Siemens SCALANCE XM-400 Instructions Manual
  1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Wireless Router
  5. SCALANCE XM-400
  6. Instructions manual

Siemens SCALANCE XM-400 Instructions Manual

Configuring the virtual router redundancy protocol
Hide thumbs Also See for SCALANCE XM-400:
Table of Contents

Advertisement

Quick Links

Download this manual
Configuring the
Virtual Router
Redundancy Protocol
(VRRP)
SCALANCE XM-400, SCALANCE XR-500, SCALANCE S
https://support.industry.siemens.com/cs/ww/en/view/109798556
Siemens
Industry
Online
Support

Advertisement

Table of Contents
loading

Related Manuals for Siemens SCALANCE XM-400

Summary of Contents for Siemens SCALANCE XM-400

  • Page 1 Configuring the Virtual Router Redundancy Protocol (VRRP) Siemens SCALANCE XM-400, SCALANCE XR-500, SCALANCE S Industry Online https://support.industry.siemens.com/cs/ww/en/view/109798556 Support...

  • Page 2: Legal Information

    The foregoing provisions do not imply any change in the burden of proof to your detriment. You shall indemnify Siemens against existing or future claims of third parties in this connection except where Siemens is mandatorily liable.

  • Page 3: Table Of Contents

    Table of contents Table of contents Legal information ......................2 Introduction ......................5 Overview....................5 Principle of operation ................6 Components used ................8 Hardware setup ....................11 Engineering VRRP ................... 13 Commissioning PC and server ............13 Commissioning SCALANCE .............. 17 Configuring the master router ............
  • Page 4 Table of contents Change documentation ..............60 VRRP Entry-ID: 109798556, V1.0, 09/2021...

  • Page 5: Introduction

    1 Introduction Introduction Overview You have been tasked with ensuring reliability and operational security between different subnets. To accomplish this task, you need routers between the network interfaces. Problem The router in the network has a technical error. All servers in subnet B are no longer reachable.

  • Page 6: Principle Of Operation

    1 Introduction Principle of operation The functional principle of the Virtual Router Redundancy Protocol (VRRP) lies in providing a virtual router as a gateway for the end nodes. Two or more routers are hidden behind this gateway. One of these routers is active and assumes the role of the master and thus the routing.
  • Page 7 1 Introduction Example: VRID 10 00-00-5e-00-01-0a VRID 100 00-00-5e-00-01-64 Common IP (Associated IP Addresses) Figure 1-3 depicts two routers. Both have an IP interface in the network 192.168.0.0/24. Router 1 has the IP address 192.168.0.2, router 2 has 192.168.0.3. With the help of VRRP, an IP address is defined as the address of the virtual router.

  • Page 8: Components Used

    1 Introduction Components used SCALANCE XM-400 and XR-500 The devices of the SCALANCE XM-400 series and the devices of the SCALANCE XR-500 series can be used as routers for automation. They meet all the requirements for IP routing. The following routing functions are available on the devices: •...
  • Page 9 1 Introduction This application example was created with the following hardware and software components: Table 1-1 Component Item number IP address and Router Note subnet mask SCALANCE 6GK5 408- Vlan 1: Associated IP: Master XM408-8C 8GR00-2AM2 192.168.1.2 255.255.255.0 VRID 10: 192.168.10.1 Vlan 10: 255.255.255.0...
  • Page 10 1 Introduction Component Item number IP address and Router Note subnet mask SCALANCE 6GK5 615- Vlan 1: Associated IP: This firewall S615 0AA00-2AA2 backup is an 192.168.1.3 alternative to 255.255.255.0 VRID 10: the XM408 192.168.10.1 router. Vlan 10: 255.255.255.0 192.168.10.3 255.255.255.0 VRID 20: 192.168.20.1...

  • Page 11: Hardware Setup

    2 Hardware setup Hardware setup The aim of the following application example is to establish communication between 2 PCs. Diagnostics need to be checked with a ping command from PC 1 to PC 2. The following figures show the physical network structure. The document explains 2 different hardware configurations: •...
  • Page 12 2 Hardware setup The Figure below shoes the hardware setup with the SCALANCE S615. Figure 2-2 VLAN10/ subnet – B 192.168.10.0/24 PC 1 IP address: 192.168.10.20 Subnet mask: 255.255.255.0 Gateway: 192.168.10.1 SCALANCE XC 206 IP address: 192.168.10.10 Subnet mask: 255.255.255.0 Gateway: 192.168.10.1 SCALANCE S615 (Master) SCALANCE S615 (Backup)

  • Page 13: Engineering Vrrp

    3 Engineering VRRP Engineering VRRP Commissioning PC and server Description This application example uses 2 PCs to test IP routing between the networks. You must enter a default router in all PCs. Only once it has been entered can the PC communicate with devices that are not in its own subnet.
  • Page 14 3 Engineering VRRP Entering a default router The following instructions show you how to enter a default router on the PC in Windows 10 using PC 2 as an example. Enter the default gateway in the Properties of your network adapter. Proceed as follows to open the properties of the network adapter: 1.
  • Page 15 3 Engineering VRRP 3. You will see all available network adapters / network cards. With the left mouse button, select the entry you are using from the list. 4. Right-click to open the context menu and click "Properties". The Properties window for the corresponding network adapter, network card or connection will open.
  • Page 16 3 Engineering VRRP 6. Then click the "Properties" button. The Properties window for Internet protocol version 4 opens. Configure the properties as follows: a. Set the option to "Use the following IP address". b. Enter the "IP address" intended for the PC. c.

  • Page 17: Commissioning Scalance

    3 Engineering VRRP Commissioning SCALANCE Some preparation is necessary before the SCALANCE XM-400 devices can be configured as a VRRP group. You must prepare the following points in advance: • Set up an Engineering PC • Reset SCALANCE to factory setting (if necessary) •...
  • Page 18 3 Engineering VRRP To establish a connection with the SCALANCE devices, the engineering PC is connected with port 1.1 of the respective SCALANCE. Figure 3-1 VLAN10/ subnet – B 192.168.10.0/24 SCALANCE XM408-8C (Master) SCALANCE XM408-8C (Backup) Port 1.1: Interface VLAN 1 Port 1.1: Interface VLAN 1 Function: Configuration Function: Configuration...
  • Page 19 3 Engineering VRRP Assigning the IP address The first assignment of an IP address for the SCALANCE cannot be done with Web Based Management, because this configuration tool requires an IP address in the first place. There are several ways to assign an IP address to an unconfigured device: •...
  • Page 20 3 Engineering VRRP 4. Click "Change Device Configuration". 5. Assign an IP address and a subnet mask. 6. Click "Load". VRRP Entry-ID: 109798556, V1.0, 09/2021...
  • Page 21 3 Engineering VRRP Result The IP address and subnet mask have been assigned. 7. Assign the VRRP routers and the switches their respective IP address, subnet mask and gateway. VRRP Entry-ID: 109798556, V1.0, 09/2021...
  • Page 22 3 Engineering VRRP Start Web Based Management The SCALANCE device has an integrated HTTP server for Web Based Management. To implement Web Based Management, the following conditions must be met: • The device has an IP address. • There is a connection between the SCALANCE and the engineering PC. You can use the ping command to check whether the SCALANCE is accessible.
  • Page 23 3 Engineering VRRP 4. When you log in for the first time or after a "Reset to factory settings and restart" using the default user, you will be prompted to change the password. Enter "admin" for the current user password. 5.

  • Page 24: Configuring The Master Router

    3 Engineering VRRP Configuring the master router To configure the SCALANCE XM408 as VRRP master, the following essential parameter assignment steps must be made: • Disable Spanning Tree Protocol • Create VLANs • Activate routing • Create subnets • Configure VRRP The following sections will show you how to configure the SCALANCE via Web Based Management.

  • Page 25: Create Vlans

    3 Engineering VRRP 3.3.2 Create VLANs Note You can only use VRRPv3 in connection with VLAN interfaces. Router ports are not supported. In the configuration discussed here, 3 different VLANs are configured: A TIA interface (VLAN 1) that serves as a configuration interface and 2 VLANs for the server (VLAN 10) and the cell (VLAN 20).
  • Page 26 3 Engineering VRRP 6. Open the "Port Assignment" tab. 7. Set "Port P1.3" to "U" (untagged) for VLAN 10. 8. Set "Port P1.4" to "U" (untagged) for VLAN 20. The packets will be sent without a tag. These settings apply only to outgoing telegrams. 9.

  • Page 27: Activate Routing

    3 Engineering VRRP 3.3.3 Activate routing Until now, only Layer 2 communication has functioned via the access router. However, the structure of the network makes it essential to communicate over Layer 3. Otherwise, data exchange between the network segments will not be possible.

  • Page 28: Create Subnets

    3 Engineering VRRP 3.3.4 Create subnets In its function as an IP router, the SCALANCE needs a separate IP address and subnet mask for each adjoining subnet. This is the only way it can send IP packets from one subnet to another subnet. Routes will be created automatically for the subnets entered.
  • Page 29 3 Engineering VRRP 4. Under the "Configuration" tab, select the interface whose IP address you wish to change. 5. For the "VLAN 10", enter the IP address 192.168.10.2 and the subnet mask 255.255.255.0. 6. Click the "Set Values" button. 7. Now select VLAN 20 from the dropdown menu. 8.

  • Page 30: Configure Vrrp

    3 Engineering VRRP 3.3.5 Configure VRRP The section below describes how to configure the Virtual Router Redundancy Protocol V3 (VRRPv3). The master router will act as master in the VLANs 10 and Note Running VRRP and VRRPv3 at the same time is not possible. Creating the virtual router instance 1.
  • Page 31 3 Engineering VRRP 4. Leave the "Master" function unticked. The reason for this is that when the master is named explicitly, its IP address is also automatically entered as the Associated IP Address. This is not desired here, as the VRRP partners should respond to a third, virtual IP address. 5.

  • Page 32: Configuring The Addresses

    3 Engineering VRRP Configuring the addresses For VRRP to function, the VRRP router instances must be assigned IP addresses. Here, both Layer 3 routers receive the first address in the subnet. As a consequence, one router will always be reachable at the address XX.XX.XX.1, which is the first address in the subnet.
  • Page 33 3 Engineering VRRP Result The "Addresses Overview" tab lists an overview of all assigned addresses. VRRP Entry-ID: 109798556, V1.0, 09/2021...

  • Page 34: Configuring The Backup Router

    3 Engineering VRRP Configuring the backup router To configure the SCALANCE XM408 as VRRP backup, the following essential parameter assignment steps must be made: • Disable Spanning Tree Protocol • Create VLANs • Activate routing • Create subnets • Configure VRRP The following sections will show you how to configure the SCALANCE via Web Based Management.

  • Page 35: Create Vlans

    3 Engineering VRRP 3.4.2 Create VLANs Note You can only use VRRPv3 in connection with VLAN interfaces. Router ports are not supported. In the configuration discussed here, 3 different VLANs are configured: A TIA interface (VLAN 1) that serves as a configuration interface and 2 VLANs for the server (VLAN 10) and the cell (VLAN 20).
  • Page 36 3 Engineering VRRP Tagging To correctly configure the VLANs, the tagging for incoming telegrams that reach the switch without a tag must also be set. 1. Open the "Port Based VLAN" tab. 2. Assign "VLAN 10" to "Port P1.3". 3. Assign "VLAN 20" to "Port P1.4". 4.

  • Page 37: Activate Routing

    3 Engineering VRRP 3.4.3 Activate routing Until now, only Layer 2 communication has functioned via the access router. However, the structure of the network makes it essential to communicate over Layer 3. Otherwise, data exchange between the network segments will not be possible.

  • Page 38: Create Subnets

    3 Engineering VRRP 3.4.4 Create subnets In its function as an IP router, the SCALANCE needs a separate IP address and subnet mask for each adjoining subnet. This is the only way it can send IP packets from one subnet to another subnet. Automatic routes will be created for the subnets entered.
  • Page 39 3 Engineering VRRP 4. Click the "Set Values" button. 5. Select vlan20 (vlan20) from the "Interface (Name)" dropdown menu. 6. For the "VLAN 20", enter the IP address 192.168.20.3 and the subnet mask 255.255.255.0. 7. Click the "Set Values" button. VRRP Entry-ID: 109798556, V1.0,...

  • Page 40: Configure Vrrp

    3 Engineering VRRP 3.4.5 Configure VRRP The section below describes how to configure the Virtual Router Redundancy Protocol V3 (VRRPv3). The backup router should act as a backup in VLANs 10 and 20. Note Running VRRP and VRRPv3 at the same time is not possible. Create the virtual router instance 1.
  • Page 41 3 Engineering VRRP 4. Leave the "Master" function unticked. The reason for this is that when the master is named explicitly, its IP address is also automatically entered as the Associated IP Address. This is not desired here, as the VRRP partners should respond to a third, virtual IP address. 5.

  • Page 42: Address Configuration

    3 Engineering VRRP Address configuration For VRRP to function, the VRRP router instances must be assigned IP addresses. Here, both Layer 3 routers receive the first address in the subnet. As a consequence, one router will always be reachable at the address XX.XX.XX.1, which is the first address in the subnet.
  • Page 43 3 Engineering VRRP Result The assigned addresses will be listed in the "Addresses Overview" tab. VRRP Entry-ID: 109798556, V1.0, 09/2021...

  • Page 44: Checking The Vrrp Status

    3 Engineering VRRP Checking the VRRP status Each VRRP router as the following three states: • Initializing • Master • Backup The initial state is Initializing, while Master and Backup are chosen by comparing priorities. In the previous chapters Configuring the master router Configuring the backup router, you defined the statuses of master and backup.

  • Page 45: Engineering Of Firewall Redundancy With Vrrp

    4 Engineering of firewall redundancy with VRRP Engineering of firewall redundancy with VRRP The following configuration example uses the SCALANCE S615 firewall routers instead of the SCALANCE XM408-8C routers. The configuration is identical to the SCALANCE XM408-8C. The following example illustrates which additional firewall settings on the master and backup need to be programmed.
  • Page 46 4 Engineering of firewall redundancy with VRRP Overview of VRRP firewall configuration To configure the VRRP firewall rules, you must perform two steps in the SCALANCE S615. 1. Create an IP protocol in the firewall configuration with IP protocol number and the protocol names.

  • Page 47: Configuring The Master Router

    4 Engineering of firewall redundancy with VRRP Configuring the master router 1. In the Web Based Management for the SCALANCE S615 master router, navigate to the menu "Security > Firewall". 2. Click the "IP Protocols" tab. 3. Call the "Protocol Name" VRRP. 4.

  • Page 48: Configuring The Backup Router

    4 Engineering of firewall redundancy with VRRP 12. Repeat steps 8 to 11 with the second rule from Table 4-1. 13. Create another IP rule that allows a ping between the PCs. Configuring the backup router 1. In the Web Based Management for the SCALANCE S615 backup router, navigate to the menu "Security >...
  • Page 49 4 Engineering of firewall redundancy with VRRP 12. Repeat steps 8 to 11 with the second rule from Table 4-1. 13. Create another IP rule that allows a ping between the PCs. VRRP Entry-ID: 109798556, V1.0, 09/2021...

  • Page 50: Testing The Vrrp Scenario

    5 Testing the VRRP scenario Testing the VRRP scenario The Command Prompt (cmd) has the commands ping and tracert for testing the availability between PC1 and PC2. Both of these commands are used to verify the availability of the network node. If errors occur between sender and receiver, the cause may be firewalls, errors along the route, or that the address was not used.
  • Page 51 5 Testing the VRRP scenario Switchover scenario with tracert Using the command "tracert IP address of the network node" it is possible to trace the route of a packet in the network. To do this, the command sends multiple ICMP echo request commands to the target address.

  • Page 52: Diagnostics Options

    5 Testing the VRRP scenario Diagnostics options You can diagnose errors in the WBM under "Information > Redundancy > VRRPv3 Statistics". Figure 5-2 The following errors will be displayed: • VRID error Displays how many VRRPv3 packets were received which contain an unsupported VRID.

  • Page 53: Error Profiles

    5 Testing the VRRP scenario Error profiles Error in the configuration of the advertisement interval Most of the time, these errors occur when the master router and backup router do not have the same configuration. An example of this is when the advertisement intervals are set to different values.

  • Page 54: Useful Information

    6 Useful information Useful information Normal operation The master router is responsible for the routing and cyclically sends VRRP advertisements to all its IP interfaces for which VRRP is enabled. In concrete terms, this means that sends an advertisement cyclically in both subnets. The backup router is not active here and listens to the VRRP advertisements of the master.

  • Page 55: Failure Of A Connection Cable

    6 Useful information 6.2.2 Failure of a connection cable Figure 6-3 Router 1 Subnet A Subnet B Master → Backup Master ping Virtual router 1. Failure Shared IP: Connection 192.168.0.1 PC 2 PC 1 Virtual Router ID (VRID): 1 Virtual router 192.168.1.100 192.168.0.100 Shared IP:...

  • Page 56: Tracking Process

    6 Useful information Tracking process Using the tracking process, you can monitor the interfaces and thus modify the VRRP priority. The tracking methods available to you are interface tracking, VRID tracking and address monitoring. 6.3.1 Interface tracking With interface tracking, the VRRP priorities of the router can be modified so that the switchover happens synchronously.

  • Page 57: Calculating The Failure Time

    6 Useful information Calculating the failure time In our example, the master router fails. What we need to calculate is the time until the backup router registers the failure of the master router. Figure 6-5 Router 1 Subnet A Subnet B Master →...
  • Page 58 6 Useful information ������������ �������� ���������������� = ( 3 ∗ 1 ) + = 3 + = 3.8046 �� In our example, router 2 registers the failure of the master router before the others thanks to its higher priority and resulting shorter skew time. It changes to the master state and sends advertisements.

  • Page 59: Appendix

    Industry Online Support Do you have any questions or need assistance? Siemens Industry Online Support offers round the clock access to our entire service and support know-how and portfolio. The Industry Online Support is the central address for information about our products, solutions and services.

  • Page 60: Industry Mall

    7 Appendix Industry Mall The Siemens Industry Mall is the platform on which the entire siemens Industry product portfolio is accessible. From the selection of products to the order and the delivery tracking, the Industry Mall enables the complete purchasing processing –...

This manual is also suitable for:

Scalance xr-500Scalance s

Table of Contents