DHCP Mode
Specify the type of identifier with which the DHCP client logs on to its DHCP server:
– via MAC Address
Identification is based on the MAC address.
– via DHCP Client ID
Identification is based on a freely defined DHCP client ID.
– via System Name
Identification is based on the system name. If the system name is 255 characters long,
the last character is not used for identification.
– via IAID and DUID
With this, the DHCP client can log on to DHCP servers that support parallel operation
of IPv4 and IPv6.
The identification is via the IAID and the DUID and identifies precisely one IP interface
of the device.
IAID (Interface Association Identifier): At least one IAID is generated for each IP
interface. The IAID remains unchanged when the DHCP client restarts.
DUID (DHCP Unique Identifier): Uniquely identifies server and clients and applies to
all IP interfaces of the device. The DUID remains unchanged when there is a restart,
unless the user changes this.

Note
DHCP mode "via PROFINET device name"
With firmware version 5.0, the setting "via PROFINET device name" was removed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 129
Configuring with Web Based Management
5.4 The "System" menu

● DUID Type
Specify which DUID type will be used. The DUID types are defined in RFC 3315.
– DUID-LLT
DUID is based on the link layer address of the interface and a time stamp
– DUID-EN
DUID is assigned by the vendor (EN = enterprise number)
– DUID-LL
DUID is based on the link layer address of the interface
● Link-layer Address Plus Time (LLT)
The value is based on the link layer address of the interface and a time stamp. The value
is regenerated each time the factory settings are restored. The value can be changed if
necessary.
● Vendor Enterprise Number (EN)
The value is based on the enterprise number specific to the vendor. The value is
regenerated each time the factory settings are restored. The value can be changed if
necessary.
● Link-layer address (LL)
The link layer address is based on the MAC address. The value is regenerated each time
the factory settings are restored. The value can be changed if necessary.
The table has the following columns:
● Interface
Interface to which the setting relates.
● DHCP
Enable or disable the DHCP client for the relevant interface.
● IAID Value
Value with which the interface (DHCP client) identifies itself on the DHCP server.

Procedure
Follow the steps below to configure the IP address using the DHCP client ID:
1. Select the identification method in the "DHCP Mode" drop-down list.
If you select the DHCP mode "via DHCP Client ID" an input box appears.
In the enabled input box "DHCP client ID" enter a string to identify the device. This is then
evaluated by the DHCP server.
2. Select the "DHCP Client Configuration Request (Opt. 66, 67) option", if you want the
DHCP client to use options 66 and 67 to download and then enable a configuration file.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

130 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

3. Enable the "DHCP" option in the table.

4. Click the "Set Values" button.

Note
If a configuration file is downloaded, this can trigger a system restart. If the currently
running configuration and the configuration in the downloaded configuration file differ, the
system restarts.
Make sure that the option "DHCP Client Configuration Request (Opt. 66, 67"is no longer
set.

5.4.8.2 DHCP Server

You can operate the device as a DHCP server. This allows IP addresses to be assigned
automatically to the connected devices. The IP addresses are either distributed dynamically
from an address band (pool) you have specified or a specific IP address is assigned to a
particular device.

Note
Deleting DHCP server bindings
If you deactivate or delete an IPv4 address band or turn the DHCP server off and on again,
the DHCP server assignments are deleted see "Information > DHCP Server".

The structure of this page depends on how many VLAN IP interfaces the device has.

Requirement
The connected devices are configured so that they obtain the IP address from a DHCP
server.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 131
Configuring with Web Based Management
5.4 The "System" menu

Devices with one VLAN IP interface

On this page, you specify tIPv4 addresses that are assigned via certain ports.

Description
The page contains the following boxes:
● DHCP Server
Enable or disable the DHCP server on the device.

Note
To avoid conflicts with IPv4 addresses, only one device may be configured as a DHCP
server in the network.

● Probe address with ICMP Echo before offer

When selected, the DHCP server checks whether or not an IP address has already been
assigned. To do this the DHCP server sends ICMP echo messages (ping) to this IPv4
address. If no reply is received, the IPv4 address is assigned.

Note
This check is not made for static assignments.

Note
If there are devices in your network on which the echo service is disabled as default,
there may be conflicts with the IPv4 addresses. To avoid this, assign these devices an
IPv4 address outside the IPv4 address band used by the DHCP server.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

132 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

The table has the following columns:

● Select
Select the check box in the row to be deleted.
● Pool ID
Shows the number of the IPv4 address band. If you click the "Create" button, a new row
with a unique number is created (pool ID).
● Port
Specify the port via which IPv4 address of this DHCP pool will be assigned.
● Enable
Specify whether or not this IPv4 address will be used.

Note
If you enable the IPv4 address, its settings in this DHCP tab are grayed out and can no
longer be edited.

● IP Address
Enter the IPv4 address that will be assigned via the specified port.
● Subnet
Enter the subnet mask matching the IPv4 address. Use the CIDR notation.
● Lease Time (sec)
Specify for how many seconds the assigned IPv4 address remains valid. When half the
period of validity has elapsed. the DHCP client can extend the period of the assigned
IPv4 address. When the entire time has elapsed, the DHCP client needs to request a new
IPv4 address.

Devices with several VLAN IP interfaces

On this page, specify the address band from which the connected device receives any IP
address. You configure the static assignment of the IP addresses in "Static Leases".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 133
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● DHCP Server
Enable or disable the DHCP server on the device.

Note
To avoid conflicts with IPv4 addresses, only one device may be configured as a DHCP
server in the network.

● Probe address with ICMP Echo before offer

When selected, the DHCP server checks whether or not an IP address has already been
assigned. To do this the DHCP server sends ICMP echo messages (ping) to this IPv4
address. If no reply is received, the IPv4 address is assigned.

Note
If there are devices in your network on which the echo service is disabled as default,
there may be conflicts with the IPv4 addresses. To avoid this, assign these devices an
IPv4 address outside the IPv4 address band used by the DHCP server.

The table has the following columns:

● Select
Select the check box in the row to be deleted.
● Pool ID
Shows the number of the IPv4 address band. If you click the "Create" button, a new row
with a unique number is created (pool ID).
● Interface
Select a VLAN IP interface. The IPv4 addresses are assigned dynamically via this
interface.
The requirement for the assignment is that the IPv4 address of the interface is located in
the subnet of the IPv4 address band. If this is not the case, the interface does not assign
any IPv4 addresses.
● Enable
Specify whether or not this IPv4 address band will be used.

Note
If you enable the IPv4 address band, its settings in this and the other DHCP tabs are
grayed out and can no longer be edited.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

134 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Subnet
Enter the network address range that will be assigned to the devices. Use the CIDR
notation.

Note
Effects on other tabs
When you configure the boxes "Subnet", "Lower IP Address" and "Upper IP Address", the
row of the corresponding DHCP pool in the "Port-IP Address Mapping" tab is deleted. if
you delete the configuration, the row in the "Port-IP Address Mapping" tab is available
again.

● Lower IP Address
Enter the IPv4 address that specifies the start of the dynamic IPv4 address band. The
IPv4 address must be within the network address range you configured for "Subnet".
● Upper IP address
Enter the IPv4 address that specifies the end of the dynamic IPv4 address band. The
IPv4 address must be within the network address range you configured for "Subnet".
● Lease Time (sec)
Specify for how many seconds the assigned IPv4 address remains valid. When half the
period of validity has elapsed. the DHCP client can extend the period of the assigned
IPv4 address. When the entire time has elapsed, the DHCP client needs to request a new
IPv4 address.

Procedure
Enable DHCP server globally
1. Select the "DHCP Server" check box.
2. Click the "Set Values" button.
Configuration for devices with one VLAN IP interface
1. Click the "Create" button.
A new row with a unique number (Pool ID) is created.
2. Select the required port.
3. Enter the IPv4 address and the subnet mask.
4. Enter the lease time.
5. Click the "Set Values" button.
6. Select the "Enable" check box on this tab.
7. Click the "Set Values" button.
Configuration for devices with several VLAN IP interfaces
1. Click the "Create" button.
A new row with a unique number (Pool ID) is created.
2. Select a VLAN IP interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 135
Configuring with Web Based Management
5.4 The "System" menu

3. Click the "Set Values" button.

In the "Port-IP Address Mapping" tab a new row is created for the Pool ID. In the "Port"
tab, all ports can be selected that currently belong to the selected VLAN.
In the "Port Range" tab a new row is created for the Pool ID. In the row, all ports are
enabled that currently belong to the selected VLAN.
The standard options for the pool are created in the "DHCP Options" tab.
4. You have the following options for configuring the pool:
Configure the DHCP pool for an IPv4 address band
– Enter the subnet, the lower and the upper IPv4 address.
– Enter the lease time.
– Click the "Set Values" button.
Configure the DHCP pool for an IPv4 address
– Change to the "Port-IP Address Mapping" tab.
– Select the required port.
In the "Port Range" tab only the selected port is enabled.
– Enter the IPv4 address and the subnet mask.
– Click the "Set Values" button.
In the "DHCP Server" tab, the boxes "Subnet", "Lower IP Address" and "Upper IP
Address" are filled accordingly.
– Configure the lease time on the "DHCP Server" tab.
5. Make the settings you require for the pool in the other DHCP tabs.
Enable DHCP pool
1. In the "DHCP Server" tab, select the check box "Enable".
2. Click the "Set Values" button.
Deleting a DHCP pool

Note
You can only delete entries that are not enabled.

1. Enable the "Select" check box in the row to be deleted.

Repeat this for all entries you want to delete.
2. Click the "Delete" button.
The entry is deleted.

5.4.8.3 Port-IP Address Mapping

On this page, you assign exactly one IP address to a certain port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

136 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

After you have created an IPv4 address band in the "DHCP Server" tab, a new row is
created in this tab.
The configuration on this page has effects on the tabs "DHCP Server" and "Port Range".

Description
This table contains the following columns:
● Pool ID
Shows the number of the IPv4 address band. A line is created for every address band.
● Port
Select the setting from the drop-down list. You have the following setting options:
– Px.y
Specify the port via which IPv4 address will be assigned. You can only select ports
located in the corresponding VLAN.
If you select a port, only this port is enabled in the "Port Range" tab.
– Not Selected
With this setting, in the "Port Range" tab no ports or more than one port are selected.
If you select the setting "Not Selected", all ports in the "Port Range" tab are disabled.
● IP Address
Enter an IPv4 address.
In the "DHCP Server" tab, the boxes "Lower IP Address" and "Upper IP Address" are
filled accordingly.
● Subnet Mask
Enter a corresponding subnet mask.
In the "DHCP Server" tab, the "Subnet" box is filled accordingly.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 137
Configuring with Web Based Management
5.4 The "System" menu

Procedure
Assign an IP address to the port
1. Select the required port.
2. Enter the IPv4 address and the subnet mask.
3. Click the "Set Values" button.
In the "Port Range" tab only the selected port is enabled for the relevant DHCP pool.
In the "DHCP Server" tab, the boxes "Subnet", "Lower IP Address" and "Upper IP
Address" are filled accordingly for the relevant DHCP pool.

5.4.8.4 Port Range

On this page, you define the ports via which the IPv4 addresses of an address band are
assigned.
After you have created an IPv4 address band in the "DHCP Server" tab, a new line is
created in this tab and all ports selected that are currently located in the corresponding
VLAN. If you add ports to the VLAN later, the ports are not automatically enabled in this tab.

Description
This table contains the following columns:
● Pool ID
Shows the number of the IPv4 address band. A line is created for every address band.
● Interface
Shows the assigned IP interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

138 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● All ports
Select the setting from the drop-down list. You have the following setting options:
– Enabled
The check box is enabled for all ports of the relevant VLAN.
– Disabled
The check box is disabled for all ports of the relevant VLAN.
– No Change
The table remains unchanged.
● Px.y
Specify the ports via which IPv4 addresses of the address band will be assigned.
You can only select ports located in the corresponding VLAN.

Note
Effects on other tabs
If you enable precisely one port this is selected in the "Port-IP Address Mapping" tab.
If you enable no port or more than one port in the "Port-IP Address Mapping" tab, the
setting "Not Selected" is selected.

Procedure
Configuring individual ports
1. Enable or disable the check box for the required ports.
2. Click the "Set Values" button.
Configuring all ports
1. Select the required entry in the "All ports" drop-down list.
2. Click the "Set Values" button.

5.4.8.5 DHCP Options

On this page you specify which DHCP options the DHCP server supports. The various
DHCP options are defined in RFC 2132.
The DHCP options 1, 3, 6, 66 and 67 are created automatically when the IPv4 address band
is created. With the exception of DHCP option 1, the options can be deleted. With DHCP
option 1 the subnet mask is set automatically that you entered for the address band in
"DHCP Server". With the DHCP option 3, you can set the internal IPv4 address of the DHCP
server as a DHCP parameter using a check box.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 139
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● Pool ID
Select the required IPv4 address band.
● Option Code
Enter the number of the required DHCP option. The various DHCP options are defined in
RFC 2132. The supported DHCP options are listed in the following paragraph.
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Pool ID
Shows the number of the IPv4 address band.
● Option Code
Shows the number of the DHCP option.
● Description
Shows a description of the DHCP option.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

140 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Use Interface IP
If you enable the check box, the IPv4 address is used as the default gateway that is
assigned to the IP interface of the address band. If the check box is disabled, you can
enter an IPv4 address.
● Value
Enter the DHCP parameter that is transferred to the DHCP client. The content depends
on the DHCP option.
– DHCP option 3 (default gateway):
Enter the DHCP parameter as an IPv4 address, e.g. 192.168.100.2.
– DHCP option 6 (DNS):
Enter the DHCP parameter as an IPv4 address, e.g. 192.168.100.2. You can specify
up to three IPv4 addresses separated by commas.
– DHCP option 12 (host name)
Enter the host name in the string format.
– DHCP option 66 (TFTP Server):
Enter the DHCP parameter as an IPv4 address, e.g. 192.168.100.2.
– DHCP option 67 (boot file name)
Enter the name of the boot file in the string format.

DHCP options supported

The following DHCP options are supported:
● Option 1
● Option 3
● Option 6
● Option 12
● Option 66
● Option 67

Procedure
Creating a DHCP option
1. Select a Pool ID.
2. Enter the option code.
3. Click the "Create" button.
4. Enter a value.
5. If applicable for option 3 enable the "Use Interface IP" check box.
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 141
Configuring with Web Based Management
5.4 The "System" menu

Deleting a DHCP option

1. Enable the "Select" check box in the row to be deleted.
Repeat this for all entries you want to delete.
2. Click the "Delete" button.
The entry is deleted.

5.4.8.6 Relay Agent Information

On this page you define that devices with a certain remote ID and circuit ID are assigned the
IPv4 addresses from a specific address band.
If you create such an entry for an address band, the ports of the address band only react to
DHCP queries via a DHCP relay agent (option 82). You can create further address bands for
the same IP interfaces so that ports react to different requests.

Description
The page contains the following boxes:
● Pool ID
Select the required IPv4 address band.
● Remote ID
Enter the remote ID.
● Circuit ID
Enter the circuit ID.
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Pool ID
Shows the number of the IPv4 address band.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

142 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Remote ID
Shows the remote ID.
● Circuit ID
Shows the circuit ID.

Procedure
Creating an entry
1. Select a Pool ID.
2. Enter the remote ID.
3. Enter the circuit ID.
4. Click the "Create" button.
Deleting an entry
1. Enable the "Select" check box in the row to be deleted.
Repeat this for all entries you want to delete.
2. Click the "Delete" button.
The entry is deleted.

5.4.8.7 Static Leases

On this page you define that DHCP clients are assigned a preset IPv4 address depending on
their client ID or MAC address.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 143
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● Pool ID
Select the required IPv4 address band.
● Client identification method
Select the method according to which a client is identified.
– Ethernet MAC
The client is identified by its MAC address.
– Client ID
The client is identified by a freely defined DHCP client ID.
● Value
Enter the MAC address (Ethernet MAC) or the client ID of the client.
The table has the following columns:
● Select
Select the check box in the row to be deleted.
● Pool ID
Shows the number of the IPv4 address band.
● Identification method
Shows whether the client is identified by its MAC address or the client ID.
● Value
Shows the MAC address or client ID of the client.
● IP Address
Specify the IPv4 address that will be assigned to the client. The IPv4 address must be
within the IPv4 address band.

Procedure
Creating static leases
1. Select a Pool ID.
2. Select the Client identification method.
3. Enter the value.
4. Click the "Create" button.
5. Specify the IPv4 address that will be assigned to the client.
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

144 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Deleting static leases

1. Enable the "Select" check box in the row to be deleted.
Repeat this for all entries you want to delete.
2. Click the "Delete" button.
The entry is deleted.

5.4.9 SNMP
You should also refer to the chapter "Technical Basics", section "SNMP (Page 46)".

5.4.9.1 General

Configuration of SNMP
On this page, you make the basic settings for SNMP. Enable the check boxes according to
the function you want to use.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 145
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● SNMP
Select the SNMP protocol from the drop-down list. The following settings are possible:
– "-" (disabled)
SNMP is disabled.
– SNMPv1/v2c/v3
SNMPv1/v2c/v3 is supported.

Note
Note that SNMP in versions 1 and 2c does not have any security mechanisms.

– SNMPv3
Only SNMPv3 is supported.
● SNMPv1/v2c Read-Only
If you enable this option, SNMPv1/v2c can only read the SNMP variables.

Note
Community String
For security reasons, do not use the standard values "public" or "private". Change the
community strings following the initial installation.
The recommended minimum length for community strings is 6 characters.
For security reasons, only limited access to objects of the SNMPCommunityMIB is
possible with the SNMPv1/v2c Read Community String. With the SNMPv1/v2c
Read/Write Community String,
you have full access to the SNMPCommunityMIB.

● SNMPv1/v2c Read Community String

Enter the community string for read access of the SNMP protocol.
● SNMPv1/v2c Read/Write Community String
Enter the community string for read and write access of the SNMP protocol.
● SNMPv1 Traps
Enable or disable the sending of SNMPv1 traps (alarm frames). On the "Trap" tab,
specify the IP addresses of the devices to which SNMPv1 traps will be sent.
● SNMPv1/v2c Trap Community String
Enter the community string for sending SNMPv1/v2c messages.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

146 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● SNMPv3 User Migration

– Enabled
If the function is enabled, an SNMP engine ID is generated that can be migrated. You
can transfer configured SNMPv3 users to a different device.
If you enable this function and load the configuration of the device on another device,
configured SNMPv3 users are retained.
– Disabled
If the function is disabled, a device-specific SNMP engine ID is generated. To
generate the ID, the agent MAC address of the device is used. You cannot transfer
this SNMP user configuration to other devices.
If you load the configuration of the device on another device, all configured SNMPv3
users are deleted.
● SNMP Engine ID
Shows the SNMP engine ID.

Procedure
1. Select the required option from the "SNMP" drop-down list:
– "-" (disabled)
– SNMPv1/v2c/v3
– SNMPv3
2. Enable the "SNMPv1/v2c Read Only" check box if you only want read access to SNMP
variables with SNMPv1/v2c.
3. Enter the required character string in the "SNMPv1/v2c Read Community String" input
box.
4. Enter the required character string in the "SNMPv1/v2c Read/Write Community String"
input box.
5. If necessary, enable the SNMPv3 User Migration.
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 147
Configuring with Web Based Management
5.4 The "System" menu

5.4.9.2 Traps

SNMP traps for alarm events

If an alarm event occurs, the device can send SNMP traps (alarm frames) to up to ten
different management stations at the same time. Traps are only sent if the events specified
in the "System > Events" menu occur.

Note
Traps are only sent if you have enabled the option "SNMPv1 Traps" in the "General" tab or
in "System > Configuration".

Description
● Trap Receiver Address
Enter the IP address of the station to which the device sends SNMP traps. You can
specify up to ten different recipients servers.
The table has the following columns:
● Select
Select the row you want to delete.
● Trap Receiver Address
If necessary, change the IP addresses of the stations.
● Trap
Enable or disable the sending of traps. Stations that are entered but not activated do not
receive SNMP traps.

Procedure
Creating a trap entry
1. In "Trap Receiver Address", enter the IP address of the station to which the device will
send traps.
2. Click the "Create" button to create a new trap entry.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

148 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

3. Select "Trap" in the required row.

4. Click the "Set Values" button.
Deleting a trap entry
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.

5.4.9.3 v3 Groups

Security settings and assigning permissions

SNMP version 3 allows permissions to be assigned, authentication, and encryption at
protocol level. The security level and read/write permissions are assigned according to
groups. The settings automatically apply to every member of a group.

Description
The page contains the following boxes:
● Group Name
Enter the name of the group. The maximum length is 32 characters.
● Security Level
Select the security level (authentication, encryption) valid for the selected group. The
available options are as follows:
– no Auth/no Priv
No authentication enabled / no encryption enabled.
– Auth/no Priv
Authentication enabled / no encryption enabled.
– Auth/Priv
Authentication enabled / encryption enabled.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 149
Configuring with Web Based Management
5.4 The "System" menu

The table has the following columns:

● Select
Select the row you want to delete.
● Group Name
Shows the defined group names.
● Security Level
Shows the configured security level.
● Read
Enable or disable read access for the required group.
● Write
Enable or disable write access for the required group.

Note
For write access to work, you also need to enable read access.

● Persistence
Shows whether or not the group is assigned to an SNMPv3 user. If the group is not
assigned to an SNMPv3 user, no automatic saving is triggered and the configured group
is deleted after restarting the device.
– Yes
The group is assigned to an SNMPv3 user.
– No
The group is not assigned to an SNMPv3 user.

Procedure
Creating a new group
1. Enter the required group name in "Group Name".
2. Select the required security level from the "Security Level" drop-down list.
3. Click the "Create" button to create a new entry.
4. Specify the required read rights for the group in "Read".
5. Specify the required write rights for the group in "Write".
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

150 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Modifying a group
1. Specify the required read rights for the group in "Read".
2. Specify the required write rights for the group in "Write".
3. Click the "Set Values" button.

Note
Once a group name and the security level have been specified, they can no longer be
modified after the group is created. If you want to change the group name or the security
level, you will need to delete the group and recreate it and reconfigure it with the new
name.

Deleting a group
1. Enable "Select" in the row to be deleted.
Repeat this for all groups you want to delete.
2. Click the "Delete" button. The entries are deleted.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 151
Configuring with Web Based Management
5.4 The "System" menu

5.4.9.4 v3 Users

User-specific security settings

On the WBM page, you can create new SNMPv3 users and modify or delete existing users.
The user-based security model works with the concept of the user name; in other words, a
user ID is added to every frame. This user name and the applicable security settings are
checked by both the sender and recipient.

Description
The page contains the following boxes:
● User Name
Enter a freely selectable user name. After you have entered the data, you can no longer
modify the name.
The table has the following columns:
● Select
Select the row you want to delete.
● User Name
Shows the created users.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

152 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Group Name
Select the group which will be assigned to the user.
● Authentication Protocol
Specify the authentication protocol for which a password will be stored.
The following settings are available:
– None
– MD5
– SHA

● Encryption Protocol
Specify whether or not a password should be stored for encryption with the DES
algorithm. Can only be enabled when an authentication protocol has been selected.
● Authentication Password
Enter the authentication password in the first input box. This password must have at least
1 character, the maximum length is 32 characters.

Note
Length of the password
As an important measure to maximize security, we recommend that the password has a
minimum length of 6 characters and that it contains special characters,
uppercase/lowercase letters, numbers.

● Authentication Password Confirmation

Confirm the password by repeating the entry.
● Privacy Password
Enter your encryption password. This password must have at least 1 character, the
maximum length is 32 characters.

Note
Length of the password
As an important measure to maximize security, we recommend that the password has a
minimum length of 6 characters and that it contains special characters,
uppercase/lowercase letters, numbers.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 153
Configuring with Web Based Management
5.4 The "System" menu

● Privacy Password Confirmation

Confirm the encryption password by repeating the entry.
● Persistence
Shows whether or not the user is assigned to an SNMPv3 group. If the user is not
assigned to an SNMPv3 group, no automatic saving is triggered and the configured user
is deleted after restarting the device.
– Yes
The user is assigned to an SNMPv3 group.
– No
The user is not assigned to an SNMPv3 group.

Procedure
Create a new user
1. Enter the name of the new user in the "User Name" input box.
2. Click the "Create" button. A new entry is generated in the table.
3. In "Group Name", select the group to which the new user will belong.
If the group has not yet been created, change to the "v3 Groups" page and make the
settings for this group.
4. If an authentication is necessary for the selected group, select the authentication
algorithm in "Authentication Protocol".
In the relevant input boxes, enter the authentication password and its confirmation.
5. If encryption was specified for the group, select the algorithm in "Privacy Protocol". In the
relevant input boxes, enter the encryption password and the confirmation.
6. Click the "Set Values" button.
Delete user
1. Enable "Select" in the row to be deleted.
Repeat this for all users you want to delete.
2. Click the "Delete" button. The entry is deleted.

5.4.10 System Time

There are different methods that can be used to set the system time of the device. Only one
method can be active at any one time.
If one method is activated, the previously activated method is automatically deactivated.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

154 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.10.1 Manual Setting

Manual setting of the system time

On this page, you set the date and time of the system yourself. For this setting to be used,
enable "Time Manually".

Description
The page contains the following boxes:
● Time Manually
Enable the manual time setting. If you enable the option, the "System Time" input box can
be edited.
● System Time
Enter the date and time in the format "MM/DD/YYYY HH:MM:SS".
After a restart, the time of day begins at 01/01/2000 00:00:00.
● Use PC Time
Click the button to use the time setting of the PC.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place. If no time-of-day
synchronization was possible, the box displays "Date/time not set".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 155
Configuring with Web Based Management
5.4 The "System" menu

● Last Synchronization Mechanism

Shows how the last time synchronization was performed.
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame
● Daylight Saving Time (DST)
Shows whether the daylight saving time changeover is active.
– active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was
added. You can see the current system time at the top right in the selection area of the
WBM.
The current time including daylight saving time is displayed in the "System Time" box.
– inactive (offset +0 h)
The current system time is not changed.

Procedure
1. Enable the "Time Manually" option.
2. In the "System Time" input box, enter the date and time in the format "MM/DD/YYYY
HH:MM:SS".
3. Click the "Set Values" button.
The date and time are adopted and "Manual" is entered in "Last Synchronization
Mechanism" box.

5.4.10.2 DST Overview

On this page, you can create new entries for the daylight saving time changeover.
The table provides an overview of the existing entries.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

156 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Settings

● Select
Select the row you want to delete.
● DST No.
Shows the number of the entry.
If you create a new entry, a new line with a unique number is created.
● Name
Shows the name of the entry.
● Year
Shows the year for which the entry was created.
● Start Date
Shows the month, day and time for the start of daylight saving time.
● End Date
Shows the month, day and time for the end of daylight saving time.
● Recurring Date
With an entry of the type "Rule", the period in which daylight saving time is active is
displayed consisting of week, day, month and time of day.
With an entry of the type "Date" a "-" is displayed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 157
Configuring with Web Based Management
5.4 The "System" menu

● State
Shows the status of the entry:
– Enabled
The entry was created correctly.
– Invalid
The entry was created new and the start and end date are identical.
● Type
Shows how the daylight saving time changeover is made:
– Date
A fixed date is entered for the daylight saving time changeover.
– Rule
A rule was defined for the daylight saving time changeover.

Procedure
Creating an entry
1. Click the "Create" button.
A new entry is created in the table.
2. Click on the required entry in the "DST No column.
You change to the "DST Configuration" page.
3. Select the required type in the "Type" drop-down list.
Depending on the selected type, various settings are available.
4. Enter a name name in the "Name" box.
5. If you have selected the type "Date", fill in the following boxes.
– Year
– Day (for start and end date)
– Hour (for start and end date)
– Month (for start and end date)
6. If you have selected the type "Rule", fill in the following boxes.
– Hour (for start and end date)
– Month (for start and end date)
– Week (for start and end date)
– Day (for start and end date)
7. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

158 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Deleting an entry
1. Enable "Select" in the row to be deleted.
2. Click the "Delete" button. The entry is deleted.

5.4.10.3 DST Configuration

On this page, you can configure the entries for the daylight saving time changeover. As
result of the changeover to daylight saving or standard time, the system time for the local
time zone is correctly set.
You can define a rule for the daylight saving time changeover or specify a fixed date.

Settings

Note
The content of this page depends on the selection in the "Type" box.
The boxes "DST No.", "Type" and "Name" are always shown.

● DST No.
Select the type of the entry.
● Type
Select how the daylight saving time changeover is made:
– Date
You can set a fixed date for the daylight saving time changeover.
This setting is suitable for regions in which the daylight saving time changeover is not
governed by rules.
– Rule
You can define a rule for the daylight saving time changeover.
This setting is suitable for regions in which the daylight saving time always begins or
ends on a certain weekday.
● Name
Enter a name for the entry.
The name can be a maximum of 16 characters long.
Settings with "Date" selected

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 159
Configuring with Web Based Management
5.4 The "System" menu

You can set a fixed date for the start and end of daylight saving time.
● Year
Enter the year for the daylight saving time changeover.
● Start Date
Enter the following values for the start of daylight saving time:
– Day
Specify the day.
– Hour
Specify the hour.
– Month
Specify the month.
● End Date
Enter the following values for the end of daylight saving time:
– Day
Specify the day.
– Hour
Specify the hour.
– Month
Specify the month.
Settings with "Rule" selected

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

160 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 161
Configuring with Web Based Management
5.4 The "System" menu

You can create a rule for the daylight saving time changeover.
● Start Date
Enter the following values for the start of daylight saving time:
– Hour
Specify the hour.
– Month
Specify the month.
– Week
Specify the week.
You can select the first to fifth or the last week of the month.
– Day
Specify the weekday.
● End Date
Enter the following values for the end of daylight saving time:
– Hour
Specify the hour.
– Month
Specify the month.
– Week
Specify the week.
You can select the first to fifth or the last week of the month.
– Day
Specify the weekday.

5.4.10.4 SNTP Client

Time-of-day synchronization in the network

SNTP (Simple Network Time Protocol) is used for synchronizing the time in the network. The
appropriate frames are sent by an SNTP server in the network.

Note
To avoid time jumps, make sure that there is only one time server in the network.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

162 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● SNTP Client
Enable or disable automatic time-of-day synchronization using SNTP.
● Current System Time
Shows the current date and current normal time received from the server. If you specify a
time zone, the time information is adapted accordingly.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place.
● Last Synchronization Mechanism
Shows how the last time synchronization was performed. The following methods are
possible:
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 163
Configuring with Web Based Management
5.4 The "System" menu

● Time Zone
In this box, enter the time zone you are using in the format "+/- HH:MM". The time zone
relates to UTC standard world time.
The time in the "Current System Time" box is adapted accordingly.
● Daylight Saving Time (DST)
Shows whether the daylight saving time changeover is active.
– active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was
added. You can see the current system time at the top right in the selection area of the
WBM.
The normal time including the time zone continues to be displayed in the "Current
System Time" box.
– inactive (offset +0 h)
The current system time is not changed.
● SNTP Mode
Select the synchronization mode from the drop-down list. The following types of
synchronization are possible:
– Listen
With this mode, the device is passive and receives SNTP frames that deliver the time
of day. The settings in the input boxes "SNTP Server Address" and "SNTP Server
Port" have no effect in this mode.
– Poll
When you select this mode, the input box "Poll Interval [s]" is available for additional
configuration. The settings in the input boxes "SNTP Server Address" and "SNTP
Server Port" take effect in this mode. With this type of synchronization, the device is
active and sends a time query to the SNTP server.
● SNTP Server Address
Enter the IPv4 address of the SNTP server.
● SNTP Server Port
Enter the port of the SNTP server.
The following ports are possible:
– 123 (standard port)
– 1025 to 36564
● Poll Interval[s]
Here, enter the interval between two-time queries. In this box, you enter the query interval
in seconds. Possible values are 16 to 16284 seconds.

Procedure
1. Click the "SNTP Client" check box to enable the automatic time setting.
2. In the "Time Zone" input box, enter the local time difference to world time (UTC). The
input format is "+/-HH:MM" (for example +02:00 for CEST), because the SNTP server
always sends the UTC time. This time is then recalculated and displayed as the local time
based on the specified time zone. On the device itself, there is no changeover from the

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

164 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

daylight saving to standard time. You also need to take this into account when completing
the "Time Zone" input box.
3. Select one of the following options from the "SNTP Mode" drop-down list:
– Listen
For this mode, you need to configure the following:
- time difference to the time sent by the server (step 2)
- complete the configuration with step 7.
– Poll
Click the "Set Values" button. Further boxes for the SNTP mode "Poll" are displayed.
For this mode, you need to configure the following:-
- time difference to the time sent by the server (step 2)
- time server (step 4)
- port (step 5)
query interval (step 6)
- complete the configuration with step 7.
4. In the "SNTP Server Address" input box, enter the IPv4 address of the SNTP server
whose frames will be used to synchronize the time of day.
5. In the "SNTP Server Port" input box, enter the port via which the SNTP server is
available. The port can only be modified if the IPv4 address of the SNTP server is
entered.
6. In the "Poll Interval[s]" input box, enter the time in seconds after which a new time query
is sent to the time server.
7. Click the "Set Values" button to transfer your changes to the device.

5.4.10.5 NTP Client

Automatic time-of-day setting with NTP

If you require time-of-day synchronization using NTP, you can make the relevant settings
here.

Note
To avoid time jumps, make sure that there is only one time server in the network.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 165
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● NTP Client
When enabled, the device receives the system time from an NTP server.
● Secure NTP Client Only
When enabled, the device receives the system time from a secure NTP server. The
setting applies to all server entries.
To enable the secure NTP client, you configure the parameters for authentication (key ID,
hash algorithm, key).
● Current System Time
Shows the current date and current normal time received by the IE switch. If you specify
a time zone, the time information is adapted accordingly.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place.
● Last Synchronization Mechanism
Shows how the last time synchronization was performed. The following methods are
possible:
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

166 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Time Zone
In this box, enter the time zone you are using in the format "+/- HH:MM". The time zone
relates to UTC standard world time.
The time in the "Current System Time" box is adapted accordingly.
● Daylight Saving Time (DST)
Shows whether the daylight saving time changeover is active.
– active (offset +1 h)
The system time was changed to daylight saving time; in other words an hour was
added. You can see the current system time at the top right in the selection area of the
WBM.
The normal time including the time zone continues to be displayed in the "Current
System Time" box.
– inactive (offset +0 h)
The current system time is not changed.
● NTP Server Index
Select the index of the NTP server. The server with the lowest index is queried first.
● NTP Server Address
Enter the IPv4 address of the NTP server.
● NTP Server Port
Enter the port of the NTP server.
The following ports are possible:
– 123 (standard port)
– 1025 to 36564
● Poll Interval[s]
Specify the interval between two time queries. Possible values are 64 to 1024 seconds.
● Key ID
Enter the ID of the authentication key.
● Hash Algorithm
Specify the format for the authentication key.
● Key
Enter the authentication key.
● Key Confirmation
Enter the authentication key again to confirm it.

Procedure
Time-of-day synchronization via NTP server
1. Click the "NTP Client" check box to enable the automatic time setting using NTP.
2. In the "Time Zone" input box, enter the local time difference to world time (UTC).
The input format is "+/-HH:MM" because the NTP server always sends UTC time, for
example +02:00 for CEST, Central European Summer Time. This time is converted into
local time based on the specified time zone.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 167
Configuring with Web Based Management
5.4 The "System" menu

3. Select the "NTP Server Index".

4. Click the "Create" button.
A row for the NTP server is created in the table.
5. In "NTP Server Address", enter the address of the NTP server whose frames will be used
to synchronize the time of day.
6. In "NTP Server Port", enter the port via which the NTP server is available. The port can
only be modified if the address of the NTP server is entered.
7. In the "Poll Interval" column, enter the interval in seconds after which a new time-of-day
query is started on the time server.
8. Click the "Set Values" button.
Time-of-day synchronization via a secure NTP server
To synchronize the time of day via a secure NTP server, the following additional steps are
necessary:
1. Click the "Secure NTP Client Only" check box to enable the automatic time setting using
secure NTP.
2. Configure the authentication.
– In "Key ID", enter the ID of the authentication key.
– In "Hash Algorithm", select the required format.
– In "Key", enter the authentication key.
With these entries, the NTP client authenticates itself on the secure NTP server. These
entries must be present on the secure NTP server.
3. Click the "Set Values" button.

5.4.10.6 SIMATIC Time Client

Time setting via SIMATIC time client

Note
To avoid time jumps, make sure that there is only one time server in the network.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

168 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● SIMATIC Time Client
Select this check box to enable the device as a SIMATIC time client.
● Current System Time
Shows the current system time.
● Last Synchronization Time
Shows when the last time-of-day synchronization took place.
● Last Synchronization Mechanism
Shows how the last time synchronization was performed. The following methods are
possible:
– Not set
The time was not set.
– Manual
Manual time setting
– SNTP
Automatic time-of-day synchronization with SNTP
– NTP
Automatic time-of-day synchronization with NTP
– SIMATIC
Automatic time-of-day synchronization using the SIMATIC time frame

Procedure
1. Click the "SIMATIC Time Client" check box to enable the SIMATIC Time Client.
2. Click the "Set Values" button.

5.4.11 Automatic logout

Setting the automatic logout

On this page, set the time intervals after which there is an automatic logout from the WBM or
CLI following user inactivity.
If you have been logged out automatically, you will need to log in again.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 169
Configuring with Web Based Management
5.4 The "System" menu

Configuration
1. Enter a value of 60-3600 seconds in the "Web Based Management[s]" input box. If you
enter the value 0, the automatic logout is disabled.
2. Enter a value of 60-600 seconds in the "CLI (TELNET, SSH, Serial)[s]" input box. If you
enter the value 0, the automatic logout is disabled.
3. Click the "Set Values" button.

5.4.12 Configuration of the SELECT/SET button

Availability of the buttons

Depending on your IE switch, different buttons and functions are available, see section
"System functions hardware equipment (Page 13)".

Functionality of the button

You will find a detailed description of the function available with the button in the device
operating instructions.
On this page, the functionality of the button can be enabled or disabled.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

170 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The following functions are possible:
● Restore Factory Defaults
if you select the check box, you can execute the function "Restore Factory Defaults" via
the button.

CAUTION
Button function "Restore Factory Defaults" active during startup
If you have disabled this function in your configuration, disabling is only valid during
operation. When restarting, for example after power down, the function is active until the
configuration is loaded so that the device can inadvertently be reset to the factory
settings. This may cause unwanted disruption in network operation since the device
then needs to be reconfigured. An inserted PLUG is also deleted and returned to the
status as shipped.

● Set Fault Mask

If you select the check box, you can define the fault mask via the button.

Steps in configuration
1. To use the required functionality, select the corresponding check box.
2. Click the "Set Values" button.

5.4.13 Syslog Client

Syslog according to RFC 3164 is used for transferring short, unencrypted text messages
over UDP in the IP network. This requires a Syslog server.

Requirements for sending log entries

● The Syslog function is enabled on the device.
● The Syslog function is enabled for the relevant event.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 171
Configuring with Web Based Management
5.4 The "System" menu

● There is a Syslog server in your network that receives the log entries. Since this is a UDP
connection, there is no acknowledgment to the sender.
● The IP address of the Syslog server is entered on the device.

Description
The page contains the following boxes:
● Syslog Client
Enable or disable the Syslog function.
● Syslog Server Address
Enter the IP address of the Syslog server.
This table contains the following columns
● Select
Select the row you want to delete.
● Syslog Server Address
Shows the IP address of the Syslog server.
● Server Port
Enter the port of the Syslog server being used.

Procedure
Enabling function
1. Select the "Syslog Client" check box.
2. Click the "Set Values" button.
Creating a new entry
1. In the "Syslog Server Address" input box, enter the IP address of the Syslog server on
which the log entries will be saved.
2. Click the "Create" button. A new row is inserted in the table.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

172 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

3. In the "Server Port" input box, enter the number of the UDP port of the server.
4. Click the "Set Values" button.

Note
The default setting of the server port is 514.

Changing the entry

1. Delete the entry.
2. Create a new entry.
Deleting an entry
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. All selected entries are deleted and the display is refreshed.

5.4.14 Ports

5.4.14.1 Overview

Overview of the port configuration

The page shows the configuration for the data transfer for all ports of the device. You cannot
configure anything on this page.

Description of the displayed boxes

The table has the following columns:
● Port
Shows the available ports. If you click on the port, the corresponding configuration page
is opened. The port is made up of the module number and the port number, for example
port 0.1 is module 0, port 1.
● Port name
Shows the name of the port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 173
Configuring with Web Based Management
5.4 The "System" menu

● Port Type
Shows the type of the port. The following types are possible:
– Switch Port VLAN Hybrid
– Switch Port VLAN Trunk
– Switch-Port PVLAN Host
– Switch-Port PVLAN Promiscuous
– Switch Port VLAN Access
● Combo Port Media Type
This column contains a value only with combo ports.
Shows the mode of the combo port:
– auto
– rj45
– sfp
● Status
Shows whether the port is on or off. Data traffic is possible only over an enabled port.
● OperState
Displays the current operational status. The operational status depends on the configured
"Status" and the "Link". The available options are as follows:
– up
You have configured the status "enabled" for the port and the port has a valid
connection to the network.
– down
You have configured the status "disabled" or "Link down" for the port or the port has
no connection.
– not present
With modular devices, this status is displayed when, for example, no media module is
inserted.
● Link
Shows the connection status to the network. With the connection status, the following is
possible:
– up
The port has a valid link to the network, a link integrity signal is being received.
– down
The link is down, for example because the connected device is turned off.
● Mode
Shows the transfer parameters of the port.
● Negotiation
Shows whether the automatic configuration is enabled or disabled.
● Flow Ctrl. Type
Shows whether flow control is enabled or disabled for the port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

174 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Flow Ctrl.
Shows whether flow control is working on this port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 175
Configuring with Web Based Management
5.4 The "System" menu

● MAC Address
Shows the MAC address of the port.
● Blocked by
Shows why the port is in the "blocked" status:
– -
The port is not blocked.
– Ring Redundancy
The port belongs to a redundancy manager. When the redundancy manager is in the
"Passive" status, one of the ring ports is in the "blocking" status.
– Spanning Tree
The port has the status "Discarding" in the spanning tree. The port is part of a
spanning tree, however it is located on a redundant path and is deactivated for data
traffic.
– Loop Detection
A loop was detected and as the reaction to a loop, the status "disable" was configured
for the port.
– Link Check
A disruption was detected on an optical transmission link and as the reaction the port
status "disable" was configured.
– Link Aggregation Member
The port is part of a link aggregation and was deactivated by LACP.
– Link Aggregation (LoopD)
The port is part of a link aggregation. A loop was detected and as the reaction to a
loop, the status "disable" was configured for the link aggregation.
– Link Aggregation (STP)
The port is part of a link aggregation. The link aggregation was switched to the status
"Discarding" by the spanning tree.
– Admin down
The status "disabled" is configured for the port, see "System > Ports > Configuration".
– Link down
The status "enabled" is configured for the port but there is no connection, see "System
> Ports > Configuration".
– Power down
The status "Link down" is configured for the port, see "System > Ports >
Configuration".
– Standby
Standby redundancy is enabled on the device. The port is a standby port with the
status "Passive".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

176 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.14.2 Configuration

Configuring ports
On this page, you can configure all the ports of the device.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 177
Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The table has the following rows:
● Port
Select the port to be configured from the drop-down list. The port is made up of the
module number and the port number, for example port 0.1 is module 0, port 1.
● Status
Specify whether the port is enabled or disabled.
– enabled
The port is enabled. Data traffic is possible only over an enabled port.
– disabled
The port is disabled but the connection remains.
– link down
The port is disabled and the connection to the partner device is terminated.

Note
Reduced current consumption
For every optical port that you set to "link down", the current consumtion of the device
is reduced by 30 mA.

● Port Name
Enter a name for the port here.
● MAC Address
Shows the MAC address of the port.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

178 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Mode Type
From this drop-down list, select the transmission speed and the transfer mode of the port.
If you set the mode to "Auto negotiation", these parameters are automatically negotiated
with the connected partner port.
Before the port and partner port can communicate with each other, the settings must
match at both ends.

Note
"Auto negotiation" mode
• If a port is set permanently to full duplex, the connected partner port must also be set
to full duplex.
• If a port operating in the "Auto negotiation" mode is connected to a partner port that is
not operating in the"Auto negotiation" mode, the partner port setting must be fixed.
• Devices not supporting "Auto negotiation" must be set permanently to 100 Mbps or
10 Mbps half duplex mode.

Note
"Auto negotiation" and Autocrossover
• SCALANCE XB-200/SCALANCE XC-200/XR-300WG: If you disable the "Auto
negotiation" function, the "MDI/MDI-X" autocrossover function is also turned off. The
use a crossover cable.
• SCALANCE XP-200: If you disable the "Auto negotiation" function, the "MDI/MDI-X"
autocrossover function remains active.

● Mode
Shows the transmission speed and the transfer mode of the port. The transmission speed
can be 10 Mbps, 100 Mbps or 1000 Mbps. As the transmission mode, you can configure
full duplex (FD) or half duplex (HD).
● Negotiation
Shows whether the automatic configuration of the connection to the partner port is
enabled or disabled.
● Flow Ctrl. Type
Enable or disable the flow control function for the port.

Note
To use the flow control function, enable flow control at the appropriate input and output
ports.

If a packet is sent from an input port with flow control enabled to an output port with flow
control enabled, the packet is not discarded if there is overflow. If flow control is enabled
only on the input port, the packet can be discarded if there is overload.

Note
Turning flow control on/off with "auto negotiation"
You can only enable or disable flow control when the "Auto negotiation" function is turned
off. Afterwards you can enable "Auto negotiation" again.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 179
Configuring with Web Based Management
5.4 The "System" menu

● Flow Ctrl.
Shows whether flow control is working on this port.
● Port Type
Select the type of port from the drop-down list.
– Switch Port VLAN Hybrid
The port sends tagged and untagged frames. It is not automatically a member of a
VLAN.
– Switch Port VLAN Trunk
The port only sends tagged frames and is automatically a member of all VLANs.
– Switch-Port PVLAN Host
Host ports belong to a secondary PVLAN.
Connect devices to host ports that are only intended to communicate with certain
devices of the PVLAN.
– Switch-Port PVLAN Promiscuous
Promiscuous ports belong to a primary PVLAN.
Connect devices to promiscuous ports that are intended to communicate with all other
devices of the PVLAN.
– Switch Port VLAN Access
Access ports belong to a provider switch that supports the function Q-in-Q VLAN
Tunnel.
Connect a customer network to access ports.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

180 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Combo Port Media Type

Specify the mode of the combo port:
– auto
If you select this mode, the pluggable transceiver port has priority.
As soon as a pluggable transceiver is plugged in, an existing connection at the fixed
RJ-45 port is terminated. If no pluggable transceiver is plugged in, a connection can
be established via the built-in RJ-45 port.
– rj45
If you select this mode, the built-in RJ-45 port is used regardless of the pluggable
transceiver port.
If a pluggable transceiver is plugged in, it is disabled and the power turned off.
– sfp
If you select this mode, the pluggable transceiver port is used regardless of the built-in
RJ-45 port.
If an RJ-45 connection is established, it is terminated because the power of the RJ-45
port is turned off.
The factory setting for the combo ports is the auto mode.

Note
Automatic adaptation due to PROFINET configuration
When establishing a PROFINET connection, the setting of the combo port media type is
adapted automatically:
• If a pluggable transceiver is configured, the combo port media type will be set to "sfp".
• If the built-in RJ-45 port is configured, the combo port media type will be set to "rj45".
So that the automatic adaptation can be made, the combo port media type must be set to
"auto".
Configure the combo port media type accordingly using the WBM or CLI.

● OperState
Displays the current operational status. The operational status depends on the configured
"Status" and the "Link". The available options are as follows:
– up
You have configured the status "enabled" for the port and the port has a valid
connection to the network.
– down
You have configured the status "disabled" or "Link down" for the port or the port has
no connection.
– not present
With modular devices, this status is displayed when, for example, no media module is
inserted.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 181
Configuring with Web Based Management
5.4 The "System" menu

● Link
Shows the connection status to the network. The available options are as follows:
– up
The port has a valid link to the network, a link integrity signal is being received.
– down
The link is down, for example because the connected device is turned off.
● Blocked by
Shows why the port is in the "blocked" status:
– -
The port is not blocked.
– Ring Redundancy
The port belongs to a redundancy manager. When the redundancy manager is in the
"Passive" status, one of the ring ports is in the "blocking" status.
– Spanning Tree
The port has the status "Discarding" in the spanning tree. The port is part of a
spanning tree, however it is located on a redundant path and is deactivated for data
traffic.
– Loop Detection
A loop was detected and as the reaction to a loop, the status "disable" was configured
for the port.
– Link Check
A disruption was detected on an optical transmission link and as the reaction the port
status "disable" was configured.
– Link Aggregation Member
The port is part of a link aggregation and was deactivated by LACP.
– Link Aggregation (LoopD)
The port is part of a link aggregation. A loop was detected and as the reaction to a
loop, the status "disable" was configured for the link aggregation.
– Link Aggregation (STP)
The port is part of a link aggregation. The link aggregation was switched to the status
"Discarding" by the spanning tree.
– Admin down
The status "disabled" is configured for the port, see "System > Ports > Configuration".
– Link down
The status "enabled" is configured for the port but there is no connection, see "System
> Ports > Configuration".
– Power down
The status "Link down" is configured for the port, see "System > Ports >
Configuration".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

182 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

– Standby
Standby redundancy is enabled on the device. The port is a standby port with the
status "Passive".

Changing the port configuration

Click the appropriate box to change the configuration.

Note
Optical ports only work with the full duplex mode and at maximum transmission rate. As a
result, the following settings cannot be made for optical ports:
• Automatic configuration
• Transmission speed
• Transmission technique

Note
With various automatic functions, the device prevents or reduces the effect on other ports
and priority classes (Class of Service) if a port is overloaded. This can mean that frames are
discarded even when flow control is enabled.
Port overload occurs when the device receives more frames than it can send, for example as
the result of different transmission speeds.

Steps in configuration
1. Change the settings according to your configuration.
2. Click the "Set Values" button.

5.4.15 Fault Monitoring

5.4.15.1 Power Supply

Settings for monitoring the power supply

Configure whether or not the power supply should be monitored by the messaging system.
Depending on the hardware variant, there are one or two power connectors (Supply 1 /
Supply 2). With a redundant power supply, configure the monitoring separately for each
individual feed-in line.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 183
Configuring with Web Based Management
5.4 The "System" menu

A fault is then signaled by the message system when there is no power on a monitored
connection (Line 1 or Line 2) or when the applied voltage is too low.

Note
You will find the permitted operating voltage limits in the operating instructions of the device.

A fault causes the signaling contact to trigger and the fault LED on the device to light up and,
depending on the configuration, can trigger a trap, an e-mail, or an entry in the event log
table.

Procedure
1. Click the check box in front of the line name you want to monitor to enable or disable the
monitoring function.
2. Click the "Set Values" button.

5.4.15.2 Link Change

Configuration of fault monitoring of status changes on connections

On this page, you configure whether or not an error message is triggered if there is a status
change on a network connection.
If connection monitoring is enabled, an error is signaled when:
● there should be a link on a port and this is missing.
● or when there should not be a link on a port but a link is detected.
A fault causes the signaling contact to trigger and the fault LED on the device to light up and,
depending on the configuration, can trigger a trap, an e-mail, or an entry in the event log
table.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

184 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– "-" (disabled)
– Up
– Down
– No Change: The setting in table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Setting
Select the setting from the drop-down list. You have the following options:
– Up
Error handling is triggered when the port changes to the active status.
(From "Link down" to "Link up")
– Down
Error handling is triggered when the port changes to the inactive status.
(From "Link up" to "Link down")
– "-" (disabled)
The error handling is not triggered.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 185
Configuring with Web Based Management
5.4 The "System" menu

Steps in configuration
Configure error monitoring for a port
1. From the relevant drop-down list, select the options of the slots / ports whose connection
status you want to monitor.
2. Click the "Set Values" button.
Configure error monitoring for all ports
1. Select the required setting from the drop-down list of the "Setting"column.
2. Click the "Copy to table" button. The setting is adopted for all ports of table 2.
3. Click the "Set Values" button.

5.4.15.3 Redundancy
On this page, you configure whether or not an error message is triggered if there is a status
change on a redundant connection.

Setting
● Redundancy loss (HRP only)
Enable or disable connection monitoring. If the redundancy of the connection is lost, an
error is signaled.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

186 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.16 PROFINET

Settings for PROFINET

On this page, you configure the mode of PROFINET.

Description of the displayed boxes

The page contains the following boxes:
● PROFINET Device Diagnostics
Shows whether PROFINET is enabled ("On") or disabled ("Off").
● PROFINET Device Diagnostics for next boot
Set whether PROFINET will be enabled ("On") or disabled ("Off") after the next device
restart.

Note
PROFINET and EtherNet/IP
When PROFINET is turned on, EtherNet/IP is turned off. The switchover from PROFINET
and EtherNet/IP has no effect on DCP.

Note
PROFINET AR Status
If a PROFINET connection is established; in other words the PROFINET AR status is
"Online", you cannot disable PROFINET.

● PROFINET AR Status
This box shows the status of the PROFINET connection; in other words whether the
device is connected to a PROFINET controller "Online " or "Offline".
Here, online means that a connection to a PROFINET controller exists, that this has
downloaded its configuration data to the device and that the device can send status data
to the PROFINET controller. In this status known as "in data exchange", the parameters
set via the PROFINET controller cannot be configured.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 187
Configuring with Web Based Management
5.4 The "System" menu

● PROFINET Name of Station

This box displays the PROFINET device name according to the configuration in HW
Config of STEP 7.
● Restart with PROFINET Defaults
Click this button to restore the default settings of the PROFINET profile and to restart the
device. You must confirm the restart in a dialog box. The dialog box displays the settings
specially made for operation with the PROFINET protocol.

NOTICE

By resetting all the settings to the default settings of a profile, the IP address is also lost.
Following this, the device can only be accessed via the serial interface, using the
Primary Setup Tool or using DHCP.
With the appropriate attachment, a previously correctly configured device can cause
circulating frames after the reset and therefore the failure of the data traffic.

5.4.17 EtherNet/IP

EtherNet Industrial Protocol (EtherNet/IP)

On this page, you configure the mode of EtherNet/IP.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

188 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● EtherNet/IP Device Diagnostics
Shows whether EtherNet/IP is enabled ("On") or disabled ("Off").
● EtherNet/IP Device Diagnostics for next boot
Set whether EtherNet/IP will be enabled ("On") or disabled ("Off") after the next device
restart.

Note
EtherNet/IP and PROFINET
When EtherNet/IP is turned on, PROFINET is turned off. The switchover from EtherNet/IP
and PROFINET has no effect on DCP.

Note
PROFINET AR Status
If a PROFINET connection is established; in other words the PROFINET AR status is
"Online", you cannot enable EtherNet/IP.

● Restart with EtherNet/IP Defaults

Click this button to restore the default settings of the EtherNet/IP profile and to restart the
device. You must confirm the restart in a dialog box. The dialog box displays these
settings specially made for operation with the EtherNet/IP protocol.

NOTICE

By resetting all the settings to the default settings of a profile, the IP address is also lost.
Following this, the device can only be accessed via the serial interface, using the
Primary Setup Tool or using DHCP.
With the appropriate attachment, a previously correctly configured device can cause
circulating frames after the reset and therefore the failure of the data traffic.

5.4.18 PLUG

5.4.18.1 Configuration

NOTICE
Do not remove or insert a PLUG during operation
A PLUG may only be removed or inserted when the device is turned off.
The device checks whether or not a PLUG is present at one second intervals. If the PLUG
is removed during operation, loss of data may occur.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 189
Configuring with Web Based Management
5.4 The "System" menu

Information about the configuration of the C-PLUG

This page provides detailed information about the configuration stored on the C-PLUG. It is
also possible to reset the PLUG to "factory defaults" or to load it with new contents.

Note
The action is only executed after you click the "Set Values" button.
The action cannot be undone.
If you decide against executing the function after making your selection, click the "Refresh"
button. As a result the data of this page is read from the device again and the selection is
canceled.

Note
Incompatibility with older firmware versions with PLUG inserted
During the installation of an older firmware version, the configuration data can be lost. In this
case, the device starts up with the factory settings after the firmware has been installed. In
this situation, if a PLUG is inserted in the device, following the restart, this has the status
"NOT ACCEPTED" since the PLUG still has the configuration data of the previous more up-
to-date firmware. This allows you to return to the previous, more up-to-date firmware without
any loss of configuration data.
If the original configuration on the PLUG is no longer required, the PLUG can be deleted or
rewritten manually using "System > PLUG".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

190 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

Description of the displayed boxes

The table has the following rows:
● Status
Shows the status of the PLUG. The following are possible:
– ACCEPTED
There is a PLUG with a valid and suitable configuration in the device.
– NOT ACCEPTED
Invalid or incompatible configuration on the inserted PLUG.
– NOT PRESENT
No C-PLUG is inserted in the device.
– FACTORY
PLUG is inserted and does not contain a configuration. This status is also displayed
when the PLUG was formatted during operation.
● Device Group
Shows the SIMATIC NET product line that used the C-PLUG previously.
● Device type
Shows the device type within the product line that used the C-PLUG previously.
● Configuration Revision
The version of the configuration structure. This information relates to the configuration

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 191
Configuring with Web Based Management
5.4 The "System" menu

options supported by the device and has nothing to do with the concrete hardware
configuration. This revision information does not therefore change if you add or remove
additional components (modules or extenders), it can, however, change if you update the
firmware.
● File System
Displays the type of file system on the PLUG.
● File System Size
Displays the maximum storage capacity of the file system on the PLUG in bytes.
● File System Usage
Displays the storage space in use in the file system of the PLUG in bytes.
● Info String
Shows additional information about the device that used the PLUG previously, for
example, order number, type designation, and the versions of the hardware and software.
The displayed software version corresponds to the version in which the configuration was
last changed. With the "NOT ACCEPTED" status, further information on the cause of the
problem is displayed.
● Modify PLUG
Select the setting from the drop-down list. You have the following options for changing
the configuration on the C-PLUG:
– Write Current Configuration to the PLUG
This option is available only if the status of the PLUG is "NOT ACCEPTED" or
"FACTORY".
The configuration in the internal flash memory of the device is copied to the PLUG.
– Erase PLUG to factory default
Deletes all data from the C-PLUG and triggers low-level formatting.

Steps in configuration
1. You can only make settings in this box if you are logged on as "Administrator". Here, you
decide how you want to change the content of the PLUG.
2. Select the required option from the "Modify PLUG" drop-down list.
3. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

192 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.19 Ping

Reachability of an address in an IPv4 network

With the ping function, you can check whether a certain IPv4 address is reachable in the
network.

Description
The table has the following columns:
● Destination Address
Enter the IPv4 address of the device.
● Repeat
Enter the number of ping requests.
● Ping
Click this button to start the ping function.
● Ping Output
This box shows the output of the ping function.
● Clear
Click this button to empty the "Ping Output" box.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 193
Configuring with Web Based Management
5.4 The "System" menu

5.4.20 DCP Discovery

On this page, you can select an interface and search for devices that are reachable via the
interface and support DCP. DCP Discovery only searches for devices located in the same
subnet as the interface. The reachable devices are listed in a table. In the table you can
check and adapt the network parameterrs of the devices. To identify and configure the
devices the Discovery Configuration Protocol (DCP) is used.

Note
DCP Discovery
The function is only available with the VLAN associated with the TIA interface. You configure
the TIA interface under "System > Agent IP".

Requirement:
To adapt network parameters, DCP requires write access to the device. If access is write-
protected, the network parameters cannot be configutred.
On the SCALANCE devices you configure the access in "System > Configuration".

Description
The page contains the following boxes:
● Interface
Select the required interface.
● Browse
Starts the search for devices reachable via the selected interface.
On completion of the search the reachable devices are listed in the table. The table is
limited to 100 entries.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

194 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

The table has the following columns:

● Port
Shows the port via which the device can be reached.
● MAC Address
Shows the MAC address of the device.
● Device Type
Shows the product line or product group to which the device belongs.
● Device Name
Adapt the PROFINET device name if necessary. The device name must be DNS-
compliant.
If the device name is not used, the box is empty.
● IP Address
If necessary, adapt the IPv4 address of the device.
The IPv4 address should be unique within your network and should match the network.
The IPv4 address 0.0.0.0 means that no IPv4 address has yet been set.
● Subnet mask
If necessary, adapt the subnet mask of the device.
● Gateway Address
Adapt the IPv4 address of the gateway if necessary.
● Status Device Name
– None: The device name is not used.
– Discoverd: The set device name is used.
– Configured: The device was assigned a new device name.
● Status IP Address
– Discovered/IP: The device uses a static IPv4 address.
– Discovered/DHCP: The device has obtained the IPv4 address from a DHCP server.
– Configured: The device was assigned a new IPv4 address.
● Timeout[s]
Specify the time for flashing. When the time elapses, flashing stops.
● Flash
Makes the port LEDs of the selected device flash.

Steps in configuration
1. Select the TIA interface.
2. To show all devices that can be reached via the TIA interface, click the "Browse" button.
3. Adapt the desired properties.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 195
Configuring with Web Based Management
5.4 The "System" menu

4. Click the "Set Values" button.

The status of the modified properties changes to "Configured".
5. To ensure that the properties were applied correctly, click the "Browse" button again.
The status of the modified properties changes to "Discovered".

5.4.21 Power over Ethernet (PoE)

5.4.21.1 General

Settings for Power over Ethernet (PoE)

On this page, you see information about the power that the IE switch supplies with PoE.
The PoE variants of the SCALANCE XP-200 represent PSEs (Power Sourcing Equipment).

Description of the displayed boxes

● PSE (read-only)
Shows the number of the PSE.
● Maximum Power [W] (read-only)
Maximum power that a PSE provides to supply PoE devices.
● Allocated Power [W] (read-only)
Sum of the power reserved by the PoE devices according to the "Classification".
● Power in Use [W] (read-only)
Sum of the power used by the end devices.
● Usage Threshold [%]
As soon as the power being used by the end devices exceeds the percentage shown
here, an event is triggered.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

196 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

5.4.21.2 Port

Settings for the ports

For each individual PoE port, you can specify whether or not the power will be supplied via
Ethernet. You can also set a priority for each connected powered device (PD). Devices for
which a high priority was set, take preference over other devices for the power supply.
On this page, you can see detailed information on the individual PoE ports.

Description of the displayed boxes

The page contains two tables. In table 1, you can make settings and assign them to all ports
at the same time. In table 2, you can make different settings for each port.
Table 1 has the following columns:
● Port
Shows that the settings are valid for all ports.
● Setting
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● Priority
Select the required priority.
If "No Change" is selected, the entry in table 2 remains unchanged.
● Type
Here, you can enter a string to describe the connected device in greater detail. The
maximum length is 255 characters.
● Use Custom Maximum Power
Select whether the custom maximum power is used.
If "No Change" is selected, the entry in table 2 remains unchanged.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 197
Configuring with Web Based Management
5.4 The "System" menu

● Custom Maximum Power [W]

Enter the maximum power that a port makes available to supply a connected device.
This value is only taken into account when the "Use Custom Maximum Power" check box
is selected.
If "No Change" is entered, the entry in table 2 remains unchanged
● Copy to Table
If you click the button, the settings are adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the configurable PoE ports.
The port is made up of the module number and the port number, for example port 0.1 is
module 0, port 1.
● Setting
Enable the PoE power supply for this port or interrupt it.
● Priority
From the drop-down list, select which priority this port will have for the power supply.
The following settings are possible, in ascending order of relevance:
– Low
– High
– Critical
If the power of the connected power supply is inadequate to supply all connected
devices, devices with a higher priority are given preference.
If the same priority is set for two ports, the port with the lower number will be preferred
when necessary.
● Type
Here, you can enter a string to describe the connected device in greater detail. The
maximum length is 255 characters.
● Use Custom Maximum Power
If you enable this check box for a port, the user-defined maximum power is used.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

198 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Custom Maximum Power [W]

Enter the maximum power that a port makes available to supply a connected device.
This value is only taken into account when the "Use Custom Maximum Power" check box
is selected.
The user-defined power is compared to the range of values of the class indicated by the
connected device.
– If the user-defined power is within the class of the connected device, the user-defined
value is used.
– If the user-defined power is above the class of the connected device, the highest value
of the class is used.
– If the user-defined power is below the class of the connected device, the lowest value
of the class is used.
If the power consumption of the connected device exceeds the defined or used maximum
power, the connected device is turned off.
● Classification (read-only)
The classification specifies the class of the device.
● Status (read-only)
Shows the current status of the port.
The following states are possible:
– disabled
The PoE power supply is deactivated for this port.
– delivering
The PoE power supply is activated for this port and a device is connected.
– searching
The PoE power supply is activated for this port but there is no device connected.

Note
If a device is connected to a port with PoE capability, a check is made to determine
whether the power of the port is adequate for the connected device.
If the power of the port is inadequate, although PoE is enabled in "Setting", the port
nevertheless has the status "disabled". This means that the port was disabled by the PoE
power management.

● Power [mW] (read-only)

Shows the power that the SCALANCE provides for this port.
● Voltage [V] (read-only)
Shows the voltage applied to this port.
● Current [mA] (read-only)
Shows the current with which a device connected to this port is supplied.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 199
Configuring with Web Based Management
5.4 The "System" menu

5.4.22 Port Diagnostics

5.4.22.1 Cable Tester

With this page, each individual Ethernet port can run independent fault diagnostics on the
cable. This test is performed without needing to remove the cable, connect a cable tester
and install a loopback module at the other end. Short-circuits and cable breaks can be
localized to within a few meters.

Note
Please note that this test is permitted only when no data connection is established on the
port to be tested.
If, however, there is a data connection to the port to be tested, this is briefly interrupted.
Automatic re-establishment of the connection can fail; in this case, the connection needs to
be re-established manually.

Description
The page contains the following boxes:
● Port
Select the required port from the drop-down list.
● Run Test
Activates error diagnostics. The result is shown in the table.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

200 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

The table contains the following columns:

● Pair
Shows the wire pair in the cable.

Note
Wire pairs
Wire pairs 4-5 and 7-8 of 10/100 Mbps network cables are not used.
The wire pair assignment - pin assignment is as follows (DIN 50173):
Pair 1 = pin 1-2
Pair 2 = pin 3-6
Pair 3 = pin 4-5
Pair 4 = pin 7-8

● Status
Displays the status of the cable.
● Distance
Displays the distance to the open cable end, cable break, or short-circuit in meters. The
value for the distance has a tolerance of +/- 1 m.
If the status is "OK", the length is specified with "unknown".

5.4.22.2 SFP Diagnostics

On this page, you run independent error diagnostics for each individual SFP port. This test is
performed without needing to remove the cable, connect a cable tester or install a loopback
module at the other end.

Note
Please note that this test is permitted only when no data connection is established on the
port to be tested. If, however, there is a data connection to the port to be tested, this is briefly
interrupted. Automatic re-establishment of the connection can fail; in this case, the
connection needs to be re-established manually.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 201
Configuring with Web Based Management
5.4 The "System" menu

Description
The page contains the following boxes:
● Port
Select the required port from the drop-down list.
● Refresh
Refreshes the display of the values of the set port. The result is shown in the table.
The values are shown in the following boxes:
● Name
Shows the name of the interface.
● Model
Shows the type of interface.
● Revision
Shows the hardware version of the SFP.
● Serial
Shows the serial number of the SFP.
● Nominal Bit Rate [Mbps]
Shows the nominal bit rate of the interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

202 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.4 The "System" menu

● Max. Link (50.0/125um)[m]

Shows the maximum distance in meters that is possible with this medium.
● Max. Link (62.5/125um)[m]
Shows the maximum distance in meters that is possible with this medium.
The following table shows the values of the SFP transceiver used in this port:
● Temperature[°C]
Shows the temperature of the interface.
● Voltage[V]
Shows the voltage applied to the interface in volts [V].
● Current[mA]
Shows the current consumption of the interface in milliamperes.
● Rx Power[μW]/Rx Power[dBm]
Shows the receive power of the interface in microwatts/decibel milliwatts.
● Tx Power[μW]/Tx Power[dBm]
Shows the transmit power of the interface in microwatts/decibel milliwatts.
● Current column
Shows the current value.
● Low column
Shows the lowest value.
● High column
Shows the highest value.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 203
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5 The "Layer 2" menu

5.5.1 Configuration

Configuring layer 2
On this page, you create a basic configuration for the functions of layer 2. On the
configuration pages of these functions, you can make detailed settings. You can also check
the settings on the configuration pages.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

204 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

● Dynamc MAC Aging
Enable or disable the "Aging" mechanism. You can configure other settings in "Layer 2 >
Dynamic MAC Aging".
● Redundancy Type
The following settings are available:
– "-" (disabled)
The redundancy function is disabled.
– Spanning Tree
If you select this option, you specify the required redundancy mode in the
"Redundancy Mode" drop-down list.
– Ring
If you select this option, you specify the required redundancy mode in the
"Redundancy Mode" drop-down list.
– Ring with RSTP
If you select this option, the compatibility mode for spanning tree is set permanently to
RSTP. In the "Redundancy Mode" drop-down list, you specify the redundancy mode of
the ring redundancy.
You can change the current setting in the "Ring Redundancy" and "Spanning Tree"
menus.

Note
Restriction relating to ports with the "Ring with RSTP" option
If you have enabled the "Ring with RSTP" option, the following ports must not be
included in the spanning tree:
• Ring ports
• Standby ports
• Standby coupling ports

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 205
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Redundancy Mode
If you select "Ring" or "Ring with RSTP"in the "Redundancy Type" drop-down list, the
following options are then available:
– Automatic Redundancy Detection
Select this setting to create an automatic configuration of the redundancy mode.
In the "Automatic Redundancy Detection" mode, the device automatically detects
whether or not there is a device with the "HRP Manager" role in the ring. If there is, the
device adopts the role "HRP" client.
If no HRP manager is found, all devices with the "Automatic Redundancy Detection"
or "MRP Auto Manager" setting negotiate among themselves to establish which
device adopts the role of "MRP Manager". The device with the lowest MAC address
will always become "MRP Manager". The other devices automatically set themselves
to "MRP Client" mode.
– MRP Auto-Manager
In the "MRP Auto Manager" mode, the devices negotiate among themselves to
establish which device will adopt the role of "MRP Manager". The device with the
lowest MAC address will always become "MRP Manager". The other devices
automatically set themselves to "MRP Client" mode.
In contrast to the setting "Automatic Redundancy Detection", the devices are not
capable of detecting whether or not an HRP manager is in the ring.

Note
MRP configuration in STEP 7
If you set the role "Manager (Auto)" or "Manager" for the device in STEP 7, in both
cases, "MRP Auto Manager" is displayed on this WBM page. In the display in the CLI,
a distinction is made between the two roles.

– MRP Client
The device adopts the role of MRP client.
– HRP Client
The device adopts the role of HRP client.
– HRP Manager
Te device adopts the role of HRP manager.
When you configure an HRP ring, one device must be set as HRP manager. For all
other devices, "HRP Client" or "Automatic Redundancy Detection" must be set.
If you select "Spanning Tree" in the "Redundancy Type" drop-down list, the following
options are then available:
– STP
Enables the Spanning Tree Protocol (STP). Typical reconfiguration times with
spanning tree are between 20 and 30 seconds. You can configure other settings in
"Layer 2 > Spanning Tree".
– RSTP
Enables the Rapid Spanning Tree Protocol (RSTP). If a spanning tree frame is

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

206 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

detected at a port, this port reverts from RSTP to spanning tree. You can configure
other settings in "Layer 2 > Spanning Tree".

Note
When using RSTP, loops involving duplication of frames or frames being overtaken
may occur briefly. If this is not acceptable in your particular application, use the slower
standard spanning tree mechanism.

– MSTP
Enables the Multiple Spanning Tree Protocol (MSTP). You can configure other
settings in "Layer 2 > Spanning Tree".
If you select "Ring with RSTP" in the "Redundancy Type" drop-down list, the current
redundancy mode of the spanning tree and ring redundancy is displayed.
● Standby
Enable or disable the standby redundancy function. You can find other settings in "Layer
2 > Ring Redundancy".
● Passive Listening
Enable or disable the passive listening function.
With passive listening, you can connect spanning tree networks to MRP/HRP rings. The
ring nodes forward spanning tree BPDUs and therefore react to topology changes. When
a topology change frame is received, the MAC address table is deleted.
● RMON
If you select this check box, Remote Monitoring (RMON) allows diagnostics data to be
collected on the device, prepared and read out using SNMP by a network management
station that also supports RMON. This diagnostic data, for example port-related load
trends, allow problems in the network to be detected early and eliminated. Some of the
"Ethernet statistics counters" are part of the RMON function. If you disable RMON, the
"Ethernet statistics counter" in "Information > Ethernet statistics" is no longer updated.
● Dynamic Multicast
The following settings are possible:
– "-" (disabled)
– IGMP Snooping
Enables IGMP (Internet Group Management Protocol). You can configure other
settings in "Layer 2 > Multicast > IGMP".
– GMRP
Enables GMRP (GARP Multicast Registration Protocol). You can configure other
settings in "Layer 2 > Multicast > GMRP".

Note
GMRP and IGMP cannot operate at the same time.

● GVRP
Enable or disable "GVRP" (GARP VLAN Registration Protocol). You can configure other
settings in "Layer 2 > VLAN > GVRP".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 207
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Mirroring
Enable or disable port mirroring. You can configure other settings in "Layer 2 > Mirroring".
● Loop Detection
Enable or disable the loop detection function. This allows loops in the network to be
detected. You will find other settings in "Layer 2 > Loop Detection"

5.5.2 Quality of Service (QoS)

You should also refer to the chapter "Technical Basics", section "Quality of service
(Page 47)".

5.5.2.1 General

Transmission priorities
On this page, you can specify the priorities of different frames. In addition to this, depending
on the priority you can set the method according to which the processing order of the frames
is specified.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

208 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed values

The page contains the following boxes:
● Broadcast Priority
Specify the priority of broadcast frames. The switch sorts the frame into a Queue
according to this prioritization. You configure the assignment of the priority to a queue on
the page "Layer 2 > QoS > CoS Map".
● Agent Priority
Specify the priority of agent frames. The switch sorts the frame into a queue according to
this prioritization . You configure the assignment of the priority to a queue on the page
"Layer 2 > QoS > CoS Map".
● Scheduling Mode
Select the order in which the frames are processed in the queues.
– Strict Queueing
As long as there are frames with high priority in the queue, only these high-priority
frames are processed.
– Weighted Fair Queueing
Even if there are frames with high priority in the queue, frames with a lower priority will
be processed occasionally.

Note
Devices for which you cannot set the scheduling mode use the "Strict Queueing" method.

Steps in configuration
1. From the drop-down lists "Broadcast Priority" and "Agent Priority" select the priority with
which the frames will be processed internally.
2. In the "Scheduling Mode" drop-down list select the method according to which the
processing order of the frames is decided.
3. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 209
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.2.2 CoS Map

CoS Map
On this page, you can assign CoS priorities to different queues.

Description of the displayed boxes

The table has the following columns:
● CoS
Shows the CoS priority of the incoming frames.
● Queue
From the drop-down list, select the queue that is assigned to the CoS priority.
The higher the number of the Queue, the higher the processing priority.
The service classes (CoS) are assigned to the queues as default as follows:

COS Devices with 4 queues Devices with 8 queues

0 Queue 2 Queue 2
1 Queue 1 Queue 1
2 Queue 1 Queue 3
3 Queue 2 Queue 4
4 Queue 3 Queue 5
5 Queue 3 Queue 6
6 Queue 4 Queue 7
7 Queue 4 Queue 8

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

210 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Steps in configuration
1. For each value in the "CoS" column, select the queue from the "Queue" drop-down list.
2. Click the "Set Values" button.

5.5.2.3 DSCP Map

DSCP queue
On this page, you can assign DSCP priorities to different Queues.

Description of the displayed values

Table 1 has the following columns:
● DSCP min
From the drop-down list, select the minimum value for a range of DSCP codes to which
you wish to assign a queue.
● DSCP max
From the drop-down list, select the maximum value for a range of DSCP codes to which
you wish to assign a queue.
● Queue
From the drop-down list, select the forwarding queue (send priority) that is assigned to
the range of DSCP codes.
● Copy to Table
When you click the button, the selected forwarding queue (send priority) is assigned to
the DSCP codes in the specified range.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 211
Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 has the following columns:

● DSCP
Shows the DSCP priority of the incoming frames.
● Queue
From the drop-down list, select the queue that is assigned to the DSCP priority.
The higher the queue number the higher the processing priority
The DSCP priorities are assigned to the queues as default as follows:

DSCP codes Devices with 4 queues

0 - 15 Queue 1
16 - 31 Queue 2
32 - 47 Queue 3
48 - 63 Queue 4

DSCP codes Devices with 8 queues

0-7 Queue 2
8 - 15 Queue 1
16 - 23 Queue 3
24 - 31 Queue 4
32 - 39 Queue 5
40 - 47 Queue 6
48 - 55 Queue 7
56 - 63 Queue 8

Steps in configuration
1. For each value in the "DSCP" column, select the queue from the "Queue" drop-down list.
2. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

212 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.2.4 QoS Trust

Specifying the subnet priority

On this page you can set the method according to which frames to be forwarded are
prioritized port by port.

Description of the displayed values

Table 1 has the following columns:
● Port
Shows that the setting is valid for all ports of table 2.
● Trust Mode
Select the setting from the drop-down list. You have the following setting options:
– No Trust
– Trust COS
– Trust DSCP
– Trust COS-DSCP
– No Change
Table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 213
Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 has the following columns:

● Port
Shows the configurable ports.
The port is made up of the module number and the port number, for example port 0.1 is
module 0, port 1.
● Trust Mode
Select the required mode from the drop-down list:

Note
You configure the prioritization of the receiving port on the page "Layer 2 > VLAN > Port
Based VLAN".
You configure the assignment of the following priorities to a queue on the page ""Layer 2
> QoS > CoS Map".
• Receiving port
• VLAN tag
• Broadcast and agent frame
You configure the assignment of the DSCP prioritization to a queue on the page ""Layer 2
> QoS > DSCP Mapping".

– No Trust
The switch sorts the incoming frames into a queue according to the prioritization of the
receiving port.
If there is a DSCP value in the IP header, this is ignored. If a VLAN tag exists, its
priority value is replaced by the priority value of the receiving port.
– Trust COS
If an incoming frame contains a VLAN tag, the switch sorts it into a queue according to
this prioritization.
If the frame does not contain a VLAN tag, the switch sorts the frame into a queue
according to the prioritization of the receiving port.
If there is a DSCP value in the IP header, this is ignored.
– Trust DSCP
If an incoming frame contains a DSCP prioritization, the switch sorts it into a queue
according to this prioritization.
If the frame does not contain a DSCP prioritization, the switch sorts the frame into a
queue according to the prioritization of the receiving port.
If the frame contains a VLAN tag, this is ignored.
– Trust COS-DSCP
With an incoming frame, there is a sequential check of which prioritization it contains.
If it contains a DSCP prioritization, it is handled as in the "Trust DSCP" mode.
If it contains no DSCP prioritization, the switch checks whether it contains a VLAN tag.
If it contains a VLAN tag, the switch sorts it into a queue according to this prioritization.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

214 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

If the frame contains neither a DSCP prioritization nor a VLAN tag, the switch sorts the
frame into a queue according to the prioritization of the receiving port.

Steps in configuration
1. Select the required Trust Mode from the drop-down list.
2. Click the "Set Values" button.

5.5.2.5 CoS Port Remap

Changing priority when sending

On this page depending on the priority when receiving, you can change the priority of a
frame with which it is sent. The new priority effects only the following devices that receive the
frame.

Description of the displayed boxes

The page contains the following boxes:
● CoS Remap
Enable or disable frames being sent with changed priorities according to Table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 215
Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 1 has the following columns:

● Port
Shows that the settings are valid for all ports of table 2.
● Priority 0 - 7
The priority in the column stands for the priority with which a frame is received.
– 0-7
Select the priority with which a frame will be sent.
– No Change
No change in table 2.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows all available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Priority 0 - 7
The priority in the column stands for the priority with which a frame is received.
In the drop-down list select the priority with which a frame will be sent.

Steps in configuration
1. Select the "CoS Remap" check box.
2. Using the drop down lists select the priority for sending for each receive priority per port.
3. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

216 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.3 Rate Control

Limiting the transfer rate of incoming and outgoing data

On this page, you configure the load limitation for the individual ports. You can specify the
category of frame for which these limit values will apply.

Description of the displayed values

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports.
● Limit Ingress Unicast(DLF) / Limit Ingress Broadcast / Limit Ingress Multicast
Select the required setting in the drop-down list.
– Enabled: Enables the function.
– Disabled: Disables the function
– No Change: The setting in table 2 remains unchanged
● Total Ingress Rate kb/s
Specify the data rate for all incoming frames. If "No Change" is entered, the entry in table
2 remains unchanged
● Egress Rate kb/s
Specify the data rate for all outgoing frames. If "No Change" is entered, the entry in table
2 remains unchanged
● Copy to table
If you click the button, the settings are adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 217
Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 has the following columns:

● Port
Shows all available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Limit Ingress Unicast(DLF)
Enable or disable the data rate for limiting incoming unicast frames with an unresolvable
address (Destination Lookup Failure).
● Limit Ingress Broadcast
Enable or disable the data rate for limiting incoming broadcast frames.
● Limit Ingress Multicast
Enable or disable the data rate for limiting incoming multicast frames.
● Total Ingress Rate kb/s
Specify the data rate for all incoming frames.
● Egress Rate kb/s
Specify the data rate for all outgoing frames.

Note
Rounding of the values, deviation from desired value
When you input, note that the WBM rounds to correct values.
If values are configured for Total Ingress Rate and Egress Rate, the actual values in
operation can deviate slightly from the set values.

Steps in configuration
1. Enter the relevant values in the columns "Total Ingress Rate"and "Egress Rate" in the
row of the port being configured.
2. To use the limitation for the incoming frames, select the check box in the row. For
outgoing frames, the value in the "Egress Rate" column is used.
3. Click the "Set Values" button.

5.5.4 VLAN

5.5.4.1 General

VLAN configuration page

On this page you specify whether or not the device forwards frames with VLAN tags
transparently (IEEE 802.1D/VLAN-unaware mode) or takes VLAN information into account
(IEEE 802.1Q/VLAN-aware mode). If the device is in the "802.1Q VLAN Bridge" mode, you
can define VLANs and specify the use of the ports .

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

218 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

The possible settings on this page depend on what you select in the "Base Bridge Mode"
box.

Note
Changing the Agent VLAN ID
If the configuration PC is connected directly to the device via Ethernet and you change the
agent VLAN ID, the device is no longer reachable via Ethernet following the change.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 219
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The page contains the following boxes:
● Bridge Mode
Select the role of the device. The following roles are available:
– Customer
If you operate the device with the "Customer" role, it behaves like a standard IE
switch.
– Provider
If you operate the device with the "Provider" role, in addition to the properties of the
"Customer" role, it provides the option of managing external VLAN tags. In this role,
you can use the function Q-in-Q VLAN tunnel.

Note
The Provider role has the following effects on the VLAN tag: All data packets that are
not sent from an access port receive a VLAN tag. If the VLAN configuration of the
other devices is not adapted accordingly, network loops can occur or network
segments may no longer be reachable.

● Base bridge mode

Note
Changing Base bridge mode
Note the section "Changing Base bridge mode" in this chapter. This section describes
how a change affects the existing configuration.

Select the required mode from the drop-down list. The following modes are possible:
– 802.1Q VLAN Bridge
Sets the mode "VLAN-aware" for the device. In this mode, VLAN information is taken
into account.
– 802.1D Transparent Bridge
Sets the mode "VLAN-unaware" for the device. In this mode, VLAN tags are not
changed but are forwarded transparently. The VLAN priority is evaluated for CoS. In
this mode, you cannot create any VLANs. Only a management VLAN is available:
VLAN 1.
● VLAN ID
Enter the VLAN ID in the "VLAN ID" input box.
Range of values: 1 ... 4094

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

220 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

The table has the following columns:

● Select
Select the row you want to delete.
● VLAN ID
Shows the VLAN ID. The VLAN ID (a number between 1 and 4094) can only be assigned
once when creating a new data record and can then no longer be changed. To make a
change, the entire data record must be deleted and created again.
● Name
Enter a name for the VLAN. The name only provides information and has no effect on the
configuration.
Length: Max. 32 characters
● State
Shows the status type of the entry in the internal port filter table. Here, "Static" means that
the VLAN was entered statically by the user.
● Private VLAN Type
Shows the type of the PVLAN.
● Primary VLAN ID
, with secondary PVLANs shows the ID of the corresponding primary PVLAN.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 221
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Priority
Select a priority to be forced for the VLAN. The selected priority is entered in all incoming
frames of this VLAN. The frames are processed further by the switch depending on the
selected priority, regardless of the port priority or the prioritization in untagged frames.
The VLAN tags contained in the frame are not changed.
If you select "Do not force", the priority of the frames remains unchanged. The frames are
prioritized according to the port priority or the VLAN tag.
● List of ports
Specify the use of the port. The following options are available:
– "-"
The port is not a member of the specified VLAN.
With a new definition, all ports have the identifier "-".
– M
The port is a member of the VLAN. Frames sent in this VLAN are forwarded with the
corresponding VLAN tag.
– R
The port is a member of the VLAN. A GVRP frame is used for the registration.
– U (uppercase)
The port is an untagged member of the VLAN. Frames sent in this VLAN are
forwarded without the VLAN tag. Frames without a VLAN tag are sent from this port.
– u (lowercase)
The port is an untagged member of the VLAN, but the VLAN is not configured as a
port VLAN. Frames sent in this VLAN are forwarded without the VLAN tag.
– F
The port is not a member of the specified VLAN and cannot become a member of this
VLAN even if it is configured as a trunk port.
– T
This option is only displayed and cannot be selected in the WBM.
This port is a trunk port making it a member in all VLANs.

Changing Base bridge mode

VLAN-unaware (802.1D transparent bridge) → VLAN-aware (802.1Q VLAN bridge)
If you change the Base bridge mode from VLAN-unaware to VLAN aware, this has the
following effects
● All static and dynamic unicast entries are deleted.
● All static and dynamic multicast entries are deleted.
● With spanning tree you can set the following protocol compatibility: STP, RSTP and
MSTP.
VLAN-aware (802.1Q VLAN bridge) → VLAN-unaware (802.1D transparent bridge)

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

222 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

If you change the Base bridge mode from VLAN-aware to VLAN-unaware, this has the
following effects
● All VLAN configurations are deleted.
● A management VLAN is created: VLAN 1.
● All static and dynamic unicast entries are deleted.
● All static and dynamic multicast entries are deleted.
● With spanning tree you can set the following protocol compatibility: STP and RSTP.
● You cannot use GVRP.
● You cannot use guest VLAN.
● The VLAN assignment cannot be adopted from the RADIUS server.
● You cannot configure the port type.
● Defined access rules must be valid for all VLANs. On the "Security > Management ACL"
page, the value "1-4094" must be defined for the parameter "VLANs Allowed".

802.1Q VLAN bridge: Important rules for VLANs

Make sure you keep to the following rules when configuring and operating your VLANs:
● Frames with the VLAN ID "0" are handled as untagged frames but retain their priority
value.
● As default, all ports on the device send frames without a VLAN tag to ensure that the end
node can receive these frames.
● With SCALANCE X devices, the VLAN ID "1" is the default on all ports.
● If an end node is connected to a port, outgoing frames should be sent without a tag (static
access port). If, however, there is a further switch at this port, the frame should have a
tag added (trunk port).

Steps in configuration
1. If "802.1Q VLAN bridge" is not set, from the drop-down list "Base Bridge Mode", select
the entry "802.1Q VLAN Bridge". Click the "Set Values" button.
2. Enter an ID in the "VLAN ID" input box.
3. Click the "Create" button. A new entry is generated in the table. As default, the boxes
have "-" entered.
4. If applicable, enter a name for the VLAN.
5. Specify the use of the port in the VLAN. If, for example you select "M", the port is a
member of the VLAN. Frames sent in this VLAN are forwarded with the corresponding
VLAN tag.
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 223
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.4.2 GVRP

Configuration of GVRP functionality

Using a GVRP frame, a different device can register at the port of the device for a specific
VLAN ID. A different device, can, for example be an end device or a switch. The device can
also send GVRP frames via this port.
On this page, you can enable each port for GVRP functionality.

Description of the displayed boxes

The page contains the following boxes:
● GVRP
Enable or disable the GVRP function.
Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Enables the sending of GVRP frames.
– Disabled
Disables the sending of GVRP frames.
– No change
No change to table 2.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

224 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 has the following columns:

● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Setting
Enable or disable the sending GVRP frames.

Steps in configuration
1. Click "GVRP" check box.
2. Click the check box after the port in the "Setting" column to enable or disable GVRP for
this port.
Repeat this for every port for which you want to enable or disable the function.
3. Click the "Set Values" button.

5.5.4.3 Port-based VLAN

Processing received frames

On this page, you specify the configuration of the port properties for receiving frames.
You can only configure the settings on this page if on the "General" tab you selected the
"Base Bridge Mode" "802.1Q VLAN Bridge".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 225
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports.
● Priority / / Port VID / Acceptable Frames / Ingress Filtering
Select the setting in the drop-down list. If "No Change" is selected, the entry in table 2
remains unchanged.
● Copy to Table
When you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Priority
The CoS priority (Class of Service) used in a VLAN tag. If a frame is received without a
tag, it will be assigned this priority. The priority specifies how the frame is further
processed compared with other frames.
There are a total of eight priorities with values 0 to 7, where 7 represents the highest
priority (IEEE 802.1P Port Priority).
From the drop-down list, select the priority given to untagged frames.
● Port VID
Select the VLAN ID from the drop-down list. Only VLAN IDs defined on the "VLAN >
General" page can be selected.
If a received frame does not have a VLAN tag, it has a tag with the VLAN ID specified
here added to it and is sent according to the rules at the port.
● Acceptable Frames
Specify which types of frames will be accepted. The following alternatives are possible:
– Tagged Frames Only
The device discards all untagged frames. Otherwise, the forwarding rules apply
according to the configuration.
– All
The device forwards all frames.
– Untagged and Priority Tagged Only
The device discards all tagged frames. The device forwards all untagged frames and
frames with a priority (Priority Tagged Frames). Otherwise, the forwarding rules apply
according to the configuration.
If you have configured the Bridge mode "Provider", this means that the device treats
all incoming frames like untagged frames.
● Ingress Filtering
Specify whether the VID of received frames is evaluated
You have the following options:
– Enabled
The VLAN ID of received frames decides whether they are forwarded: To forward a

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

226 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

VLAN tagged frame, the receiving port must be a member in the same VLAN. Frames
from unknown VLANs are discarded at the receiving port.
– Disabled
All frames are forwarded.

Steps in configuration
1. In the row of the port to be configured, click on the relevant cell in the table to configure it.
2. Enter the values to be set in the input boxes as follows.
3. Select the values to be set from the drop-down lists.
4. Click the "Set Values" button.

5.5.5 Private VLAN

5.5.5.1 General

Private VLAN configuration page

On this page you define the types of the PVLANs and assign secondary PVLANs to a
primary PVLAN.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 227
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The table has the following columns:
● VLAN ID
Shows the VLAN ID.
● Private VLAN Type
Specify the type of PVLAN:
– -
These VLANs are not private VLANs.
– Primary
With this type, you define a primary PVLAN. In a PVLAN you can only define one
primary PVLAN. The primary PVLAN uses the VLAN ID of the VLAN.
– Isolated
With this type, you define a secondary PVLAN. Devices within an isolated secondary
PVLAN cannot communicate with each other via layer 2. The secondary PVLAN has a
specific VLAN ID.
– Community
With this type, you define a secondary PVLAN. The devices in this secondary PVLAN
can communicate with each other via layer 2. The secondary PVLAN has a specific
VLAN ID.
● Primary VLAN ID
For secondary PVLANs select the VLAN ID of the primary PVLAN.

Steps in configuration
1. Create the required VLANs on the page "Layer 2 > VLAN > General".

Note
All secondary PVLANs must be known on all IE switches of a PVLAN. Even if an IE
switch has no host port in a secondary PVLAN, the secondary PVLAN must be known on
the IE switch.

2. Change to the page "Layer 2 > Private VLAN > General". A line is created there for every
VLAN.
3. On this page, you specify the "Private VLAN Type".
4. Click the "Set Values" button.
5. For the secondary PVLANs specify the corresponding primary PVLAN.
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

228 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

7. For the required ports select the corresponding port type on the page "System > Ports >
Configuration":
– Switch-Port PVLAN Promiscuous
– Switch Port VLAN Host
8. Specify the use of the ports on the page "Layer 2 > VLAN > General".
– For promiscuous ports that are connected to other promiscuous ports, select the
setting "M" in all PVLANs.
– For promiscuous ports that are connected to an end device, select the setting "u"
(lower case) in all PVLANs.
In the primary PVLAN, the setting is automatically changed to "U" (upper case) after
saving.
– For host ports in the primary PVLAN and in its secondary PVLAN, select the setting
"u" (lower case)
In its secondary PVLAN, the setting is automatically changed to "U" (upper case) after
saving.
With incoming untagged frames, the port VLAN-ID of the VLAN is set by entering the port
with the setting "U" (upper case).

5.5.5.2 IP Interface Mapping

Private VLAN configuration page

On this page you specify from which secondary PVLANs the IP interface of the primary
PVLAN will be reachable.
Configure the IP interface assignment for all functions for which an end device needs to
communicate from the secondary PVLAN via the IP interface of the primary PVLAN.
Examples:
● An end device in the secondary PVLAN is configured as DHCP client. A remote DHCP
server is set up. A PVLAN switch is configured as DHCP relay agent. Configure an IP
interface in the primary PVLAN of the DHCP relay agent. Assign the secondary PVLANs
containing DHCP clients to this IP interface.
● A PVLAN switch is configured as router. Configure an IP interface in the primary PVLAN
of the router. Assign the secondary PVLANs containing end devices that use the router
as a gateway to this IP interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 229
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The page contains the following boxes:
● Interface
Select the primary PVLAN with an IP interface.
● Secondary VLAN ID
Select a secondary VLAN ID from which the IP interface of the primary PVLAN will be
reachable.
The table has the following columns:
● Select
Select the row you want to delete.
● Interface
Shows the IP interface.
● Secondary VLAN-ID
Shows the secondary VLAN-ID of the secondary PVLAN from which the IP interface of
the primary PVLAN is reachable.

Steps in configuration
1. Create an IP interface for the primary PVLAN.
2. Select the primary PVLAN with an IP interface.
3. Select a secondary VLAN ID.
4. Click the "Create" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

230 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.6 Provider bridge

5.5.6.1 Tunnel ports

Configuration page for tunnel ports

On this page, you enable the Q-in-Q VLAN tunnel function. Frames received by a tunnel port
are expanded by an external VLAN tag, the PVID of the port.

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Enables the Q-in-Q VLAN tunnel function on all ports.
– Disabled
Disables the Q-in-Q VLAN tunnel function on all ports.
– No Change
Table 2 remains unchanged.
● Copy to Table
When you click the button, the settings are adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 231
Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 has the following columns:

● Port
Shows all available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Setting
Enable or disable the function for this port.

Steps in configuration
To configure a port as a tunnel port proceed as follows:
1. Change to the page "Layer 2 > VLAN > General".
2. Configure the Bridge mode "Provider".
3. Click the "Set Values" button.
The layer 2 port settings (VLAN, Spanning Tree) are restored to the factory defaults and
the device is restarted.
4. Change to the page "Layer 2 > VLAN > General".
5. Enter the required VLAN ID.
6. Click the "Create" button.
7. Change to the page "Layer 2 > VLAN > Port Based VLAN".
8. For the port select the port VID of the created VLAN.
9. For the port in "Acceptable Frames" select the setting "Untagged and Priority Tagged
Only".
10.Click the "Set Values" button.
11.Change to the page "Layer 2 > VLAN > General".
12.For the port in the required VLAN, select the setting "U" (uppercase).
13.For the port in all other VLANs, select the setting "-".
14.Click the "Set Values" button.
15.Disable the following protocols on the port:
– On the page "Layer 2 > VLAN > GVRP" the check box beside "Setting".
– On the page "Layer 2 > Spanning Tree > CIST Port" the check box beside "Spanning
Tree Status".
– On the page "Layer 2 > Multicast > GMRP" the check box beside "Setting".
16.Change to the page "System > Ports > Configuration"
17.Select the required port.
18.Select the port type "Switch-Port VLAN Access".
19.Click the "Set Values" button.
20.Change to the page "Layer 2 > Provider-Bridge > Tunnel-Ports".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

232 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

21.Select the check box for the required port.

22.Click the "Set Values" button.
On the page "Layer 2 > VLAN > General", the setting is changed automatically to "Q"
after you save.

5.5.7 Mirroring

5.5.7.1 General
On this page, you can enable or disable the mirroring function and make the basic settings.

Note
It cannot be guaranteed when mirroring the data traffic that all packets are mirrored. This
depends primarily on the load on the mirrored ports and on the number of sessions. To
achieve maximum precision, a limit of one session is recommended.

Note the data rate

If the maximum data rate of the mirrored port is higher than that of the monitor port, data
may be lost and the monitor port no longer reflects the data traffic at the mirrored port.
Several ports can be mirrored to one monitor port at the same time.

Several source ports from the same VLAN

If in a VLAN you select more than one source port for the port-based egress mirroring,
unknown unicast and multicast frames as well as broadcast frames are forwarded only once
to the destination port.

Settings

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 233
Configuring with Web Based Management
5.5 The "Layer 2" menu

The page contains the following boxes:

● Mirroring
Click this check box to enable or disable mirroring.

Note
You need to disable port mirroring if you want to connect a normal end device to the
monitor port.

● Monitor Barrier
Click this check box to enable or disable Monitor Barrier.

Note
Effects of Monitor Barrier
If you enable this option, management of the switch via the monitor port is no longer
reachable. The following port-specific functions are changed:
• The DCP Forwarding is turned off.
• LLDP is turned off.
• Unicast, multicast and broadcast blocking are turned on.
The previous statuses of these functions are no longer restored after disabling monitor
barrier again. They are reset to the default values and may need to be reconfigured.
You can configure these functions manually even if monitor barrier is turned on. The data
traffic on the monitor port is also allowed again. If you do not require this, make sure that
only the data traffic you want to monitor is forwarded to the interface.
If mirroring is disabled, the listed port-specific functions are reset to the default values.
This reset takes place regardless of whether the functions were configured manually or
automatically by enabling Monitor Barrier.

The table for the basic settings contains the following boxes:
● Select
Select the row you want to delete.
● Session ID
The Session ID is assigned automatically when a new entry is created. You can create
precisely one session.
● Session Type
Shows the type of mirroring session.
● Status
Shows whether or not mirroring is enabled.
● Dest. Port
From the drop-down list, select the output port to which data will be mirrored in this
session.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

234 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Procedure
Creating a mirroring session
1. Activate mirroring.
2. Click the "Create" button to create an entry in the table.
The session ID is assigned automatically.
3. Select a destination port.
4. Click the "Set Values" button to save and activate the selected settings.
5. Change to the following tab to make further detailed settings for the session ID.
Deleting a mirroring session
1. Click the check box in the first column to select the row.
2. Click the "Delete" button to delete the selected rows.

5.5.7.2 Port

Mirroring ports
You can only configure the settings on this page if you have already generated a session ID
with the session type "Port-based" on the "General" tab.

Description of the displayed boxes

The page contains the following boxes:
● Session ID
Shows the session.
● Port
Shows all available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 235
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Ingress Mirroring
Enable or disable listening in on incoming packets at the required port.
● Egress Mirroring
Enable or disable listening in on outgoing packets at the required port.

Note
Mirroring with ring ports
If you enable the mirroring function for a ring port, the ring port sends test frames even in the
"link down" status.

Steps in configuration
1. In the table, click the check box of the row after the port to be mirrored.
Select whether you want to monitor incoming or outgoing packets.
To monitor the entire data traffic of the port, select both check boxes.
2. Click the "Set Values" button.

5.5.8 Dynamic MAC Aging

Protocol settings and switch functionality

The device automatically learns the source addresses of the connected nodes. This
information is used to forward data frames to the nodes specifically involved. This reduces
the network load for the other nodes.
If a device does not receive a frame whose source address matches a learnt address within
a certain time, it deletes the learnt address. This mechanism is known as "Aging". Aging
prevents frames being forwarded incorrectly, for example when an end device is connected
to a different switch port.
If the check box is not enabled, a device does not delete learnt addresses automatically.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

236 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The page contains the following boxes:
● Dynamic MAC Aging
Enable or disable the function for automatic aging of learned MAC addresses.
● Aging Time[s]
Enter the time in seconds in steps of 15. After this time, a learned address is deleted if
the device does not receive any further frames from this sender address.
Range of values: 15 - 630 (seconds)
Factory setting: 30

Note
Rounding of the values, deviation from desired value
When you input the Aging Time, note that it is rounded to correct values. If you enter a
value that cannot be divided by 15, the value is automatically rounded down.

Steps in configuration
1. Select the "Dynamic MAC Aging" check box.
2. Enter the time in seconds in the "Aging Time[s]" input box.
3. Click the "Set Values" button.

5.5.9 Ring redundancy

5.5.9.1 Ring

Configuration of ring redundancy

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 237
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Ring Redundancy
If you enable the "Ring Redundancy" check box, you turn ring redundancy on. The ring
ports set on this page are used.
● Ring Redundancy mode
Here, you set the mode of the ring redundancy.
The following modes are available:
– Automatic Redundancy Detection
Select this setting to create an automatic configuration of the redundancy mode.
In the "Automatic Redundancy Detection" mode, the device automatically detects
whether or not there is a device with the "HRP Manager" role in the ring. If there is, the
device adopts the role "HRP" client.
If no HRP manager is found, all devices with the "Automatic Redundancy Detection"
or "MRP Auto Manager" setting negotiate among themselves to establish which
device adopts the role of "MRP Manager". The device with the lowest MAC address
will always become "MRP Manager". The other devices automatically set themselves
to "MRP Client" mode.
– MRP Auto-Manager
In the "MRP Auto Manager" mode, the devices negotiate among themselves to
establish which device will adopt the role of "MRP Manager". The device with the
lowest MAC address will always become "MRP Manager". The other devices
automatically set themselves to "MRP Client" mode.
In contrast to the setting "Automatic Redundancy Detection", the devices are not
capable of detecting whether or not an HRP manager is in the ring.

Note
MRP configuration in STEP 7
If you set the role "Manager (Auto)" or "Manager" for the device in STEP 7, in both
cases, "MRP Auto Manager" is displayed on this WBM page. In the display in the CLI,
a distinction is made between the two roles.

– MRP Client
The device adopts the role of MRP client.
– HRP Client
The device adopts the role of HRP client.
– HRP Manager
Te device adopts the role of HRP manager.
When you configure an HRP ring, one device must be set as HRP manager. For all
other devices, "HRP Client" or "Automatic Redundancy Detection" must be set.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

238 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Ring ports
Here, you set the ports to be used as ring ports in ring redundancy.
The ring port you select in the left-hand drop-down list is the "Isolated Port" in HRP.
The factory setting defines the following ring ports:

Devices Factory setting ring ports

SCALANCE XB208 and XB216 P0.1 and P0.2
SCALANCE XB205-3 P0.7 and P0.8
SCALANCE XB213-3 P0.15 and P0.16
SCALANCE XC206-2SFP, XC206-2SFP G, P0.1 and P0.2
XC206-2SFP EEC, XC206-2SFP G EEC,
XC208, XC208G, XC208EEC, XC208G EEC,
XC216, XC216EEC and XC224
SCALANCE XC206-2 P0.7 and P0.8
SCALANCE XF-200BA P1.1 and P2.1
SCALANCE XP208 P0.1 and P0.2
SCALANCE XP216 P0.10 and P0.12
SCALANCE XR324WG, XR328-4C WG (GE) P0.1 and P0.2
SCALANCE XR328-4C WG P0.25 and P0.26

H-Sync
H-Sync is a Layer 2 protocol with which process data is synchronized via PROFINET in
systems with redundant control.
The two controllers are connected redundantly via an MRP ring. The controllers must be
directly connected with one another on a path. Both controllers are configured as "MRP
Auto-Manager", so one of the controllers becomes MRP manager. All other devices in the
ring are MRP clients. The two controllers send H-Sync frames in both directions of the
ring (Provider). H-Sync frames that you receive are not forwarded (Consumer). All other
devices in the ring only forward the H-Sync frames between their ring ports in both
directions (Forwarder). The H-Sync frames are filtered on all other ports.
H-Sync is a transparent protocol for the IE switches. For information on which IE switches
can be used as H-Sync forwarder, refer to the section "System functions and hardware
equipment".
You only configure H-Sync via STEP 7 Basic or Professional. However, note that settings
deviating from the following rules can result in complications in configuration:
– Redundancy mechanism: MRP client
– Ring ports:
- Use the ring ports preset in the factory. You can find more detailed information on
this in the table in the previous section "Ring ports".
- Use the first two optical interfaces.
- Use the first two gigabit interfaces.
- Use Port 1 and Port 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 239
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Observer
Enable or disable the observer. The "Observer" function is only available in HRP rings.
The ring port selected in the left-hand drop-down list is connected to the "isolated port" of
an HRP manager.
The observer monitors malfunctions of the redundancy manager or incorrect
configurations of an HRP ring.
If the observer is enabled, it can interrupt the connected ring if errors are detected. To do
this, the observer switches a ring port to the "blocking" status. When the error is resolved,
the observer enables the port again.
● Restart Observer
If numerous errors occur in quick succession, the observer no longer enables its port
automatically. The ring port remains permanently in the "blocking" status. This is signaled
by the error LED and a message text.
After the errors have been eliminated, you can enable the port again using the "Restart
Observer" button.

Steps in configuration
1. Select the "Ring Redundancy" check box.
2. Select the redundancy mode.
3. Specify the ring ports.
4. Click the "Set Values" button.

Restoring factory settings

EtherNet/IP / Industrial Ethernet variants

If you have restored the factory defaults, ring redundancy is disabled and the ring port
settings are reset. Spanning tree is enabled.

PROFINET variants
If you have restored the factory defaults, ring redundancy is enabled. If you reset to the
factory settings, the ring port settings are also reset. If you used other ports previously as
ring ports before resetting, a previously correctly configured device can cause circulating
frames and therefore the failure of the data traffic.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

240 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Changing over the status of the ring ports with the redundancy manager (HRP)
If you configure a redundancy manager, set the status of the ring ports. The first ring port
changes to the "blocking" status and the second ring port to the "forwarding" status. As long
as ring redundancy is enabled, you cannot change the status of these ring ports.

Note
Make sure that you first open the ring so that there are no circulating frames.

Changing ring ports

To change the ring ports, follow the steps below:
1. Open the ring.
2. Select the new ring ports.
3. Change the cable connections.
4. Close the ring.

5.5.9.2 Standby

Redundant linking of rings

Standby redundancy allows the redundant linking of HRP rings.
To establish a standby connection, configure two neighboring devices within a ring as
standby master or standby slave. The standby master and the standby slave must be
connected via parallel cables to two devices in another ring.
In problem-free operation, messages are exchanged between the two rings via the master. If
the master's line is disturbed, the slave takes over the forwarding of messages between the
two rings.
Enable standby redundancy for both standby partners and select the ports via which the
device is connected to the rings you want to link to.
For the "Standby Connection Name", a name unique within the ring must be assigned for
both partners. This identifies the two modules that belong together as standby partners.

Note
To be able to use the function, HRP must be activated.

Note
When the connection of standby master and standby slave in a line topology is restored after
an interruption, increased data traffic may occur temporarily.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 241
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

● Standby
Enable or disable the standby function.

Note
If two devices are linked by standby, the "Standby" function must be enabled on both
devices.

● Standby Connection Name

This name defines the master/slave device pair. Both devices must be located in the
same ring.
Here, enter the name for the standby connection. This must be identical to the name
entered on the standby partner. You can select any name to suit your purposes, however,
you can only use the name for one pair of devices in the entire network.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

242 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Force device to Standby Master

If you select this check box, the device is configured as a standby master regardless of its
MAC address.
– If this check box is not selected for either of the devices for which the standby master
is enabled, then assuming that no error has occurred, the device with the higher MAC
address adopts the role of standby master.
– If the option is selected for both devices or if the "Force device to Standby Master"
property is supported by only one device, the standby master is also selected based
on the MAC address.
This type of assignment is important in particular when a device is replaced. Depending
on the MAC addresses, the previous device with the slave function can take over the role
of the standby master.

Note
If the option "Force device to Standby Master" is enabled on both devices of a standby
coupling, this can lead to circulating frames and therefore to failure of the data traffic.
Enable the "Force device to Standby Master" option only on one device of a standby
coupling.

● Wait for Standby Partner

– Enabled
A standby connection is enabled only after the standby master and the standby slave
as well as their standby partners have established a connection. This ensures that the
redundant connection is really available before communication via a standby
connection is enabled.
– Disabled
A standby connection is enabled even if the standby master has not yet established a
connection to the standby slave.
This can lead to circulating frames and failure of the data traffic if another standby
connection has already been enabled. Multiple standby connections can, for example,
result due to configuration errors if different standby connection names were assigned
to the standby master and standby slave.
● Standby Port
Select the port to be standby port. The link to the other ring is via the standby port.
The standby port is involved in the redirection of data traffic. In there are no problems,
only the standby port of the master is enabled and handles the data traffic into the
connected HRP ring or HRP bus.
If the master or the Ethernet connection of the standby port of the master fails, the
standby port of the master will be disabled and the standby port of the slave enabled. As
a result, a functioning Ethernet connection to the connected network segment (HRP ring
or HRP linear bus) is restored.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 243
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.9.3 Link Check

Requirements
● You cannot enable Link Check on ports with 10 Gbps.
● You can only enable the Link Check function with optical ring ports of an HRP or MRP
ring.

Note
Replacing: media modules: Optical → electrical
If you run Link Check on an optical port of a media module, not the following:
• Link Check is activated on the optical port of a media module.
• You want to replace the media module with a module without optical ports.
1. Disable the link check on the ports of the inserted module.
2. Replace the media module.

● Link Check must be enabled on two neighboring devices (connection partners) within an
HRP or MRP ring.
● The ring ports on which you enable Link Check must be connected.

Monitoring optical connections in the ring

With the Link Check function, you can monitor the transmission quality of optical sections
within an HRP or MRP ring, identify disturbed connections and under certain conditions turn
them off. When the disturbed section is turned off, the redundancy manager can close the
ring and restore communication.

NOTICE

Make sure that the frames used by Link Check for monitoring the optical connections are
not supplanted by an overload of high-priority frames in the network.
An overload of high priority frames can be caused by the following, for example:
• Network loops that can cause duplication of the high-priority frames
• Changing the priorities for forwarding frames

Note
Enable Link Check on only one of two connection partners This can lead to incorrect
behavior.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

244 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Note
If Link Check is enabled on all devices of a ring at the same time, and several connections
within the ring have problems, this leads to fragmentation of the ring.
1. During commissioning enable the Link Check function for one connection section after
the other by enabling Link Check for the two connection partners connected to a line.
2. To ensure an error-free connection, wait 1 min. before you enable Link Check for the next
connection.

Description of the displayed boxes

The table contains the following columns:
● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Setting
With this check box, you enable or disable the Link Check function for a port.
When connection monitoring is enabled, you can see the number of sent and received
Link Check test frames on the "Information > Redundancy > Link Check” page.
● Reset
After resetting Link Check, the function is restarted on the port and the statistics are
reset.
If you use the “Reset” button, the reset must be performed on both connection partners
within 30 s.

Note
When you use the “Reset” button, loops can form temporarily resulting in a loss of data
traffic. The loop is automatically cleared again.
If this is not acceptable for your application, reset Link Check by pulling the cable and
plugging it in again.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 245
Configuring with Web Based Management
5.5 The "Layer 2" menu

Steps in configuration
Enabling Link Check
Follow the steps below to activate the monitoring of a ring port:
1. Select the appropriate check box in the "Setting" column.
2. Click the "Set Values" button.
Disabling Link Check
Follow the steps below to deactivate the monitoring of a ring port:
1. Deactivate the appropriate check box in the "Setting" column.
2. Click the "Set Values" button.

5.5.10 Spanning tree

5.5.10.1 General

General settings of spanning tree

This is the basic page for spanning tree. Select the compatibility mode from the drop-down
list.
On the configuration pages of these functions, you can make further settings.
Depending on the compatibility mode, you can configure the corresponding function on the
relevant configuration page.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

246 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The page contains the following boxes:
● Spanning Tree
Enable or disable spanning tree.
● Protocol Compatibility
Select the compatibility mode of STP.
The following settings are available:
– STP
– RSTP
– MSTP

Steps in configuration
1. Select the "Spanning Tree" check box.
2. From the "Protocol Compatibility" drop-down list, select the type of compatibility.
3. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 247
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.10.2 CIST General

MSTP-CIST configuration
The page consists of the following parts.
● The left-hand side of the page shows the configuration of the device.
● The central part shows the configuration of the root bridge that can be derived from the
spanning tree frames received by an device.
● The right-hand side shows the configuration of the regional root bridge that can be
derived from the MSTP frames. The displayed data is only visible if you have enabled
"Spanning Tree"on the "General" page and if "MSTP" is set for "Protocol Compatibility".
This also applies to the "Bridge Max Hop Count" parameter. If the device is a root bridge,
the information on the left and right matches.

Description of the displayed boxes

The page contains the following boxes:
● Bridge Priority / Root Priority
The Bridge Priority decides which device becomes the Root Bridge. The Bridge with the
highest priority becomes the Root Bridge. The lower the value, the higher the priority. If
several devices in a network have the same priority, the device whose MAC address has
the lowest numeric value will become the root bridge. Both parameters, bridge priority
and MAC address together form the bridge identifier. Since the root bridge manages all
path changes, it should be located as centrally as possible due to the delay of the frames.
The value for the bridge priority is a whole multiple of 4096. Range of values: 0 - 61440
● Bridge Address / Root Address
The bridge address shows the MAC address of the device and the root address shows
the MAC address of the root bridge.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

248 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Root port
Shows the port via which the switch communicates with the root bridge.
● Root Cost
The path costs from this device to the root bridge.
● Topology Changes / Last Topology Change
The entry for the device shows the number of reconfiguration actions due to the spanning
tree mechanism since the last startup. For the root bridge, the time since the last
reconfiguration is displayed as follows:
– Seconds: Unit "sec" after the number
– Minutes: Unit min after the number
– Hours: Unit hr after the number
● Bridge hello time [s] / Root hello time [s]
Each bridge sends configuration frames (BPDUs) regularly. The interval between two
configuration frames is the "Hello Time".
Factory setting: 2 seconds

Note
The setting of the "Bridge Hello Time" is only possible with the Protocol compatibility
RSTP. If the "Protocol compatibility MSTP is set, the "Hello Time" parameter on the page
"Layer 2 > Spanning Tree > CIST Port" page is used.

● Bridge Forward Delay[s] / Root Forward Delay[s]

New configuration data is not used immediately by a bridge but only after the period
specified in the Forward Delay parameter. This ensures that operation is only started with
the new topology after all the bridges have the required information.
Factory setting: 15 seconds
● Bridge Max Age[s] / Root Max Age[s]
If the BPDU is older than the specified "Max Age" it is discarded.
Factory setting: 20 seconds
● Regional root priority
For a description, see Bridge Priority / Root Priority
● Regional Root Address
The MAC address of the device.
● Regional Root Cost
The path costs from this device to the root bridge.
● Bridge Max Hop Count
This parameter specifies how many MSTP nodes a BPDU may pass through. If an MSTP
BPDU is received and has a hop count that exceeds the value configured here, it is
discarded. The default for this parameter is 20.
● Region Name
Enter the name of the MSTP region to which this device belongs. As default, the MAC
address of the device is entered here. This value must be the same on all devices that
belong to the same MSTP region.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 249
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Region Version
Enter the version number of the MSTP region in which the device is located. This value
must be the same on all devices that belong to the same MSTP region.
● Reset Counters
Click this button to reset the counters on this page.

Steps in configuration
1. Enter the data required for the configuration in the input boxes.
2. Click the "Set Values" button.

5.5.10.3 CIST port

MSTP-CIST port configuration

When the page is called, the table displays the current status of the configuration of the port
parameters.
To configure them, click the relevant cells in the port table.

(Continuation of table)

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

250 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Spanning Tree Status
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Port is integrated in the spanning tree.
– Disabled
Port is not integrated in the spanning tree.
– No Change
Table 2 remains unchanged.
● Copy to Table
When you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Spanning Tree Status
Specify whether or not the port is integrated in the spanning tree.

Note
If you disable the "Spanning Tree Status" option for a port, this may cause the formation
of loops. The topology must be kept in mind.

● Priority
Enter the priority of the port. The priority is only evaluated when the path costs are the
same.
The value must be divisible by 16. If the value that cannot be divided by 16, the value is
automatically adapted.
Range of values: 0 - 240.
The default is 128.
● Cost Calc.
Enter the path cost calculation. If you enter the value "0" here, the automatically
calculated value is displayed in the "Path costs" box.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 251
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Path Cost
This parameter is used to calculate the path that will be selected. The path with the
lowest value is selected as the path. If several ports of a device have the same value for
the path costs, the port with the lowest port number is selected.
If the value in the "Cost Calc." is "0", the automatically calculated value is shown.
Otherwise, the value of the "Cost Calc." box is displayed.
The calculation of the path costs is largely based on the transmission speed. The higher
the achievable transmission speed is, the lower the value of the path costs.
Typical values for path costs with rapid spanning tree:
– 10,000 Mbps = 2,000
– 1000 Mbps = 20,000
– 100 Mbps = 200,000
– 10 Mbps = 2,000,000
The values can, however, also be set individually.
● Status
Displays the current status of the port. The values are only displayed and cannot be
configured. The "Status" parameter depends on the configured protocol. The following
values are possible:
– Disabled
The port only receives and is not involved in STP, MSTP and RSTP.
– Discarding
In the "Discarding" mode, BPDU frames are received. Other incoming or outgoing
frames are discarded.
– Listening
In this status, BPDUs are both received and sent. The port is involved in the spanning
tree algorithm.
– Learning
Stage prior to the "Forwarding" status, the port is actively learning the topology (in
other words, the node addresses).
– Forwarding
Following the reconfiguration time, the port is active in the network; it receives and
forwards data frames.
● Fwd. Trans
Specifies the number of changes from the "Discarding" status to the "Forwarding" status.
● Edge Type
Specify the type of "edge port". You have the following options:
– "-"
Edge port is disabled. The port is treated as a "no Edge Port".
– Admin
Select this option when there is always an end device on this port. Otherwise a
reconfiguration of the network will be triggered each time a connection is changed.
– Auto
Select this option if you want a connected end device to be detected automatically at

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

252 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

this port. When the connection is established the first time, the port is treated as a "no
Edge Port".
– Admin/Auto
Select these options if you operate a combination of both on this port. When the
connection is established the first time, the port is treated as an "Edge Port".
● Edge
Shows the status of the port.
– Enabled
An end device is connected to this port.
– Disabled
There is a Spanning Tree or Rapid Spanning Tree device at this port.
With an end device, a switch can change over the port faster without taking into account
spanning tree frames. If a spanning tree frame is received despite this setting, the port
automatically changes to the "Disabled" setting.
● P.t.P. Type
Select the required option from the drop-down list. The selection depends on the port that
is set.
– "-"
Point to point is calculated automatically. If the port is set to half duplex, a point-to-
point link is not assumed.
– P.t.P.
Even with half duplex, a point-to-point link is assumed.
– Shared Media
Even with a full duplex connection, a point-to-point link is not assumed.

Note
Point-to-point connection means a direct connection between two devices. A shared
media connection is, for example, a connection to a hub.

● Hello Time
Enter the interval after which the bridge sends configuration frames (BPDUs). As default,
2 seconds is set.
Range of values: 1-2 seconds

Note
The port-specific setting of the Hello time is only possible with Protocol compatibility
MSTP. If the Protocol compatibility RSTP is set, the "Bridge Hello Time" parameter on the
page "Layer 2 > Spanning Tree > CIST General" page is used.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 253
Configuring with Web Based Management
5.5 The "Layer 2" menu

● Restr. Role
If this check box is selected, the corresponding port is not selected as root port,
regardless of the priority value. If the check box is selected, the port with lowest priority
also does not become the root port. Only activate this option if you wish to restrict the
impact of bridges outside of the administered range on the Spanning Tree topology.
● Limited TCN
If this check box is selected, the corresponding port does not forward either received or
detected topology changes (Topology Change Notification) to the other ports. Only
activate this option if you wish to restrict the impact of bridges outside of the administered
range on the Spanning Tree topology.

Steps in configuration
1. In the input cells of the table row, enter the values of the port you are configuring.
2. From the drop-down lists of the cells of the table row, select the values of the port you are
configuring.
3. Click the "Set Values" button.

5.5.10.4 MST General

Multiple Spanning Tree configuration

With MSTP, in addition to RSTP, several VLANs can be managed in a LAN with separate
RSTP trees.

Description
The page contains the following box:
● MSTP Instance ID
Enter the number of the MSTP instance.
Permitted values: 1 - 64

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

254 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

The table has the following columns:

● Select
Select the row you want to delete.
● MSTP instance ID
Shows the number of the MSTP instance.
● Root Address
Shows the MAC address of the root bridge.
● Root Priority
Shows the priority of the root bridge.
● Bridge Priority
Enter the bridge priority in this box. The value for the bridge priority is a whole multiple of
4096 with a range of values from 0 to 61440.
● VLAN ID
Enter the VLAN ID. Here, you can also specify ranges with Start ID, "-", End ID. Several
ranges or IDs are separated by ",".
Permitted values: 1- 4094

Procedure
Creating a new entry
1. Enter the number of the MSTP instance in the "MSTP Instance ID" box.
2. Click the "Create" button.
3. Enter the ID of the VLAN in the "VLAN ID" box.
4. Enter the priority of the bridge in the "Bridge Priority" box.
5. Click the "Set Values" button.
Deleting entries
1. Use the check box at the beginning of the relevant row to select the entries to be deleted.
2. Click the "Delete" button to delete the selected entries from memory. The entries are
deleted from the memory of the device and the display on this page is updated.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 255
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.10.5 MST Port

Configuration of the Multiple Spanning Tree port parameters

On this page, you set the parameters for the ports of the configured multiple spanning tree
instances.

Description of the displayed boxes

The page contains the following box:
● MSTP Instance ID
In the drop-down list, select the ID of the MSTP instance.
Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports.
● MSTP Status
Select the setting from the drop-down list. You have the following setting options:
– Enabled
– Disabled
– No Change: Table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows all available ports and link aggregations.
● MSTP Instance ID
ID of the MSTP instance.
● MSTP Status
Click the check box to enable or disable this option.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

256 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Priority
Enter the priority of the port. The priority is only evaluated when the path costs are the
same.
The value must be divisible by 16. If the value that cannot be divided by 16, the value is
automatically adapted.
Range of values: 0 - 240.
Factory setting: 128
● Cost Calc.
Enter the path cost calculation in the input box. If you enter the value "0" here, the
automatically calculated value is displayed in the next box "Path Costs".
● Path cost
The path costs from this port to the root bridge. The path with the lowest value is selected
as the path. If several ports of a device have the same value, the port with the lowest port
number will be selected.
If the "Cost Calc." is "0", the automatically calculated value is shown. Otherwise, the
value of the "Cost Calc." box is displayed.
The calculation of the path costs is largely based on the transmission speed. The higher
the achievable transmission rate, the lower the value for the path costs will be.
Typical values for rapid spanning tree are as follows:
– 10,000 Mbps = 2,000
– 1000 Mbps = 20,000
– 100 Mbps = 200,000
– 10 Mbps = 2,000,000
The values can, however, also be set individually.
● Status
Displays the current status of the port. The values are only displayed and cannot be
configured. The following is possible for status:
– Discarding
The port exchanges MSTP information but is not involved in the data traffic.
– Blocked
In the blocking mode, BPDU frames are received.
– Forwarding
The port receives and sends data frames.
● Fwd. Trans.
Specifies the number of status changes Discarding - Forwarding or Forwarding -
Discarding for a port.

Steps in configuration
1. In the input cells of the table row, enter the values of the port you are configuring.
2. From the drop-down lists of the cells of the table row, select the values of the port you are
configuring.
3. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 257
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.10.6 Enhanced Passive Listening Compatibility

Spanning Tree and ring redundancy

If you enable Enhanced Passive Listening Compatibility, topology change notifications will be
sent via RSTP edge ports. In conjunction with the "Edge Type" function (see "Layer 2 >
Spanning Tree > CIST Port"), this parameter is necessary to link spanning tree networks
with HRP rings. Otherwise no TCN frames will be sent via edge ports; this is, however,
necessary for the passive listening function on ring nodes.

Enabling the function

On this page, you can enable the "Enhanced Passive Listening Compatibility" function.

Description of the displayed boxes

The page contains the following box:
● Enhanced Passive Listening Compatibility
Enable or disable this function for the entire device.

Steps in configuration
1. Enable or disable "Enhanced Passive Listening Compatibility"
2. Click the "Set Values" button.

5.5.11 Loop Detection

With the "Loop Detection" function, you specify the ports for which loop detection will be
activated. The ports involved send special test frames - the loop detection frames. If these
frames are sent back to the device, there is a loop.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

258 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

A "local loop" involving this device means that the frames are received again at a different
port of the same device. If the sent frames are received again at the same port, there is a
loop involving other network components "Remote Loop".

Note
A loop is an error in the network structure that needs to be eliminated. The loop detection
can help to find the errors more quickly but does not eliminate them. The loop detection is
not suitable for increasing network availability by deliberately including loops.

Note
Note that loop detection is only possible at ports that were not configured as ring ports or
standby ports.

Description of the displayed boxes

The page contains the following boxes:
● Loop Detection
Enable or disable the loop detection.
If the option is enabled, the device sends untagged LLC frames.
● VLAN Loop Detection
Enable or disable the VLAN loop detection.
If the option is enabled, the device uses the VLAN information set at the corresponding
port to send LLC frames.
Table 1 contains the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Interval [ms] / Threshold value / Timeout [s] / Remote reaction / Local reaction
Make the required settings.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 259
Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 contains the following columns:

● Port
Shows the available ports.
● Setting
Specify how the port handles loop detection frames. Select one of the following options
from the drop-down list:

Note
Test frames create additional network load. We recommend that you only configure
individual switches, for example at branch points of the ring, as "Sender" and the others
as "Forwarder".

– Sender
Loop detection frames are sent out and forwarded.
– Forwarder
Loop detection frames from other devices are forwarded.
– blocked
The forwarding of loop detection frames is blocked.
● Interval[ms]
Specifies the send interval for loop detection frames in milliseconds.
● Threshold
By entering a number, specify the number of received loop detection frames as of which
a loop is assumed.
● Timeout[s]
Specify the number of seconds after which the device automatically changes to the status
in which it was before the loop. If the value "0" is set, you need to enable the port
manually again following a loop with the "Reset" button.
● Remote Reaction
Specify how the port will react if a remote loop occurs. Select one of the two options from
the drop-down list:
– No action: A loop has no effect on the port.
– Disable: The port is blocked.
● Local reaction
Specify how the port will react if a local loop occurs. Select one of the two options from
the drop-down list:
– No action: A loop has no effect on the port.
– Disable: The port is blocked
● Status
This box shows whether loop detection is enabled or disabled for this port.
● Source Port
Shows the receiving port of the loop detection frame that triggered the last reaction.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

260 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Source VLAN
This box shows the VLAN ID of the loop detection frame that triggered the last reaction.
This requires that the "VLAN Loop Detection" check box is selected.
● Reset
After a loop in the network has been eliminated, click the "Reset" button to reset the port
again.

Changing the configured port status with loop detection

The configuration of the port status can be changed with the "Loop Detection" function. If, for
example, the administrator has disabled a port, the port can be enabled again after a device
restart with "enabled". The port status "Link down" is not changed by "Loop Detection".

5.5.12 Link Aggregation

Bundling network connections for redundancy and higher bandwidth

The link aggregation according to IEEE 802.3ad allows several connections between
neighboring devices to be bundled to achieve higher bandwidths and protection against
failure.
Ports on both partner devices are included in link aggregations and the devices are then
connected via these ports. To assign ports correctly to a partner device, the Link
Aggregation Control Protocol (LACP) from the IEEE 802.3AD standard is used.

Note
When a port is assigned to a link aggregation but is not active (e.g. link down), the values
displayed may differ from the values configured for the link aggregation.
If the port in the link aggregation becomes active, individual port configurations such as DCP
forwarding are overwritten with the configured values of the link aggregation.

Display of the configured aggregation

This page displays all the configured link aggregations.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 261
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The table has the following columns:
● Select
Select the row you want to delete.
● Port
Shows the virtual port number of this link aggregation. This identifier is assigned internally
by the firmware.
● Link Aggregation Name
Shows the name of the link aggregation. This name can be specified by the user during
configuration. The name is not absolutely necessary but can be useful to distinguish
between the various link aggregations.
● MAC Address
Shows the MAC address.
● Status
Enable or disable the link aggregation.
● LACP
– On
Enables the sending of LACP frames.
– Off
Disables the sending of LACP frames.
● Frame Distribution - Destination&Source MAC
The distribution of packets to the individual links of a aggregation is based on a
combination of the destination and source MAC address.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

262 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● VLAN Mode
Specify how the link aggregation is entered in a VLAN:
– Hybrid
The link aggregation sends tagged and untagged frames. It is not automatically a
member of a VLAN.
– Trunk
The link aggregation only sends tagged frames and is automatically a member of all
VLANs.
● Port
Shows the ports that belong to this link aggregation. The following values can be selected
from the drop-down list:
– "-" (deactivated)
Link aggregation is disabled.
– "a" (active)
The port sends LACP frames and is only involved in the link aggregation when LACP
frames are received.
– "p" (passive)
The port is only involved in the link aggregation when LACP frames are received.
– "o" (on)
The port is involved in the link aggregation and does not send any LACP frames.

Note
Within a link aggregation, only ports with the following configuration are possible:
• all ports with "o"
• all ports with "a" or "p".

Steps in configuration
Basics prior to configuration
1. First, identify the ports you want to connect to form a link aggregation between the
devices.
2. Configure the link aggregation on the devices.
3. Adopt the configuration for all devices.
4. Perform the last step, the cabling.

Note
If you cable aggregated links prior to configuration, it is possible that you will create loops
in the network. The network involved may deteriorate badly due to this or complete
disruption may occur.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 263
Configuring with Web Based Management
5.5 The "Layer 2" menu

Creating a new link aggregation

1. Click the "Create" button to create a new link aggregation.
This creates a new row.
2. Select the ports that will belong to this link aggregation.
3. Click the "Set Values" button.
Deleting a link aggregation
1. Select the check box in the row to be deleted.
Repeat this for all entries you want to delete.
2. Click the "Delete" button.
Changing a link aggregation
1. In the overview, click on the relevant table entry to change the configuration of a created
link aggregation.
2. Make all the changes.
3. Click the "Set Values" button.

5.5.13 DCP Forwarding

Applications
The DCP protocol is used by STEP 7 and the Primary Setup Tool (PST) for configuration
and diagnostics. When shipped, DCP is enabled on all ports; in other words, DCP frames
are forwarded at all ports. With this option, you can disable the forwarding of these frames
for individual ports, for example to prevent individual parts of the network from being
configured with the PST or to divide the full network into smaller subnetworks for
configuration and diagnostics.

Note
PROFINET configuration
Since DCP is a PROFINET protocol, the configuration created here is only effective in the
VLAN associated with the TIA interface.

All the ports of the device are displayed on this page. After each displayed port, there is a
drop-down list for function selection.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

264 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed values

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. If "No Change" is selected, the entry in table 2
remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Setting
From the drop-down list, select whether the port should block or forward outgoing DCP
frames. You have the following options available:
– Forward
DCP frames are forwarded via this port.
– Block
No outgoing DCP frames are forwarded via this port. It is nevertheless still possible to
receive via this port.

Steps in configuration
1. From the options in the drop-down list in the row, select which ports should support
sending DCP frames.
2. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 265
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.14 LLDP

Identifying the network topology

LLDP (Link Layer Discovery Protocol) is defined in the IEEE 802.1AB standard.
LLDP is a method used to discover the network topology. Network components exchange
information with their neighbor devices using LLDP.
Network components that support LLDP have an LLDP agent. The LLDP agent sends
information about itself and receives information from connected devices at periodic
intervals. The received information is stored on the device.

Applications
PROFINET uses LLDP for topology diagnostics. In the default setting, LLDP is enabled for
all ports; in other words, LLDP frames are sent and received on all ports. With this function,
you have the option of enabling or disabling sending and/or receiving per port.

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports.
● Setting
Select the setting from the drop-down list. If "No Change" is selected, the entry in table 2
remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

266 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 2 has the following columns:

● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.
● Settting
From the drop-down list, select whether or not the port will send or receive LLDP frames.
You have the following options available:
– Rx
This port can only receive LLDP frames.
– Tx
This port can only send LLDP frames.
– Rx & Tx
This port can receive and send LLDP frames.
– "-" (disabled)
This port can neither receive nor send LLDP frames.

Steps in configuration
1. Select the LLDP functionality of the port from the "Setting" drop-down list.
2. Click the "Set Values" button.

5.5.15 Fiber Monitoring Protocol

Requirements
● You can only use Fiber Monitoring with transceivers capable of diagnostics. Note the
documentation of the devices.
● To be able to use the fiber monitoring function, enable LLDP. The fiber monitoring
information is appended to the LLDP packets.

Monitoring optical links

With Fiber Monitoring, you can monitor the received power and the loss of power on optical
links between two switches.
If you enable fiber monitoring on an optical port, the device sends the current transmit power
of the port to its connection partner using LLDP packets. In addition to sending, the device
also checks whether corresponding information is received from the connection partner.
Regardless of whether the IE switch receives diagnostics information from its connection
partner, it monitors the received power measured at the optical port for the set limit values.
If fiber monitoring is enabled on the connection partner, the connection partner transfers the
current value for the transmit power of the port to the device. The device compares the value
it has received for the transmit power with the actually received power. The difference

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 267
Configuring with Web Based Management
5.5 The "Layer 2" menu

between the received power and the transmit power represents the power loss on the link.
The calculated power loss is also monitored for the set limit values.
If the value of the received power or the power loss falls below or exceeds the set limit
values, an event is triggered. You can set limit values in two stages for messages with the
severity levels "Warning" and "Critical".
In "System > Events > Configuration", you can specify how the IE switch indicates the event.

Note
If you have enabled fiber monitoring and a pluggable transceiver with diagnostics capability
is pulled, fiber monitoring is automatically disabled for this port and the set limit values and a
possibly pending error status are deleted.

Description of the displayed boxes

In the table you can specify the limit values for the measured received power too be
monitored and the calculated power loss.
● Port
Shows the optical ports that support fiber monitoring. This depends on the transceivers.
● Status
Enable or disable fiber monitoring.
As default, the function is disabled.
● Rx Power [dBm] maintenance required (Warning)
Specify the value at which you are informed of the deterioration of the received power by
a message of the severity level "Warning"
If you enter the value "0", the received power is not monitored.
The default value depends on the relevant transceiver.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

268 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Rx Power [dBm] maintenance demanded (Critical)

Specify the value at which you are informed of the deterioration of the received power by
a message of the severity level "Critical"
If you enter the value "0", the received power is not monitored.
The default value depends on the relevant transceiver.
● Power Loss [dB] maintenance required (Warning)
Specify the value at which you are informed of the power loss of the connection by a
message of the severity level "Warning"
If you enter the value "0", the power loss is not monitored.
Default: -50 dB
● Power Loss [dB] maintenance demanded (Critical)
Specify the value at which you are informed of the power loss of the connection by a
message of the severity level "Critical"
If you enter the value "0", the power loss is not monitored.
Default: -55 dB

Steps in configuration
Activating fiber monitoring
Follow the steps below to activate the monitoring of a port:
1. Select the appropriate check box in the "Status" column.
2. For your setup, enter practical values value at which you want to be informed of
deterioration of the received power and the power loss of the connection.
3. Click the "Set Values" button.
Deactivating fiber monitoring
Follow the steps below to deactivate the monitoring of a port:
1. Deselect the appropriate check box in the "Status" column.
2. Click the "Set Values" button.
Follow the steps below to deactivate the monitoring of the Rx power or power loss:
1. Enter the value "0" in the appropriate box.
2. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 269
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.16 Unicast

5.5.16.1 Filtering

Address filtering
This table shows the source addresses of unicast address frames entered statically by the
user during parameter assignment.
On this page, you also define the static unicast filters.

Dependency on the "Base bridge mode"

The displayed boxes depend on which "Base bridge mode" is set. If you change the "Base
bridge mode" the existing entries are lost.

Figure 5-5 Base bridge mode: 802.1Q VLAN Bridge

Figure 5-6 Base bridge mode: 802.1D transparent bridge

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

270 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The page can contain the following boxes:
● VLAN ID
Select the VLAN ID for which you configure a new static MAC address. If nothing is set,
"VLAN1" is set as the basic setting.
● MAC Address
Enter the MAC address here.
The table contains the following columns:
● Select
Select the row you want to delete.
● VLAN ID
Shows the VLAN ID assigned to this MAC address.
● MAC Address
Shows the MAC address of the node that the device has learned or the user has
configured.
● Status - Static
Shows the status of each address entry. The address was entered statically by the user.
Static addresses are stored permanently; in other words, they are not deleted when the
aging time expires or when the device is restarted. These must be deleted by the user.
● Port
Shows the port via which the node with the specified address can be reached. Frames
received by the device whose destination address matches this address will be forwarded
to this port.

Note
You can only specify one port for unicast addresses.

Steps in configuration
To edit the entries, follow the steps below.
Creating a new entry
1. In "Base bridge mode: 802.1Q VLAN Bridge" select the appropriate VLAN ID.
2. Enter the MAC address in the "MAC Address" input box.
3. Click the "Create" button to create a new entry in the table.
4. Click the "Refresh" button.
5. Select the relevant port from the drop-down list.
6. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 271
Configuring with Web Based Management
5.5 The "Layer 2" menu

Changing the entry

1. Select the relevant port.
2. Click the "Set Values" button.
Deleting an entry
1. Select the check box in the row to be deleted.
Repeat this for all entries you want to delete.
2. Click the "Delete" button to delete the selected entries from the filter table.
3. Click the "Refresh" button.

5.5.16.2 Locked Ports

Activating the access control

On this page, you can block individual ports for unknown nodes.
If the Port Lock function is enabled, packets arriving at this port from unknown MAC
addresses are discarded immediately. Packets from known nodes are accepted by the port.
Since ports with the Port Lock function enabled cannot learn any MAC addresses, learned
addresses on these ports are automatically deleted after the Port Lock function is enabled.
The port accepts only static MAC addresses that were created previously either manually or
with the "Start learning" function and the "Stop learning" function.
To enter all connected nodes automatically, there is a function for automatic learning (see
"Layer 2 > Unicast > Learning").

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

272 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Enables the port lock function.
– Disabled
Disables the port lock function.
– No change
Table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
This column lists all the ports available on this device.
● Setting
Enable or disable access control for the port.

Steps in configuration
Enabling access control for an individual port
1. Select the check box in the relevant row in table 2.
2. To apply the changes, click the "Set Values" button.
Enabling access control for all ports
1. In the "Setting" drop-down list, select the "Enabled" entry.
2. Click the "Copy to table" button. The check box is enabled for all ports in table 2.
3. To apply the changes, click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 273
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.16.3 Learning

Starting/stopping learning
With the automatic learning function, all connected devices can be automatically entered
statically in the unicast filter table.
The learning process is only ended by clicking on the "Stop learning" button. With this
method, learning can take a few minutes or several hours in larger networks before all nodes
have been found. Only nodes that send packets during the learning phase are found.
By subsequently enabling the Port Lock function, only packets from the nodes known after
the end of the learning phase (static unicast entries) will be accepted at the relevant ports.

Note
If the Port Lock function was already active on individual ports prior to the automatic learning
phase, no addresses will be learned on these ports. This makes it possible to restrict
learning to certain ports. To do this, first enable the Port Lock function of the ports that are
not intended to learn addresses.

Steps in configuration
Learning addresses
1. Click the "Start learning" button to start the learning phase.
After starting the learning phase, the "Start learning" button is replaced by the "Stop
learning" button.
The device now enters the addresses of connected devices until you stop the function.
2. Click the "Stop learning" button to stop the learning function.
The button is once again replaced by the "Start learning" button. The learned entries are
stored and are listed under "Layer 2 > Unicast > Filtering".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

274 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Note
With a very high data rate, it may occur that statically entered unicast addresses are shown
in the unicast table as learned addresses. In this case, the following procedure is
recommended:
1. Click the "Start learning" button to start the learning process.
2. Start data traffic.
3. Wait until the unicast table shows all MAC addresses as "Learnt" (menu "Information" >
"Unicast").
4. Lock the ports (menu "Layer 2" > "Unicast" > "Locked Ports").
5. Click the "Stop learning" button to stop the learning process.

Deleting all static unicast addresses

1. Click the "Clear all static unicast addresses" button to delete all static entries.
In large networks with numerous nodes, automatic learning may lead to a lot of undesired
static entries. To avoid having to delete these individually, this button can be used to
delete all static entries. This function is disabled during automatic learning.

Note
Depending on the number of entries involved, deleting may take some time.

5.5.16.4 Blocking

Blocking forwarding of unknown unicast frames

On this page, you can block the forwarding of unknown unicast frames for individual ports.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 275
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed values

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Blocking of unicast frames is enabled.
– Disabled
Blocking of unicast frames is disabled.
– No change
Table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the available ports. The port is made up of the module number and the port
number, for example port 0.1 is module 0, port 1.

Note
Ring redundancy/standby
If ring redundancy or standby is enabled, the ports configured for this are not included in
the unicast blocking.

● Setting
Enable or disable the blocking of unicast frames.

Steps in configuration
Enabling blocking for an individual port
1. Select the check box in the relevant row in table 2.
2. To apply the changes, click the "Set Values" button.
Enabling blocking for all ports
1. In the "Setting" drop-down list, select the "Enabled" entry in table 1.
2. Click the "Copy to table" button. The check box is enabled for all ports in table 2.
3. To apply the changes, click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

276 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.17 Multicast

5.5.17.1 Groups

Multicast applications
In the majority of cases, a frame is sent with a unicast address to a particular recipient. If an
application sends the same data to several recipients, the amount of data can be reduced by
sending the data using one multicast address. For some applications, there are fixed
multicast addresses (NTP, IETF1 Audio, IETF1 Video etc.).

Reducing network load

In contrast to unicast frames, multicast frames represent a higher load for the device.
Generally, multicast frames are sent to all ports. The following options are available for
reducing the load caused by multicast frames:
● Static entry of the addresses in the multicast filter table.
● Dynamic entry of the addresses by listening in on IGMP parameter assignment frames
(IGMP Configuration).
● Active dynamic assignment of addresses by GMRP frames.
The result of all these methods is that multicast frames are sent only to ports for which an
appropriate address is entered.
The "Multicast" menu item, shows the multicast frames currently entered in the filter table
and their destination ports that the user set in the parameters.

Dependency on the "Base bridge mode"

The displayed boxes depend on which "Base bridge mode" is set. If you change the "Base
bridge mode" the existing entries are lost.

Figure 5-7 Base bridge mode: 802.1Q VLAN Bridge

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 277
Configuring with Web Based Management
5.5 The "Layer 2" menu

Figure 5-8 Base bridge mode: 802.1D transparent bridge

Description of the displayed boxes

The page can contain the following boxes:
● VLAN ID
If you click on this text box, a drop-down list is displayed. Here you can select the VLAN
ID of a new MAC address you want to configure.
● MAC address
Here you enter a new MAC multicast address you want to configure.
The table has the following columns:
● Select
Select the row you want to delete.
● VLAN ID
Here, the VLAN ID of the VLAN is displayed to which the MAC multicast address of this
row is assigned.
● MAC Address
Here, the MAC multicast address is displayed that the device has learned or the user has
configured.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

278 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

● Status - Static
Shows the status of each address entry. The address was entered statically by the user.
Static addresses are stored permanently; in other words, they are not deleted when the
aging time expires or when the device is restarted. These must be deleted by the user.
● Port List
There is a column for each port. Within every column, the multicast group to which the
port belongs is shown. The drop-down list provides the following options:
– M
(Member) Multicast frames are sent via this port.
– R
(Registered) Member of the multicast group, registration was by a GMRP frame.
– I
(IGMP) Member of the multicast group, registration was by an IGMP frame. This value
is only dynamically assigned.
– –
Not a member of the multicast group. No multicast frames with the defined multicast
MAC address are sent via this port.
– F
(Forbidden) Not a member of the multicast group. This address also cannot be an
address learned dynamically with GMRP or IGMP.

Steps in configuration
Creating a new entry

Note
You cannot create any static multicast entries if GMRP is enabled.

1. In "Base bridge mode: 802.1Q VLAN Bridge", select the required VLAN ID from the
"VLAN ID"drop-down list.
2. Enter the MAC address in the "MAC Address" input box.
3. Click the "Create" button. A new entry is generated in the table.
4. Assign the relevant ports to the MAC address.
5. Click the "Set Values" button.
Deleting an entry
1. Select the check box in the row to be deleted.
2. Click the "Delete" button.
All selected entries are deleted and the display is refreshed.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 279
Configuring with Web Based Management
5.5 The "Layer 2" menu

Creating layer 2 multicast addresses with a script and GMRP

If you want to create several layer 2 multicast addresses using a script, GMRP must be
disabled as long as the script is executing. Follow the steps outlined below:
1. If GMRP is enabled, disable it. You configure GMRP on the "Layer 2 > Multicast >
GMRP" page.
2. Run the script.
3. Enable GMRP only after the script has fully completed and the layer 2 multicast
addresses have been created.

5.5.17.2 IGMP

Function
The device supports "IGMP Snooping" and the "IGMP Querier" function. If "IGMP Snooping"
is enabled, IGMP frames (Internet Group Management Protocol) are evaluated and the
multicast filter table is updated with this information. If "IGMP Querier" is also enabled, the
device also sends IGMP queries that trigger responses from IGMP-compliant nodes.

IGMP Snooping Aging Time

In this menu, you can configure the aging time for IGMP Configuration. When the time
elapses, entries created by IGMP are deleted from the address table if they are not updated
by a new IGMP frame.
This applies to all ports and VLANS; a specific configuration is not possible.

IGMP Snooping Aging Time depending on the querier

The IE switch as IGMP querier
If the IE switch is used as an IGMP querier, the query interval is 125 seconds. For the "IGMP
Snooping Aging Time", set at least 250 seconds.
Other IGMP queriers
If a different IGMP querier is used, the value of the "IGMP Snooping Aging Time" should be
at least twice as long as the query interval.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

280 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

The page contains the following boxes:

● IGMP Snooping
Enable or disable IGMP snooping. The function allows the assignment of IP addresses to
multicast groups. If the check box is selected, IGMP entries are included in the multicast
fiber table and IGMP frames are forwarded.
● IGMP Snooping Aging Time[s]
In this box, enter the value for the aging time in seconds. As default, 300 seconds is set.
Valid values: 130 - 1225 seconds
● IGMP Querier
Enable or disable "IGMP Querier". The device sends IGMP queries.
● IGMP Snooping Switch IP Address
After the "IGMP Querier" check box is selected, the IP address of the device is shown
here. You have the option of entering the IP address of a different device that should take
on the function of the IGMP Querier.
The table has the following columns:
● VLAN-ID
The VLAN ID for which IGMP Snooping or IGMP Querier should be activated.
● IGMP Snooping
Select the check box in this column for the VLANs for which IGMP Snooping should be
activated. The specifications in this column only become valid when you enable IGMP
Snooping for the device (first check box on this page).
● IGMP Querier
Select the check box in this column for the VLANs for which IGMP Querier should be
activated. The prerequisite is that IGMP Snooping is activated for the corresponding
VLAN.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 281
Configuring with Web Based Management
5.5 The "Layer 2" menu

Steps in configuration
1. Select the "IGMP Snooping" check box.
2. Enter the value for the aging time in seconds in the "IGMP Snooping Aging Time" box.
3. Select the "IGMP Querier" check box.
4. Click the "Set Values" button.

5.5.17.3 GMRP

Activating GMRP
On this page, you specify whether or not GMRP is used for each individual port. If "GMRP" is
disabled for a port, no registrations are made for it and it cannot send GMRP frames.
For GMRP to work, you need to enable the function globally and on the ports.

Description of the displayed boxes

The page contains the following box:
● GMRP
Enable or disable the GMRP function.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

282 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 1 has the following columns:

● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Enables the sending of GMRP frames.
– Disabled
Disables the sending of GMRP frames.
– No change
Table 2 remains unchanged.
● Copy to table
If you click the button, the settings are adopted for all ports of table 2.
Table 2 has the following columns:
● Port
This column shows all the ports available on the device as well as the link aggregations.
● Setting
With this check box, you enable or disable GMRP for the port or link aggregation.

Steps in configuration
Enabling the sending of GMRP frames for an individual port
1. Select the "GMRP" check box.
2. Select the check box in the relevant row in table 2.
3. To apply the changes, click the "Set Values" button.

Enabling the sending of GMRP frames for all ports

1. Select the "GMRP" check box.
2. In the "Setting" drop-down list, select the "Enabled" entry.
3. Click the "Copy to table" button. The check box is enabled for all ports in table 2.
4. To apply the changes, click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 283
Configuring with Web Based Management
5.5 The "Layer 2" menu

5.5.17.4 Multicast blocking

Disabling the forwarding of unknown multicast frames

On this page, you can block the forwarding of unknown multicast frames for individual ports.

Description of the displayed values

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
Blocking of multicast frames is enabled.
– Disabled
Blocking of multicast frames is disabled.
– No change
Table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
All available ports are listed in this column. Unavailable ports are not displayed.
● Setting
Enable or disable the blocking of multicast frames.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

284 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Steps in configuration
Enabling blocking for an individual port
1. Select the check box in the relevant row in table 2.
2. To apply the changes, click the "Set Values" button.
Enabling blocking for all ports
1. In the "Setting" drop-down list, select the "Enabled" entry.
2. Click the "Copy to table" button. The check box is enabled for all ports in table 2.
3. To apply the changes, click the "Set Values" button.

5.5.18 Broadcast

Blocking the forwarding of broadcast frames

On this page, you can block the forwarding of broadcast frames for individual ports.

Note
Some communication protocols work only with the support of broadcast. In these cases,
blocking can lead to loss of data communication. Block broadcast only when you are sure
that you do not need it on the selected ports.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 285
Configuring with Web Based Management
5.5 The "Layer 2" menu

Description of the displayed boxes

Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● Setting
Select the setting from the drop-down list. You have the following setting options:
– Enabled
The blocking of broadcast frames is enabled.
– Disabled
The blocking of broadcast frames is disabled.
– No change
Table 2 remains unchanged.
● Copy to Table
If you click the button, the setting is adopted for all ports of table 2.
Table 2 has the following columns:
● Port
All available ports are displayed.
● Setting
Enable or disable the blocking of broadcast frames.

Steps in configuration
Enabling the blocking of broadcast frames for an individual port
1. Select the check box in the relevant row in table 2.
2. To apply the changes, click the "Set Values" button.
Enabling the blocking of broadcast frames for all ports
1. In the "Setting" drop-down list in table 1, select the "Enabled" entry.
2. Click the "Copy to Table" button. The check box is enabled for all ports in table 2.
3. To apply the changes, click the "Set Values" button.

5.5.19 RMON

5.5.19.1 Statistics

Statistics
On this page you can specify the ports for which RMON statistics are displayed.
The RMON statistics are shown on the page “Information > Ethernet Statistics” in “Packet
Size”, “Frame Type” and “Packet Error” tabs.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

286 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Settings

● RMON
If you select this check box, Remote Monitoring (RMON) allows diagnostics data to be
collected on the device, prepared and read out using SNMP by a network management
station that also supports RMON. This diagnostic data, for example port-related load
trends, allow problems in the network to be detected early and eliminated.

Note
If you disable RMON, these statistics are not deleted but retain their last status.

● Port
Select the ports for which statistics will be displayed.
The table has the following columns:
● Select
Select the row you want to delete.
● Port
Shows the ports for which statistics will be displayed.

Steps in configuration
Enabling the function
1. Select the "RMON" check box.
2. Click the "Set Values" button.
The "RMON" function is enabled.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 287
Configuring with Web Based Management
5.5 The "Layer 2" menu

Enabling RMON statistics for ports

Note
Requirement
To allow RMON statistics to be displayed for a port, the "RMON" function must be enabled.

1. Select the required port from the "Port" drop-down list or the entry "All Ports".
2. Click the "Create" button.
RMON statistics can be displayed for the selected port or for all ports.
Disabling RMON statistics for ports
1. Select the row you want to delete in the "Select" column.
2. Click the "Delete" button.
No RMON statistics are displayed for the selected port.

5.5.19.2 History

Samples of the statistics

On this page, you can specify whether or not samples of the statistics are saved for a port.
You can specify how many entries should be saved and at which intervals samples should
be taken.

Settings

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

288 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.5 The "Layer 2" menu

Table 1 has the following columns:

● 1st column
Shows that the settings are valid for all ports.
● Setting
Select the required setting. If "No Change" is selected, the entry in table 2 remains
unchanged.
● Entries
Enter the maximum number of samples to be stored at the same time. If "No Change" is
entered, the entry in table 2 remains unchanged
● Interval [s]
Enter the interval after which the current status of the statistics will be saved as a sample.
If "No Change" is entered, the entry in table 2 remains unchanged

Note
When defining the interval period, note that only multiples of 3 seconds are suitable as
the interval period. The statistics are updated every 3 seconds. The value "0" is output in
the periods in between.

● Copy to Table
If you click the button, the settings are adopted for all ports of table 2.
Table 2 has the following columns:
● Port
Shows the port to which the settings relate.
● Setting
Enable or disable the recording of the history on the relevant port.
● Entries
Enter the maximum number of samples to be stored at the same time.
The maximum number of entries can be restricted by the capacity of the device.
Range of values: 1 - 65535
Factory setting: 24
● Interval [s]
Enter the interval after which the current status of the statistics will be saved as a sample.
Range of values: 1 - 3600
Factory setting: 3600

Note
When defining the interval period, note that only multiples of 3 seconds are suitable as
the interval period. The statistics are updated every 3 seconds. The value "0" is output in
the periods in between.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 289
Configuring with Web Based Management
5.6 The "Layer 3" menu

Steps in configuration
Enabling RMON statistics for individual ports
1. Select the check box "Setting" in the relevant row in table 2.
The "Entries" and "Interval[s]" boxes become active with the factory settings.
2. Enter the required values in the "Entries" and "Interval[s]" boxes.
3. Click the "Set Values" button.
Enabling RMON statistics for all ports
1. In the "Setting" drop-down list, select the "Enabled" entry in table 1.
2. Enter the required values in the "Entries" and "Interval[s]" boxes. If you do not change the
entries in both boxes, the factory defaults will be used for all ports.
3. Click the "Copy to Table" button.
The settings are adopted for all ports of table 2.
4. Click the "Set Values" button.

5.6 The "Layer 3" menu

5.6.1 Subnets

5.6.1.1 Overview

Creating subnets
On this page, you can create several VLAN IP interfaces for the device.
A subnet always relates to a VLAN. The IP address is assigned in the "Configuration" tab.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

290 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

Description of the displayed values

The page contains the following boxes:
● Single-Hop Inter-VLAN-Routing
Enable or disable routing between local IP interfaces.
● Interface
Select the interface for which you want to configure another IP subnet.
The table has the following columns:
● Select
Select the row you want to delete.
● Interface
Shows the interface.
● TIA Interface
Shows the selected TIA interface.
● Interface Name
Shows the name of the interface.
● MAC Address
Shows the MAC address.
● IP Address
Shows the IPv4 address of the subnet.
● Subnet Mask
Shows the subnet mask.
● Address Type
Displays the address type. The following values are possible:
– Primary
The first IPv4 address that was configured on an IPv4 interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 291
Configuring with Web Based Management
5.6 The "Layer 3" menu

● IP Assgn Method
Shows how the IPv4 address is assigned. The following values are possible:
– Static
The IPv4 address is static. You enter the settings in "IP Address" and "Subnet Mask".
– Dynamic (DHCP)
The device obtains a dynamic IPv4 address from a DHCPv4 server.
● Address Collision Detection Status
If new IPv4 addresses become active in the network, the "Address Collision Detection"
function checks whether this can result in address collisions. The allows IPv4 addresses
that would be assigned twice to be detected.

Note
The function does not run a cyclic check.

This column shows the current status of the function. The following values are possible:
– Idle
The interface is not enabled and does not have an IPv4 address.
– Starting
This status indicates the start-up phase. In this phase, the device initially sends a
query as to whether the planned IPv4 address already exists. If the address is not yet
been assigned, the device sends the message that it is using this IP address as of
now.
– Conflict
The interface is not enabled. The interface is attempting to use an IPv4 address
address that has already been assigned.
– Defending
The interface uses a unique IPv4 address. Another interface is attempting to use the
same IPv4 address.
– Active
The interface uses a unique IPv4 address. There are no collisions.
– Not supported
The function for detection of address collisions is not supported.
– Disabled
The function for detection of address collisions is disabled.

Steps in configuration
1. Select the interface from the "Interface" drop-down list.
2. Click the "Create" button. A new row is inserted in the table.
3. Click the "Set Values" button.
4. Configure the subnet in the "Configuration" tab.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

292 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

5.6.1.2 Configuration
On this page, you configure the IPv4 interface.

Description of the displayed values

The page contains the following boxes:
● Interface (name)
Select the interface from the drop-down list.
● Interface Name
Enter the name of the interface.
● MAC Address
Displays the MAC address of the selected interface.
● DHCP
Enable or disable the DHCP client for this IPv4 interface.
● IP Address
Enter the IPv4 address of the interface. The IPv4 addresses must not be used more than
once.
● Subnet Mask
Enter the subnet mask of the subnet you are creating. Subnets on different interfaces
must not overlap.
● Address Type
Displays the address type. The following values are possible:
– Primary
The first subnet of the interface.
● TIA Interface
Select whether this interface should become the TIA Interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 293
Configuring with Web Based Management
5.6 The "Layer 3" menu

Steps in configuration
1. Select the interface from the "Interface (name)" drop-down list.
2. Enter a name for the Interface in "Interface Name".
3. Enter the IPv4 address of the subnet in the "IP Address" column.
4. Enter the subnet mask belonging to the IPv4 address in the "Subnet Mask" column
5. Click the "Set Values" button.

5.6.1.3 Default gateway

Creating subnets
On this page, you define the default gateway.

Description of the displayed values

The page contains the following boxes:
● Default Gateway
Enter the IP address of the interface that is used as the default gateway.

Steps in configuration
1. Enter the default gateway.
2. Click the "Set Values" button.

5.6.2 DHCP Relay Agent

5.6.2.1 General

DHCP Relay Agent

If the DHCP server is in a different network than the DHCP client, the client cannot reach the
server. The DHCP relay agent intercedes between the DHCP server and DHCP client.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

294 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

If you configure option 82, the DHCP relay agent expands the packets to the DHCP server
by a circuit ID and a remote ID.
You can specify up to 4 DHCP servers for the DHCP relay agent. If a DHCP server is
unreachable, the device can switch to a different DHCP server.

Description of the displayed values

The page contains the following boxes:
● DHCP Relay Agent
Enable or disable the DHCP relay agent.
● Send Option 82
Enable or disable option 82.
● Common Agent Address
Enable or disable the common agent address.
When the function is activated, in the DHCP request, the relay agent replaces the
address of the receiving port with the address of the interface that you configure in
"Common Agent Interface".
● Common Agent Interface
The relay agent uses the IP address of the interface selected here as the source address
(giaddr) in DHCP requests.
● Server IP address
Enter the IPv4 address of the DHCP server.
The table has the following columns:
● Select
Select the row you want to delete.
● Server IP Address
Shows the IPv4 address of the DHCP server.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 295
Configuring with Web Based Management
5.6 The "Layer 3" menu

Steps in configuration
1. Enter the IPv4 address of the DHCP server in the "Server IP Address" input box.
2. Click the "Create" button. A new entry is generated in the table.
3. Select the "DHCP Relay Agent" check box.
4. Select the "Send Option 82" check box.
5. Click the "Set Values" button.

5.6.2.2 Option

Parameters of the DHCP relay agent

On this page, you can specify parameters for the DHCP server, for example the circuit
ID.The circuit ID describes the origin of the DHCP query, for example which port received
the DHCP query.
You specify the DHCP server on the "General" tab.

Description of the displayed values

The page contains the following boxes:

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

296 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

Global configuration
● Circuit ID router index

Enable or disable the check box. If you enable the check box, the router-Index is added
to the generated circuit ID.
● Circuit ID Receive VLAN ID
Enable or disable the check box. If you enable the check box, the VLAN ID is added to
the generated circuit ID.
● Circuit ID Receive Port
Enable or disable the check box. If you enable the check box, the receiving port is added
to the generated circuit ID.

Note
You need to select a least one option.
You will find further information on the router index (Circuit ID Router Index) and port
index (Circuit ID Receive Port) in the IfTable using SNMP.
You will find the VLAN ID on the WBM page "Layer 2 > VLAN > General".

● Remote ID
Shows the device ID.
Interface-specific configuration
● Interface
Select the interface from the drop-down list.
The table has the following columns:
● Select
Select the row you want to delete.
● Interface
Shows the interface.

Note
If you have not created an interface-specific configuration, the global configuration with
the MAC address is used as the device ID.

● Remote ID Type
Select the type of device ID from the drop-down list. You have the following options:
– IP Address
The IPv4 address of the device is used as the device ID.
– MAC Address
The MAC address of the device is used as the device ID.
– Free Text
If you use "Free Text", you can enter the device name as the device identifier in
"Remote ID".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 297
Configuring with Web Based Management
5.6 The "Layer 3" menu

● Remote ID
Enter the device name. The box can only be edited if you select the entry "Free Text" for
"Remote ID Type".
● Circuit ID Type
Select the type of circuit ID from the drop-down list. You have the following options:
– Predefined
The circuit ID is created automatically based on the router index, VLAN ID or port.
– Free Number
If you use "Free Number", you can enter the ID for "Circuit ID".
● Circuit ID
Enter the circuit ID. The box can only be edited if you select the "Free Number" entry for
the "Circuit ID Type".

Steps in configuration

Automatic assignment of the parameters

Follow the steps below to specify automatic assignment of the parameters:
1. Enable the required option in "Global configuration".
– Circuit ID Router Index
– Circuit ID Receive VLAN ID
– Circuit ID Receive Port
2. Click the "Set Values" button.

Manual configuration of the parameters

Follow the steps below to specify the parameters manually:
1. Enable the required option in "Global configuration".
– Circuit ID Router Index
– Circuit ID Receive VLAN ID
– Circuit ID Receive Port
2. Click the "Set Values" button.
3. Select the interface from the "Interface" drop-down list.
4. Click the "Create" button. A new row is inserted in the table.
5. Select the required entry from the "Remote ID Type" drop-down list.
– IP address
The IPv4 address is used as the device ID.
– MAC address
The MAC address is used as the device ID.
– Free Text
Enter the device ID in "Remote ID".

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

298 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

6. Select the required entry from the "Circuit ID Type" drop-down list.
– Predefined
The router index is added to the generated Circuit ID.
– Free Number
Enter the ID in "Circuit ID".
7. Click the "Set Values" button.

5.6.3 NAT

5.6.3.1 NAT
On this WBM page, you specify the basic settings for NAT.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 299
Configuring with Web Based Management
5.6 The "Layer 3" menu

Description
The page contains the following boxes:
● NAT
Enable or disable NAT/NAPT for the entire device. When enabled, the device operates as
a NAT router.
● Idle Timeout[s]
Enter the required time. The device checks cyclically after the set period has elapsed
whether the aging time of TCP and UDP connections has elapsed. The connections
whose aging time has elapsed since the last check are deleted from the table "NAT
Translations".
● TCP Timeout[s]
Enter the required aging time for TCP connections. TCP connections are stored until no
data exchange has taken place for the set period. Depending on the cyclic check when
the Idle Timeout has elapsed, the connections are deleted from the table "NAT
translations".
● UDP Timeout[s]
Enter the required aging time for UDP connections. UDP connections are stored until no
data exchange has taken place for the set period. Depending on the cyclic check when
the Idle Timeout has elapsed, the connections are deleted from the table "NAT
translations".
● Interface
Select an IP interface from the drop-down list on which you want to configure NAT.
As soon as you have configured an interface as a NAT interface, all other configurations
are considered starting from this interface. This means for this interface that all networks
reachable via the interface itself count as "Outside". All other networks are "Inside".

Note
If you have configured several NAT interfaces on a device, this means that a network is
"Outside" from the perspective of one NAT interface and "Inside" from the perspective of
another NAT interface.

● NAT
Enable or disable NAT for an IP interface.
An entry is created automatically in the "Pool" tab. The device can be reached from the
external network using the IP address of the IP interface.
If you disable NAT for an IP interface and there are no configurations on the NAT
interface, the entry is automatically deleted from the table.
● NAPT
Enable or disable NAPT for an IP interface.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

300 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

The table has the following columns:

● Interface
Interface on which there is a NAT configuration.
● NAT
Shows whether NAT is enabled or disabled for the selected IP interface.
NAT is only enabled, when you have enabled NAT for the entire device.
● NAPT
Shows whether NAPT is enabled or disabled for the selected IP interface.
NAPT is only enabled, when you have enabled NAT for the entire device.
If you do not create any further configurations for NAPT, the dynamic port translation is
enabled automatically.
As default, a device in the internal network cannot be reached from an external network.
If the internal device wants to communicate in an external network, the inside local
address and the IP address of the IP interface have a port added and the internal device
is assigned as inside local and inside global address. Using this inside global address,
the internal device can be reached from the external network until the timer of the
connection elapses.

Procedure
To configure NAT/NAPT proceed as follows:
1. Enter the required times.
2. Select the required IP interface.
3. Enable NAT/NAPT for the selected IP interface.
4. Click the "Set Values" button.
5. Make the settings you require for NAT/NAPT in the NAT/NAPT tabs.
6. Select the "NAT" check box on this tab.
7. Click the "Set Values" button.

5.6.3.2 Static
On this WBM page, you configure static 1:1 address translations.
You specify which inside global address the inside local address of a device will be
converted to and vice versa. This variant allows connection establishment in both directions.
The device in the internal network can be reached from the external network.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 301
Configuring with Web Based Management
5.6 The "Layer 3" menu

Description
The page contains the following boxes:
● Interface
Select the a NAT interface from the drop-down list for which you want to create further
NAT configurations.
● Inside Local Address
Enter the actual address of the device that should be reachable from external.
● Inside Global Address
Enter the address at which the device can be reached from external.
The table has the following columns:
● 1st column
Select the check box in the row to be deleted.
● Interface
NAT interface to which the setting relates.
● Inside Local Address
Shows the actual address of the device that should be reachable from external.
● Inside Global Address
Shows the address at which the device can be reached from external.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

302 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

Procedure
To create a 1:1 address translation, proceed as follows:
1. Select the a NAT interface from the "Interface" drop-down list:
2. In "Inside Local Address" enter the actual address of the device that should be reachable
from external.
3. In "Inside Global Address" enter the address at which the device can be reached from
external.

5.6.3.3 Pool
On this WBM page, you configure dynamic address translations.
As default, a device in the internal network cannot be reached from an external network. If
the internal device wants to communicate in an external network, an inside global address is
assigned to it dynamically. Using this inside global address, the internal device can be
reached from the external network until the timer of the connection elapses.

Description
The page contains the following boxes:
● Interface
Select the a NAT interface from the drop-down list for which you want to create further
NAT configurations.
● Inside Global Address
Enter the start address for the dynamic assignment of addresses at which devices will be
reachable from external.
● Inside Local Address Mask
Enter the address mask of the external subnet.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 303
Configuring with Web Based Management
5.6 The "Layer 3" menu

The table has the following columns:

● 1st column
Select the check box in the row to be deleted.
● Interface
NAT interface to which the setting relates.
● Inside Global Address
Shows the start address for the dynamic assignment of addresses at which devices will
be reachable from external.
● Inside Local Address Mask
Shows the address mask of the external subnet.

Procedure
To create a dynamic address translation, proceed as follows:
1. Select the a NAT interface from the "Interface" drop-down list:
2. In "Inside Global Address" enter the start address for the dynamic assignment of
addresses at which devices will be reachable from external.
3. In "Inside Global Address Mask" enter the address mask of the external subnet.

5.6.3.4 NAPT
On this WBM page, you configure static port translations.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

304 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.6 The "Layer 3" menu

Description
The page contains the following boxes:
● Interface
Select the a NAT interface from the drop-down list for which you want to create further
NAT configurations.
● Inside Local Address
Enter the actual address of the device that should be reachable from external.
● Service
Select the service for which the port translation is valid.
When you select a service, the same port is entered in the Start Port and End Port boxes.
If you change the start port, the end port is changed accordingly.
if you select the entry "-", you can enter the start and end port freely.
● Start Port
Enter an inside local port.
● End Port
Depending on your selection in the "Service" drop down list, you can enter a inside local
port or a port is displayed.
If you enter different ports in the Start Port and End Port boxes, the same port range is
entered in the Inside Global Port box. A port range can only be translated to the same
port range.
If you enter the same port in the Start Port and End Port boxes, you can enter any Inside
Global Port.
● Inside Global Port
Depending on your selection in the "Service" drop down list, you can enter a port or a port
is displayed.
● Protocol
Select the protocol for which the port translation is valid.
● Description
Enter a description for the port translation.
The table has the following columns:
● 1st column
Select the check box in the row to be deleted.
● Interface
NAT interface to which the setting relates.
● Inside Local Address
Shows the actual address of the device that should be reachable from external.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 305
Configuring with Web Based Management
5.7 The "Security" menu

● Start Port
Shows the start port that will be assigned to the inside local address.
● End Port
Shows the end port that will be assigned to the inside local address.
● Protocol
Shows the protocol for which the port translation is valid.
● Inside Global Address
Shows the address at which the device can be reached from external.
● Inside Global Port
Shows the port that will be assigned to the Inside Global Address.
● Description
Shows a description for the port translation.

Procedure
To create a static port translation, proceed as follows:
1. Select the a NAT interface from the "Interface" drop-down list:
2. In "Inside Local Address" enter the actual address of the device that should be reachable
from external.
3. Select a service.
4. Depending on your selection in the "Service" drop-down list specify the start, end and
inside global port.
5. Select a protocol.
6. Enter a description for the port translation.

5.7 The "Security" menu

5.7.1 User management

Overview of user management

Access to the device is managed by configurable user settings. Set up users with a
password for authentication. Assign a role with suitable rights to the users.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

306 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

The authentication of users can either be performed locally by the device or by an external
RADIUS server. You configure how the authentication is handled on the "Security > AAA >
General" page.

Note
When you transfer the configuration of a device to STEP 7 (TIA Portal), the configured users
are not transferred.

Local logon
The local logging on of users by the device runs as follows:
1. The user logs on with user name and password on the device.
2. The device checks whether an entry exists for the user.
→ If an entry exists, the user is logged in with the rights of the associated role.
→ If no corresponding entry exists, the user is denied access.

Login via an external RADIUS server

RADIUS(Remote Authentication Dial-In User Service) is a protocol for authenticating and
authorizing users by servers on which user data can be stored centrally.
The authentication of users via a RADIUS server is as follows:
1. The user logs on with user name and password on the device.
2. The device sends an authentication request with the login data to the RADIUS server.
3. The RADIUS server runs a check and signals the result back to the device.
– The RADIUS server reports a successful authentication and for the "Service Type"
attribute returns the value "Administrative User" to the device
→ The user is logged in with read/write rights.
– The RADIUS server reports a successful authentication and returns a different or even
no value to the device for the attribute "Service Type".
→ The user is logged in with read rights.
– The RADIUS server reports a failed authentication to the device:
→ The user is denied access.

Assignment of a VLAN via RADIUS or guest VLAN in Base Bridge mode "802.1Q VLAN Bridge"
Authentication with a change to the VLAN configuration

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 307
Configuring with Web Based Management
5.7 The "Security" menu

If during authentication a port is assigned to a VLAN dynamically using the function "RADIUS
VLAN Assignment Allowed" or "Guest VLAN" the options are as follows:
● If the VLAN that is to be assigned has not been created on the device, the authentication
is rejected.
● If the VLAN that is to be assigned has been created on the device:
– The port becomes an untagged member in the assigned VLAN if it was not already.
→ This makes it possible for the static configuration of the port in this VLAN to be
overwritten and not restored if the authentication is retracted.
– The port VID of the port is changed to the ID of the assigned VLAN.

Note
If the port is only to be assigned to one VLAN, you need to adapt the VLAN configuration
manually. As default, all ports are untagged members in "VLAN 1".

If the authentication is canceled, e.g. by link down, the dynamic changes are canceled.
● The port is no longer a member in the assigned VLAN.
● The port VID of the port is reset to the value it had prior to authentication.

Note
If the port VID corresponds to the assigned port VID prior to authentication, the port
remains an untagged member in this VLAN.

Authentication without a change to the VLAN configuration

If during authentication no VLAN is assigned either by the function "RADIUS VLAN
Assignment Allowed" or by "Guest VLAN", the existing VLAN configuration of the port
remains unchanged.

5.7.2 Users

5.7.2.1 Local Users

Local users
On this page, you create local users with the corresponding rights.

Note
The values displayed depend on the rights of the logged-in user.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

308 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 309
Configuring with Web Based Management
5.7 The "Security" menu

Description
The page contains the following boxes:
● User Account
Enter the name for the user. The name must meet the following conditions:
– It must be unique.
– It must be between 1 and 32 characters long.

Note
User name cannot be changed
After creating a user, the user name can no longer be modified.
If a user name needs to be changed, the user must be deleted and a new user created.

Note
User "user" preset in the factory
As of firmware version 2.1, the default user set in the factory "user" is no longer available
when the product ships.
If you update a device to firmware V2.1, the user "user" is initially still available. If you
reset the device to the factory settings ("Restore Factory Defaults and Restart"), the user
"user" is deleted.
You can create new users with the role "user".

● Password Policy
Shows which password policy is being used on the device:
– High
Password length: at least 8 characters, maximum 32 characters
At least 1 uppercase letter
At least 1 special character
At least 1 number
– Low
Password length: at least 6 characters, maximum 32 characters
You configure the password policy of the device on the page "Security > Passwords >
Options".
● Password
Enter the password. The strength of the password depends on the set password policy.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

310 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

● Password Confirmation
Enter the password again to confirm it.
● Role
Select a role:
– user
Read rights: Users with this role can read device parameters but cannot change them.
Users with this role can change their own password.
– admin
Read/write rights: Users with this role can both read and change device parameters.
Users can change the passwords for all user accounts.
The table contains the following columns:
● Select
Select the check box in the row to be deleted.

Note
The users preset in the factory as well as logged in users cannot be deleted or changed.

● User Account
Shows the user name.
● Role
Shows the role of the user.

Procedure

Note
Changes in "Trial" mode
Even if the device is in "Trial" mode, changes that you carry out on this page are saved
immediately.

Creating users
1. Enter the name for the user.
2. Enter the password for the user.
3. Enter the password again to confirm it.
4. Select the role of the user.
5. Click the "Create" button.
Deleting users
1. Select the check box in the row to be deleted.
2. Click the "Delete" button. The entries are deleted and the page is updated.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 311
Configuring with Web Based Management
5.7 The "Security" menu

5.7.3 Passwords

5.7.3.1 Passwords

Configuration of the device passwords

Note
If you are logged in via a RADIUS server, you cannot change any local device passwords.

On this page, you can change passwords. If you are logged on with read/write rights, you
can change the passwords for all user accounts. If you are logged in with read rights, you
can only change your own password.

Description of the displayed values

The page contains the following boxes:
● Current User
Shows the user that is currently logged in.
● Current User Password
Enter the password for the currently logged on user.
● User Account
Select the user whose password you want to change.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

312 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

● Password Policy
Shows which password policy is being used when assigning new passwords.
– High
Password length: at least 8 characters, maximum 32 characters
At least 1 uppercase letter
At least 1 special character
At least 1 number
– Low
Password length: at least 6 characters, maximum 32 characters
● New Password
Enter the new password for the selected user.
It cannot contain the following characters:
– §?";:
– The character for Delete and blanks also cannot be included.
● Password Confirmation
Enter the new password again to confirm it.

Procedure

Note
When you log in for the first time or following a "Restore Factory Defaults and Restart" with
the preset user "admin" you will be prompted to change the password. You can also rename
the user preset in the factory "admin" once.
The user name and the password are set as follows in the factory:
• admin: admin

Note
Changing the password in "Trial" mode
Even if you change the password in "Trial" mode, this change is saved immediately.

1. Enter the password for the currently logged in user in the "Current User Password" input
box.
2. In the "User Account" drop-down list select the user whose password you want to
change.
3. Enter the new password for the selected user in the "New Password" input box.
4. Repeat the new password in the "Password Confirmation" input box.
5. Click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 313
Configuring with Web Based Management
5.7 The "Security" menu

5.7.3.2 Options
On this page you specify which password policy will be used when assigning new
passwords.

Description
● Password Policy
Shows which password policy is currently being used.
● New Password Policy
Select the required setting from the drop-down list.
– High
Password length: at least 8 characters, maximum 32 characters
at least 1 uppercase letter
at least 1 special character
at least 1 number
– Low
Password length: at least 6 characters, maximum 32 characters

5.7.3.3 Options
On this page you specify which password policy will be used when assigning new
passwords.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

314 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

Description
● Password Policy
Shows which password policy is currently being used.
● New Password Policy
Select the required setting from the drop-down list.
– High
Password length: at least 8 characters, maximum 128 characters
At least 1 uppercase letter
At least 1 special character
At least 1 number
– Low
Password length: at least 6 characters, maximum 128 characters

5.7.4 AAA

5.7.4.1 General

Login of network nodes

The designation used "AAA"" stands for "Authentication, Authorization, Accounting". This
feature is used to identify and allow network nodes and to make the corresponding services
available to them.
On this page, you configure the login.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 315
Configuring with Web Based Management
5.7 The "Security" menu

Description of the displayed boxes

The page contains the following boxes:

Note
To be able to use the login authentication "RADIUS", a RADIUS server must be stored and
configured for user authentication.

● Login Authentication
Specify how the login is made:
– Local
The authentication must be made locally on the device.
– RADIUS
The authentication must be handled via a RADIUS server.
– Local and RADIUS
The authentication is possible both with the users that exist on the device (user name
and password) and via a RADIUS server.
The user is first searched for in the local database. If the user does not exist there, a
RADIUS request is sent.
– RADIUS and fallback Local
The authentication must be handled via a RADIUS server.
A local authentication is performed only when the RADIUS server cannot be reached
in the network.

5.7.4.2 RADIUS Client

Login via an external server

The concept of RADIUS is based on an external authentication server.
Each row of the table contains access data for one server. In the search order, the primary
server is queried first. If the primary server cannot be reached, secondary servers are
queried in the order in which they are entered.
If no server responds, there is no authentication.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

316 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

Description of the displayed boxes

The table has the following columns:
● Select
Select the row you want to delete.
● Auth. Server Type
Select which authentication method the server will be used for.
– Login
The server is used only for the login authentication.
– 802.1X
The server is used only for the 802.1X authentication.
– Login & 802.1X
The server is used for both authentication procedures.
● RADIUS Server Address
Enter the IPv4 address of the RADIUS server.
● Server Port
Here, enter the input port on the RADIUS server. As default, input port 1812 is set.
Range of values: 1 - 65535
● Shared Secret
Enter the access identifier of the RADIUS server.
Range of values: 1 to 46 characters
● Shared Secret Conf.
Enter your access ID again as confirmation.
● Max. Retrans.
Here, enter the maximum number of retries for an attempted request.
The initial connection attempt is repeated the number of times specified here before
another configured RADIUS server is queried or the login counts as having failed. As
default 3 retries are set, this means 4 connection attempts.
Range of values: 1 - 5
● Primary Server
Using the options in the drop-down list, specify whether or not a server is the primary
server. You can select one of the options "yes" or "no". You can only define one primary
server.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 317
Configuring with Web Based Management
5.7 The "Security" menu

● Test
With this button, you can test whether or not the specified RADIUS server is available.
The test is performed once and not repeated cyclically.
● Test Result
Shows whether or not the RADIUS server is available:
– Failed, no test packet sent
The IP address is not reachable.
The IP address is reachable, the RADIUS server is, however, not running.
– Reachable, key not accepted
The IP address is reachable, the RADIUS server does not, however accept the
specified shared secret.
– Reachable, key accepted
The IP address is reachable, the RADIUS server accepts the specified shared secret.
The test result is not automatically updated. The result of the last test is displayed until
you delete it with the "Refresh" button.

Steps in configuration
Entering a new server
1. Click the "Create" button. A new entry is generated in the table.
The following default values are entered in the table:
– Auth. Server Type: Login & 802.1X
– RADIUS Server Address: 0.0.0.0
– Server Port: 1812
– Max. Retrans.: 3
– Primary server: No
2. In the relevant row, enter the following data in the input boxes:
– Auth. Server Type
– RADIUS Server Address
– Server Port
– Shared Secret
– Shared Secret Confirmation
– Max. Retrans.: 3
– Primary server: No
3. Click the "Set Values" button.
4. If necessary, test the reachability of the RADIUS server.
Repeat this procedure for every server you want to enter.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

318 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

Modifying servers
1. In the relevant row, enter the following data in the input boxes:
– Auth. Server Type
– RADIUS Server Address
– Server Port
– Shared Secret
– Shared Secret Confirmation
– Max. Retrans.
– Primary Server
2. Click the "Set Values" button.
3. If necessary, test the reachability of the RADIUS server.
Repeat this procedure for every server whose entry you want to modify.
Deleting servers
1. Click the check box in the first column before the row you want to delete to select the
entry for deletion.
Repeat this for all entries you want to delete.
2. Click the "Delete" button.
All selected entries are deleted and the display is refreshed.

5.7.4.3 802.1X Authenticator

Setting up network access

An end device can only access the network after the device has verified the login data of the
device with the authentication server. The authentication can be via 802.1X or the MAC
address.
When authenticating using 802.1X both the end device and the authentication server must
support the EAP protocol (Extensive Authentication Protocol).

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 319
Configuring with Web Based Management
5.7 The "Security" menu

Enabling authentication for individual ports

By enabling the relevant options , you specify for each port whether or not network access
protection according to IEEE 802.1X is enabled on this port.

Figure 5-9 802.1x Authenticator - first part of the table

Figure 5-10 802.1X Authenticator - second part of the table

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

320 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

Description of the displayed boxes

The page contains the following boxes:
● MAC Authentication
Enable or disable MAC Authentication for the device.
● Guest VLAN
Enable or disable the "Guest VLAN" function for the device.
Table 1 has the following columns:
● 1st column
Shows that the settings are valid for all ports of table 2.
● 802.1X Auth. Control
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● 802.1x Re-authentication
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● MAC Authentication
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● MAC Auth. only on Timeout
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● RADIUS VLAN Assignment Allowed
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● MAC Auth. Max Allowed Addresses
Specify how many MAC addresses can communicate on the port at the same time.
If "No Change" is selected, the entry in table 2 remains unchanged.
● Guest VLAN
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● Guest VLAN ID
Select the required setting.
If "No Change" is selected, the entry in table 2 remains unchanged.
● Guest VLAN Max Allowed Addresses
Specify how many end devices are permitted in the "guest VLAN" on this port at the same
time.
If "No Change" is selected, the entry in table 2 remains unchanged.
● Copy to Table
When you click the button, the settings are adopted for all ports of table 2.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 321
Configuring with Web Based Management
5.7 The "Security" menu

Table 2 has the following columns:

● Port
This column lists all the ports available on this device.
● 802.1X Auth. Control
Specify the authentication of the port:
– Force Unauthorized
Data traffic via the port is blocked.
– Force Authorized
Data traffic via the port is allowed without any restrictions.
Factory setting
– Auto
End devices are authenticated on the port with the "802.1X" method.
The data traffic via the port is permitted or blocked depending on the authentication
result.
● 802.1X Re-Authentication
Enable this option if you want reauthentication of an already authenticated end device to
be repeated cyclically.
● MAC Authentication
Enable this option if you want end devices to be authenticated with the "MAC
Authentication" method.
If "Auto is configured for "802.1x Auth. Control and the " MAC Authentication is enabled,
the timeout for the "802.1X procedure is 5 seconds. If manual input is necessary at a port
for the authentication with the "802.1X" procedure, the 5 seconds may not be adequate.
To be able to run authentication using "802.1X", disable the MAC authentication on this
port.
● MAC Auth. only on Timeout
When the check box is selected, MAC authentication is only possible after a 802.1X
timeout, but not after a failed 802.1X authentication. When the check box is not selected,
MAC authentication is possible both after a 802.1X timeout and after a failed 802.1X
authentication.
● Adopt RADIUS VLAN Assignment
The RADIUS server informs the IE switch of the VLAN to which the port will belong.
Enable this option if you want the information of the server to be taken into account.
The port can only be assigned to the VLAN, if the VLAN has been created on the device.
Otherwise Authentication is rejected.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

322 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

● MAC Auth. Max Allowed Addresses

Specify how many MAC addresses can communicate on the port at the same time.

Note
If a device uses several MAC addresses, all MAC addresses must be authenticated.
Store all the MAC addresses to be authenticated on the RADIUS server. Enter the
number in the "MAC Auth. Max Permitted Addresses" box.

● Guest VLAN
Enable this option if you want the end device to be permitted in the guest VLAN if
authentication fails.
The port can only be assigned to the VLAN, if the VLAN has been created on the device.
Otherwise Authentication is rejected.
This function is also known as "Authentication failed VLAN".
● Guest VLAN ID
Enter the VLAN ID of the guest VLANs.
● Guest VLAN Max Allowed Addresses
Enter how many end devices are allowed on this port in the "guest VLAN" at the same
time.
● 802.1X Auth. Status
Shows the status of the authentication of the port:
– Authorized
– Not Authorized
● MAC Auth. Actual Allowed Addresses
Shows the number of currently permitted MAC addresses.
● MAC Auth. Actual Blocked Addreses
Shows the number of currently blocked MAC addresses.
● Guest VLAN Actual Allowed Addresses
Shows how many end devices are currently allowed in the "guest VLAN".

Steps in configuration
Enabling authentication for an individual port
1. Select the required options in the relevant row in table 2.
2. To apply the changes, click the "Set Values" button.
Enabling authentication for all ports
1. Select the required options in table 1.
2. Click the "Copy to Table" button. The relevant settings are adopted for all ports in table 2.
3. To apply the changes, click the "Set Values" button.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 323
Configuring with Web Based Management
5.7 The "Security" menu

5.7.5 Management ACL

Description of configuration
On this page, you can increase the security of your device. To specify which station with
which IP address is allowed to access your device, configure the IP address or an entire
address range.
You can select the protocols and the ports of the station with which it is allowed to access
the device.

Description of the displayed boxes

Note
Before you enable this function, note the following
A bad configuration may mean that you can no longer access the device. You can then only
remedy this by resetting the device to the factory defaults and then reconfiguring. You should
therefore configure an access rule that allows access to the management before you enable
the function.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

324 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

The page contains the following boxes:

● Management ACL
Enable or disable access control to the management of the IE switch.
As default, the function is disabled.

Note
If the function is disabled, there is unrestricted access to the management of the IE
switch. The configured access rules are only taken into account when the function is
enabled.

● IP Address
Enter the IPv4 address or the network address for which the rule will apply. If you use the
IPv4 address 0.0.0.0, the settings apply to all IPv4 addresses.
● Subnet Mask
Enter the subnet mask. The subnet mask 255.255.255.255 is for a specific IPv4 address.
If you want to allow a subnet, for example a class C subnet, enter 255.255.255.0. The
subnet mask 0.0.0.0 applies to all subnets.
The table has the following columns:
● Select
Select the row you want to delete.
● Rule Order
Shows the order in which the ACL rules are checked. As soon as a rule matches, it is
used. The following rules are ignored.
● IP Address
Shows the IPv4 address.
● Subnet Mask
Shows the subnet mask.
● VLANs Allowed
– In the Base Bridge mode "802.1Q VLAN Bridge"
Enter the number of the VLAN in which the device is located. The station can only
access the device if it is located in this configured VLAN. If this input box remains
empty, there is no restriction relating to the VLANs.
– In the Base Bridge mode "802.1D Transparent Bridge"
You cannot define any access rules relating to VLANs. The rules apply to all VLANs.

Note
Compatibility with older firmware versions
If you have defined certain VLANs with a firmware version < 1.2, the configuration of
the VLANs will be replaced during a firmware update with the default value "1-4094".

● SNMP
Specify whether the station (or the IPv4 address) can access the device using the SNMP
protocol.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 325
Configuring with Web Based Management
5.7 The "Security" menu

● TELNET
Specify whether the station (or the IPv4 address) can access the device using the
TELNET protocol.
● HTTP
Specify whether the station (or the IPv4 address) can access the device using the HTTP
protocol.
● HTTPS
Specify whether the station (or the IPv4 address) can access the device using the HTTPS
protocol.
● SSH
Specify whether the station (or the IPv4 address) can access the device using the SSH
protocol.
● Px.y
Specify whether the station (or the IPv4 address) can access the device via this port.
The port is made up of the module number and the port number, for example port 0.1 is
module 0, port 1.

Steps in configuration

Note
Before you enable this function, note the following
A bad configuration may mean that you can no longer access the device. You can then only
remedy this by resetting the device to the factory defaults and then reconfiguring. You should
therefore configure an access rule that allows access to the management before you enable
the function.

Note
Keep to the order
The order in which you create the ACL rules corresponds to the order in which the rules are
checked. As soon as a rule matches, it is used. The following rules are ignored.

Create new rule

1. Enter the IP address address in the "IP Address" input box.
2. Enter the subnet mask in the "Subnet Mask" input box.
3. Click the "Create" button to create a new row in the table.
4. Configure the entries of the new row.
5. Click the "Set Values" button to transfer the new entry to the device.
Enabling function
1. Select the "Management ACL" check box.
2. Click the "Set Values" button to enable the configured access rules.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

326 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Configuring with Web Based Management
5.7 The "Security" menu

Change rule
1. Configure the data of the rule you want to change.
2. Click the "Set Values" button to transfer the changes to the device.
Delete rule
1. Select the check box in the row to be deleted.
2. Repeat this procedure for every entry you want to delete.
3. Click the "Delete" button. The rules are deleted and the page is updated.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 327
Configuring with Web Based Management
5.7 The "Security" menu

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

328 Configuration Manual, 04/2018, C79000-G8976-C360-06
Troubleshooting/FAQ 6
6.1 Downloading new firmware using TFTP without WBM and CLI

Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.

Operating the button

To load new firmware, you require the button. When pressing the button, remember the
information in the appropriate operating instructions.
Press the "RESET" button on the SCALANCE XB-200 with only slight force.
Press the "SELECT/SET" button on the SCALANCE XC-200.
Press the "SET" button on the SCALANCE XF-200BA.
Press the "RESET" button on the SCALANCE XP-200 as far as the pressure point.
Press the "RESET" button on the SCALANCE XR-300WG.

Procedure with Microsoft Windows

Using TFTP, you can supply a device with new firmware even when it cannot be reached
using WBM or CLI. This section explains the procedure based on the example of Microsoft
Windows.
Follow the steps below to load new firmware using TFTP:
1. Turn off the power to the device.
2. Press the button and reconnect the power supply to the device while holding down the
button.
3. Hold down the button until the red fault LED "F" starts to flash.
4. Release the button as long as the red error LED is still flashing..

Note
This time only lasts a few seconds.

The bootloader of the device waits in this status for a new firmware file that you can
download by TFTP.
5. Connect a PC to port "P1" via an Ethernet cable.
6. Assign an IP address to the device using DHCP or the Primary Setup Tool.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 329
Troubleshooting/FAQ
6.2 Message: SINEMA configuration not yet accepted

7. Open a Windows command prompt and change to the directory where the file with the
new firmware is located and then execute the following command :
tftp -i <IP address> put <firmware file>

Note
You can enable TFTP in Microsoft Windows as follows:
"Control Panel" > "Programs and Features" > "Turn Windows features on or off" > "TFTP
Client".

8. Once the firmware has been transferred completely to the device and validated, there is
an automatic restart on the device. This may take several minutes.

6.2 Message: SINEMA configuration not yet accepted

When the following message is displayed in the display area an error has occurred
transferring the configuration from STEP 7 Basic / Professional as of V13 to the device:
"SINEMA Configuration not accepted yet. With restart of device, all configuration changes
will be lost."
One possible cause is, for example, that during transfer the device was not reachable.
If you now change a parameter directly on the device (WBM/CLI/SNMP) these changes are
lost when the device restarts.

Solution
1. Open the relevant STEP 7 project in STEP 7 Basic / Professional
2. Open the project view.
3. Select the device in the project tree.
4. Select the "Go to network view" command in the shortcut menu.
5. Select the device in the network view.
6. In the shortcut menu of the selected device select the command "SCALANCE
configuration > Save as start configuration".

Result
The configuration is saved on the device. The message is no longer visible in the display
area. A configuration change directly on the device is no longer lost due to a restart of the
device.

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

330 Configuration Manual, 04/2018, C79000-G8976-C360-06
Index

DHCP
Client, 128
A Server, 131
DLR, 39
Access control, 272, 274
DSCP, 211
Automatic learning, 274
DST
ACL, 274, 324
Daylight saving time, 157, 159
Aging
Dynamic MAC Aging, 236
Aging time, 280
E
Alarm events, 126
Article number, 64 E-Mail function, 126
Authentication, 153, 320 Alarm events, 126
Available system functions, 13 Line monitoring, 126
Error status, 67
Error type
B Collisions, 82
CRC, 82
Bridge, 248
Fragments, 82
Bridge priority, 248
Jabbers, 82
Root bridge, 248
Oversize, 82, 82
Bridge Max Age, 249
Undersize, 82, 82
Bridge Max Hop Count, 249
Ethernet Statistics
Broadcast, 285
History, 83
Button, 170, 329
Interface statistics, 78
Packet Error, 81
Packet Size, 79
C
Packet Type, 80
Cable test, 200 Ethernet/IP, 39
Class of Service, 210 Event log table, 66
Combo Port Media Type, 174, 181 Events
Command Line Interface (CLI), 329 Log Table, 66
Configuration mode, 101
CoS, 210
Queue, 210 F
CoS (Class of Service), 41
Fault monitoring
C-PLUG, 190
Connection status change, 184
Formatting, 192
Redundancy, 186
Saving the configuration, 192
Filter
CRC, 82
Filter configuration, 271
Firmware, 329
Forward Delay, 249
D
DCP Discovery, 194
DCP Forwarding, 264 G
DCP server, 99, 264
Geographic coordinates, 103
Glossary, 11
GMRP, 282

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 331
Index

GVRP, 224 Mirroring, 45

General, 233
Port, 235
H MSTP, 254
Port, 250
Hardware version, 64
Port parameters, 256
Hello time, 249
MSTP instance, 256, 256
HRP, 241
Multicast, 277
HTTP
Multiple Spanning Tree, 250, 254
Load/save, 110
HTTPS
Server, 99
N
NAPT
I Configuring, 305
NAT
IGMP, 280
Configuring, 300, 302, 303
Information
NAT Translations, 92
ARP table, 65
Negotiation, 174
LLDP, 87
NFC, 100
Log Table, 66
NTP, 277
Ring redundancy, 72, 74
Client, 165
Security, 97
SNMP, 96, 96
Spanning tree, 69
P
Start page, 57
Versions, 62 Packet Error
Collisions, 82
CRC, 82
L Fragments, 82
Jabbers, 82
LACP, 261
Oversize, 82
Layer 2, 204
Undersize, 82
Line monitoring, 126
Packet error statistics, 81
Link Check, 76
Password, 312
Link Check Status, 76
Options, 314, 315
LLDP, 87, 266
Ping, 193
Local users, 308
PLUG, 190
Location, 103
C-PLUG, (C-PLUG)
Logging in
PoE, 196, 197
via HTTP, 55
Port, 197
via HTTPS, 55
point-to-point, 27
Logout
Port, 177
Automatic, 169
Link Check, 76
Loop, 258
Port configuration, 173, 183
Loop detection, 258, 258
Port configuration, 177, 183
Port diagnostics
Cable test, 200
M
SFP Diagnostics, 201
Maintenance data, 64 Power over Ethernet, 196
Management ACL, 324 Port, 197
Manufacturer, 64 Power supply
Monitoring, 183

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

332 Configuration Manual, 04/2018, C79000-G8976-C360-06
 Index

Primary Setup Tool, 264 SNMP, 46, 100, 145, 149

Prioritization, 213 Groups, 149
Priority, 213, 249 Overview, 96
PROFINET, 25, 187 SNMPv1, 46
PROFINET IO, 25 SNMPv2c, 46
PST, 264 SNMPv3, 46
Trap, 148
Users, 152
Q Software version, 64
Spanning tree, 246
QoS, 213
Enhanced Passive Listening Compatibility, 258
QoS Trust, 41
Information, 69
RSTP, 247
Spanning Tree
R
Rapid Spanning Tree, 27
RADIUS, 316 SSH
Rate control, 217 Server, 99
Reboot, 106 Standby, 241
Redundancy, 238, 241 Standby redundancy, 38
Redundancy procedure Start page, 57
HRP, 28 STEP 7, 264
Redundant networks, 248 STP, 247
Reset, 106 Subnet mask, 19
RESET button, 170, 329 Subnets
Ring redundancy, 238 Configuration (IPv4), 293
HRP, 206, 238 Default gateway, 294
MRP, 206, 238 Overview (IPv4), 290
Ring ports, 239 Syslog, 171
Standby, 241 Client, 99
RMON System
History, 288 Configuration, 98
Statistics, 286 General information, 102
Root Max Age, 249 System event log
Routing Agent, 171
Routing table, 91 System events
RSTP, 247 Configuration, 121
Severity filter, 125
System manual, 11
S
Scope of the manual, 9
T
Security settings, 149
SELECT/SET button, 170, 329 Telnet
Serial number, 64 Server, 99
SET button, 329 TFTP
SFP Diagnostics, 201 Load/save, 113
SFTP Time of day
Load/save, 116 Manual setting, 155
SHA algorithm, 149 NTP (Network Time Protocol), 165
SIMATIC NET glossary, 11 SIMATIC Time Client, 168
SIMATIC NET manual, 11 SNTP (Simple Network Time Protocol), 162
SMTP System time, 155
Client, 99 Time zone, 164, 167

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

Configuration Manual, 04/2018, C79000-G8976-C360-06 333
Index

Time-of-day synchronization, 162, 165

UTC time, 164, 167, 167
Time setting, 100
Trust Mode, 213

V
Vendor ID, 64
VLAN, 40
Port VID, 226
Priority, 226
Tag, 226
VLAN ID, 42
VLAN tag, 40

W
Web Based Management, 53
Requirement, 53
Web Based Management (WBM), 329

SCALANCE XB-200/XC-200/XF-200BA/XP-200/XR-300WG Web Based Management

334 Configuration Manual, 04/2018, C79000-G8976-C360-06