background image

Approvals 

 

 

 

CP 1243-1 

138

 

Operating Instructions, 04/2017, C79000-G8976-C365-03 

Australia - RCM 

The CP meets the requirements of the AS/NZS 2064 standards (Class A). 
  

EAC (Eurasian Conformity) 

Customs union of Russia, Belarus and Kazakhstan 
Declaration of the conformity according to the technical regulations of the customs union 

(TR CU) 
  

Current approvals 

SIMATIC NET products are regularly submitted to the relevant authorities and approval 

centers for approvals relating to specific markets and applications. 
If you require a list of the current approvals for individual devices, consult your Siemens 

contact or check the Internet pages of Siemens Industry Online Support: 
Link: (

https://support.industry.siemens.com/cs/ww/en/ps/15922/cert

) 

Summary of Contents for CP 1243-1

Page 1: ..._____ ___________________ ___________________ SIMATIC NET S7 1200 TeleControl CP 1243 1 Operating Instructions 04 2017 C79000 G8976 C365 03 Preface Application and properties 1 LEDs and connectors 2 Installation connecting up commissioning 3 Configuration 4 Program blocks 5 Diagnostics and upkeep 6 Technical data 7 Approvals A Dimension drawings B Documentation references C ...

Page 2: ...e operated only by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNING...

Page 3: ... 1BX30 0XE0 Hardware product version 2 Firmware version V3 0 The CP 1243 1 is the communications processor for connecting the SIMATIC S7 1200 to control center systems via the public infrastructure e g DSL With the help of VPN technology and the firewall the CP allows protected access to the S7 1200 The CP can also be used as an additional interface of the CPU for S7 communication Figure 1 CP 1243...

Page 4: ...sed below for the STEP 7 Basic Professional configuration tool ES PC with the STEP 7 project Purpose of the manual This manual describes the properties of this module and supports you when installing and commissioning it The required configuration steps are described as an overview and there are explanations of the relationship between firmware functions and configuration You will also find inform...

Page 5: ...s manual there are often cross references to other sections To be able to return to the initial page after jumping to a cross reference some PDF readers support the command Alt Left arrow Sources of information and other documentation You will find an overview of further reading and references in the Appendix of this manual License conditions Note Open source software The product contains open sou...

Page 6: ...ilable and to always use the latest product versions Use of product versions that are no longer supported and failure to apply latest updates may increase customer s exposure to cyber threats To stay informed about product updates subscribe to the Siemens Industrial Security RSS Feed under Link http www siemens com industrialsecurity SIMATIC NET glossary Explanations of many of the specialist term...

Page 7: ...23 1 7 1 Hardware requirements 23 1 7 2 Software requirements 23 2 LEDs and connectors 25 2 1 Opening the covers of the housing 25 2 2 LEDs 26 2 3 Electrical connectors 30 2 3 1 Power supply 30 2 3 2 Ethernet interface X1P1 30 3 Installation connecting up commissioning 31 3 1 Important notes on using the device 31 3 1 1 Notices on use in hazardous areas 31 3 1 2 Notices on use in hazardous areas a...

Page 8: ...7 4 9 4 2 Notation for the source IP address advanced firewall mode 68 4 9 4 3 Firewall settings for configured connection connections via a VPN tunnel 68 4 9 4 4 Settings for online security diagnostics and downloading to station with the firewall activated 68 4 9 5 E mail configuration 69 4 9 6 Log settings Filtering of the system events 70 4 9 7 SNMP 70 4 9 8 Certificate manager 72 4 9 9 Handli...

Page 9: ...leControl Basic data points 112 4 11 Messages 113 4 12 Access to the Web server 115 5 Program blocks 117 5 1 Program blocks for OUC 117 5 2 Changing the IP address during runtime 119 6 Diagnostics and upkeep 121 6 1 Diagnostics options 121 6 2 Online security diagnostics via port 8448 123 6 3 Online functions and TeleService 123 6 4 SNMP 125 6 5 Processing status of e mails 126 6 6 Downloading fir...

Page 10: ...Table of contents CP 1243 1 10 Operating Instructions 04 2017 C79000 G8976 C365 03 ...

Page 11: ...mmunications services Communications services The following communications services are supported Telecontrol communication The CP is a communications processor of the SIMATIC S7 1200 for system attachment to the control center systems named above The CP can communicate with redundant control systems For each control center system the relevant telecontrol protocol is activated on the CP Type of co...

Page 12: ...be set manually in the configuration As an alternative the IP address can be obtained from a DHCP server or by other means outside the configuration Time of day synchronization The CP supports various methods of time of day synchronization You will find information in the section Time of day synchronization Page 42 For information on the format of the time stamp refer to the section Datapoint type...

Page 13: ...ions and TeleService Page 123 SNMP As an SNMP agent the CP supports data queries using SNMP Simple Network Management Protocol For more detailed information refer to section SNMP Page 125 1 4 Security functions Industrial Ethernet Security With Industrial Ethernet Security individual devices automation cells or network segments of an Ethernet network can be protected The data transfer via the CP c...

Page 14: ...urity functions are accessible to the S7 1200 station on the interface to the external network Firewall IP firewall with stateful packet inspection layer 3 and 4 Firewall also for non IP Ethernet frames according to IEEE 802 3 layer 2 Limitation of the transmission speed Bandwidth limitation Global firewall rules Communication made secure by IPsec tunnels VPN VPN tunnel communication allows the es...

Page 15: ...ction Security recommendations Page 37 For configuring the security functions refer to the section Security Page 63 You will find further information on the functionality and configuration of the security functions in the information system of STEP 7 and in the manual 4 Page 142 1 5 Configuration limits and performance data Number of CMs CPs per station In each S7 1200 station up to three CMs CPs ...

Page 16: ...data per data point depends on the data type of the relevant data point You will find details in the section Datapoint types Page 89 Frame memory send buffer The CP has a frame memory send buffer for the values of data points configured as an event and that are sent to the communications partner The send buffer has a maximum size of 64000 events divided into equal parts for all configured communic...

Page 17: ...ximum 226 rules with individual addresses Maximum 30 rules with address ranges or network addresses e g 140 90 120 1 140 90 120 20 or 140 90 120 0 16 Maximum 128 rules with limitation of the transmission speed Bandwidth limitation 1 6 Configuration examples 1 6 1 Sending e mails Configuration with sending of e mails The following example shows a configuration with sending of e mails The telecontro...

Page 18: ...via the following paths and communications modules Communication via the Internet S7 1200 with CP 1243 1 Communication via the GSM network and the Internet S7 1200 with CP 1242 7 or S7 200 with MODEM MD720 The establishment of terminal connections with encryption is initiated automatically by the telecontrol protocol used by the various communications modules The creation of VPN connections betwee...

Page 19: ...ructions 04 2017 C79000 G8976 C365 03 19 Telecontrol with a redundant master station TCSB The following figure shows a possible configuration with S7 stations communicating with a redundant master station TCSB Figure 1 3 S7 station communication with a redundant a master station ...

Page 20: ...s used in other words the stations are equipped with a CP 1243 1 A configuration in which the IEC protocol is used would have the same setup Figure 1 4 Configuration example with a non redundant control center and stations in one IP subnet The S7 1200 stations are connected to the Internet via the CP and connected to the control center When using the DNP3 protocol for example SIMATIC PCS 7 TeleCon...

Page 21: ...e S7 1200 stations are connected to the Internet via the CP and connected to the control center When using the DNP3 protocol for example SIMATIC PCS 7 TeleControl or the system of a third party provider can be used as the control center If you use SIMATIC PCS 7 TeleControl as the DPN3 master in the control center you require the necessary DPN3 driver Figure 1 5 Configuration example with connectio...

Page 22: ...s a configuration with a redundant control center and connections via the Internet In this example the DNP3 protocol is used A configuration in which the IEC protocol is used would have the same setup Figure 1 6 Configuration example with a redundant DNP3 master station Addressing of the redundant DNP3 master The two devices of the redundant DNP3 master in the control center are addressed by the C...

Page 23: ...ith firmware version as of V3 The full functionality of the CP is only available with a CPU as of V4 2 DSL router SCALANCE M812 In the master station PC with control center application alternative TCSB version V3 For more detailed information on the structure of TCSB refer to the section 3 Page 142 DNP3 master IEC master DSL router SCALANCE M812 When using online functions Engineering station with...

Page 24: ...Application and properties 1 7 Requirements for use CP 1243 1 24 Operating Instructions 04 2017 C79000 G8976 C365 03 ...

Page 25: ... display of the module statuses are located behind the upper cover of the module housing The Ethernet connector is located behind the lower hinged cover of the module Opening the covers of the housing Open the upper or lower cover of the housing by pulling it down or up as shown by the arrows in the illustration The covers extend beyond the housing to give you a grip Figure 2 1 Opening the covers ...

Page 26: ...1 LED on the front panel LED colors Name Meaning red green DIAG Basic status of the module Table 2 2 LEDs below the upper cover of the housing LED color Name Meaning green LINK Status of the connection to Industrial Ethernet green CONNECT Status of the connections to the communications partner green VPN Status of the VPN configuration green SERVICE Status of a connection for online functions LED c...

Page 27: ...color of the LEDs is not clear Display of the basic statuses of the CP DIAG LED Table 2 4 Display of the basic statuses of the CP DIAG red green Meaning if more than one point listed alternative meaning Basic statuses of the CP Power OFF Incorrect startup green Running RUN without serious error flashing green Partner not connected Firmware loaded successfully flashing red Starting up Module fault ...

Page 28: ...ning Module startup STOP RUN or error statuses Power OFF red Startup phase 1 flashing red Startup phase 2 green Running RUN without serious error Incorrect startup red Invalid STEP 7 project data flashing red Missing STEP 7 project data flashing red Backplane bus error Connection to Industrial Ethernet Connection to Industrial Ethernet exists green Connection to Industrial Ethernet being establish...

Page 29: ...n for online functions established green Attempt to establish connection for online functions green No connection to engineering station VPN connection green VPN connection established flashing green flashing green VPN connection configured but not estab lished No VPN connection configured on the CP Loading firmware Loading firmware The DIAG LED flashes alternating red and green flashing green Fir...

Page 30: ...lied with power from the backplane bus It does not require a separate power supply 2 3 2 Ethernet interface X1P1 Ethernet interface The Ethernet connector is located behind the lower hinged cover of the module The interface is an RJ 45 jack according to IEEE 802 3 The pin assignment and other data relating to the Ethernet interface can be found in the section Technical data Page 133 ...

Page 31: ...ssible This can be caused for example by lightning strikes or switching of higher loads The connector of the external power supply is not protected from strong electromagnetic pulses To protect it an external overvoltage protection module is necessary The requirements of EN61000 4 5 surge immunity tests on power supply lines are met only when a suitable protective element is used A suitable device...

Page 32: ...NECT OR DISCONNECT EQUIPMENT WHEN A FLAMMABLE OR COMBUSTIBLE ATMOSPHERE IS PRESENT WARNING EXPLOSION HAZARD SUBSTITUTION OF COMPONENTS MAY IMPAIR SUITABILITY FOR CLASS I DIVISION 2 OR ZONE 2 WARNING When used in hazardous environments corresponding to Class I Division 2 or Class I Zone 2 the device must be installed in a cabinet or a suitable enclosure 3 1 2 Notices on use in hazardous areas accor...

Page 33: ... is suitable for use in Class I Zone 2 Group IIC or non hazardous locations only 3 1 4 Notices on use in hazardous areas according to FM WARNING EXPLOSION HAZARD Do not connect or disconnect while the circuit is live or unless the area is known to be free of ignitible concentrations This equipment is suitable for use in Class I Division 2 Groups A B C and D or non hazardous locations only This equ...

Page 34: ...ecting up and commissioning read the relevant sections in the system manual S7 1200 Programmable Controller refer to the documentation in the Appendix When installing and connecting up keep to the procedures described in the system manual S7 1200 Programmable Controller Pulling plugging the module NOTICE Turning off the station when plugging pulling the module Before pulling or plugging the module...

Page 35: ...mm DIN rail in the cabinet Use the pull out DIN rail mounting clips to secure the device to the rail These mounting clips also lock into place when they are extended to allow the device to be installed in a switching panel The inner dimension of the hole for the DIN rail mounting clips is 4 3 mm Installation location NOTICE Installation location The module must be installed so that its upper and l...

Page 36: ...tted 2 Secure the DIN rail 3 Connect the Ethernet cable to the CP You will find the pinout of the interface in the section Technical data Page 133 4 Turn on the power supply 5 The remaining steps in commissioning involve downloading the STEP 7 project data The STEP 7 project data of the CP is transferred when you load to the station To load the station connect the engineer ing station on which the...

Page 37: ...ures on the Siemens Internet pages Here you will find information on network security Link http www siemens com industrialsecurity Here you will find information on Industrial Ethernet security Link http w3 siemens com mcms industrial communication en ie industrial ethernet security Seiten industrial security aspx You will find an introduction to the topic of industrial security in the following p...

Page 38: ...e Web server of the CPU CPU configuration and to the Web server of the CP disabled Logging function Enable the function in the security configuration and check the logged events regularly for unauthorized access Passwords Define rules for the use of devices and assignment of passwords Regularly update the passwords to increase security Only use passwords with a high password strength Avoid weak pa...

Page 39: ...the port the communications partner needs to log in Closed after configuration The port is closed because the CP is always client for this service Authentication Specifies whether or not the protocol authenticates the communications partner during access Protocol function Port number pro tocol Default of the port Port status Authentication DNP3 listener port 20000 TCP Closed Open after configurati...

Page 40: ... to configure telecontrol communication in STEP 7 Follow the steps below when configuring 1 Create a STEP 7 project 2 Insert the required SIMATIC stations Configuration of control center devices and applications and connections between the CP and partner is neither possible nor necessary 3 Insert the CPs and the required input and output modules in the stations 4 Create an Ethernet network 5 Conne...

Page 41: ... the CP for communication with TCSB Parameters in the Partner stations parameter group Partner IP address IP address or host name of the DSL router via which the telecontrol server is connected to the Internet A fixed IP address is recommended Partner port port number of the listener port of TCSB Parameters in the Security CP identification parameter group Project number Station number Password fo...

Page 42: ...aster IP address as normal When configuring the CP interface configure the IP address of the router You create the VPN configuration with SCALANCE S M both for the station end and for the control center end in STEP 7 4 4 Time of day synchronization Synchronization method of the CP Note Time of day synchronization of the CP With applications that require time of day synchronization e g telecontrol ...

Page 43: ...sh algorithms MD5 or SHA 1 On the CP you specify the servers used You configure NTP servers of the type NTP secure in the global security settings of STEP 7 Time from the CPU As of V4 2 the CPU synchronizes all CMs CPs of the station with a synchronization cycle of 10 seconds Parameters of the CPU If for the CPU the option CPU synchronizes the modules of the device is enabled all smart modules of ...

Page 44: ...g an external time source the S7 1200 station can obtain the current time of day both via the CPU as well as via a CP With the S7 1200 there is no forwarding of the time of day from the station to the subnet Note Recommendation Time of day synchronization only by 1 module Only have the time of day of the station from an external time source synchronized by a single module so that a consistent time...

Page 45: ...LC tags see parameter group Communication with the CPU of the CP CP firmware V2 1 77 and CPU firmware V4 2 If both modules in the station have the named firmware versions the time of day of the CP is automatically forwarded to the CPU Since the CPU automatically adopts the CP time you no longer require the forwarding option using the PLC tag If for the CPU the option CPU synchronizes the modules o...

Page 46: ...need to enable this option 4 6 Ethernet interface 4 6 1 CP identification The parameter group is available only when telecontrol communication is enabled CP addressing The parameter group is used for addressing and identification of the CP in the network TeleControl Basic You will find the parameters for the TeleControl Basic protocol in Security refer to the section CP iIdentifcation with the Tel...

Page 47: ...curs again with the individual partners in the parameter group Connection to partner This parameter applies only to the individual partner The value of 180 seconds preset on the Ethernet interface is adopted for the individual partners If for any reason you want to change the value of the TCP connection monitoring time for individual partners you can adapt the value for every partner individually ...

Page 48: ...en the attempts to re establish a connection three times 20 s three times 40 s three times 80 s etc up to max 900 s Note If the partner cannot be reached connection establishment via the mobile wireless network can take several minutes This may depend on the particular network and current network load Depending on your contract costs may result from each connection establishment attempt Send monit...

Page 49: ...s after which the key is exchanged again between the CP and the telecontrol server The key is a security function of the telecontrol protocol used by the CP and TCSB V3 Default setting 8 s Permitted range 0 65535 s If you enter 0 zero the function is disabled 4 6 5 Transmission settings DNP3 Transmission settings DNP3 Disturbance bit The disturbance bit can be used as bit 1 6 IIN1 6 of the Interna...

Page 50: ...toring time for unsolicited frames Time in seconds within which an acknowledgement of unsolicited frames is expected from the master Permitted range 1 65535 Default setting 5 Buffer for class 1 2 3 events Here for each of the three event classes you specify the number of events after which the stored events are sent to the communications partner Permitted range 1 255 Delay time class 1 2 3 events ...

Page 51: ...tion establishment t0 Monitoring time for the connection establishment t0 in seconds If the communications partner does not confirm connection establishment within the monitoring time the CP attempts to establish the connection again Permitted range 1 255 Default setting 30 Frame monitoring time t1 Monitoring time in seconds for the acknowledgement of frames sent by the CP by the communications pa...

Page 52: ...rmat to the master This parameter is intended for situations in which longer idle periods occur in other words times when there is no data traffic Permitted range 1 255 Default setting 30 Difference between send sequence number N S and receive sequence number N R k The difference between the send sequence number and receive sequence number of a frame The master returns the send sequence number of ...

Page 53: ...ansferred and are deleted from the send buffer of the CP Recommendations of the specification w should not be higher than 2 3 of k Recommended value for k 12 Recommended value for w 8 4 7 SNMP SNMP The CP supports the following SNMP versions SNMPv1 Available with security functions disabled Note that with this read and write access to the module is possible In this case other settings are not poss...

Page 54: ...rt of the module port for connection requests of the communications partner are displayed Default for the DNP3 protocol 20000 Default for the IEC protocol 2404 You can change the port number for the module Keep in mind the settings on the communications partner master Permitted range 1024 65535 Partner X telecontrol server Activate partner TeleControl Basic The telecontrol server is enabled as the...

Page 55: ...ter so that the public IP address external network is led to the virtual IP address of the TCSB server PCs internal network The station does not therefore receive any information telling it which of the two computers of the redundancy group it is connected to See also section Addressing in the redundant TCSB system Page 57 Connection monitoring Only for TeleControl Basic and DNP3 When the function...

Page 56: ...nitoring time for individual partners you can adapt the value for every partner individually in Partner stations If for example you want to check the connection at shorter intervals reduce the value TCP keepalive monitoring time Only for TeleControl Basic and DNP3 If the value configured here differs from the value configured in the Ethernet interface parameter group the monitoring time of the Par...

Page 57: ...e computer operating system will assign a common virtual IP address to the two server PCs This IP address is configured depending on the network setup If only one CP without a DSL router is connected the virtual address assigned by the NLB must be configured in the CP as the IP address of the telecontrol server If a DSL router is used only one IP address will be configured to address the redundant...

Page 58: ...he fill level drops below 50 bits 2 and 3 are reset to 0 Bits 4 to 15 of the PLC tags are not used and do not need to be evaluated in the program 4 8 2 3 Partner for inter station communication Inter station communication In this table you specify the S7 stations with which the current station will use inter station communication Connections for inter station communication run via the telecontrol ...

Page 59: ... Advanced settings Partner monitoring time If the CP does not receive a sign of life from the communications partner within the configured time the CP interprets this as a fault error on the partner The CP aborts the connection and attempts to re establish it If you enter 0 the function is deactivated DNP3 level Only for DNP3 Indicates the DNP3 implementation level supported by the CP In the DNP3 ...

Page 60: ... frames or Transfer of collected frames per data point as a block Report partner status If the Report partner status function is enabled the CP signals the status of the communication to the remote partner Bit 0 of PLC tag for partner status data type WORD is set to 1 if the partner can be reached Bit 1 is set to 1 if all the paths to the remote partner are OK useful with redundant paths Bit 2 ind...

Page 61: ...re you set the size of the frame memory for events send buffer The size of the frame memory is divided equally among all configured communications partners You will find the size of the frame memory in the section Configuration limits and performance data Page 15 You will find details of how the send buffer works storing and sending events as well as the options for transferring data in the sectio...

Page 62: ...o 0 signaling the CPU that the updated values can be read from the PLC tags Note Fast setting of the diagnostics trigger variable Triggers must not be set faster than a minimum interval of 500 milliseconds Frame memory overflow PLC tag data type byte for the send buffer overflow pre warning Bit 0 is set to 1 when 80 of the fill level of the send buffer is reached Frame memory size PLC tag data typ...

Page 63: ...parameter groups for configuring the CP CP identification Only with the TeleControl Basic protocol Here you configure parameters for authenticating the CP with the telecontrol server You will find detailed information about the parameters below DNP3 security options Only with the DNP3 protocol Here you configure protocol specific security functions You will find detailed information about the para...

Page 64: ...for authenticating the CP with the telecontrol server Project number The project number is the same for all telecontrol CPs in a STEP 7 project TCSB evaluates project numbers from 1 2000 If you change the project number this parameter is changed for all CPs in the STEP 7 project Station number For each S7 1200 station with a telecontrol CP an individual station number is configured TCSB evaluates ...

Page 65: ...quests before key exchange As soon as one of these conditions is met the session key is renewed Parameters Enable DNP3 security options Enable the option if you want to use the security mechanisms IKE mode Selection of the mode for key exchange Range of values Aggressive Mode The Aggressive Mode is somewhat faster but transfers the identity unencrypted Main Mode The Main Mode is the standard mode ...

Page 66: ... Secure hash algorithm SHA Selection of the Secure Hash Algorithm SHA Range of values SHA 1 SHA 256 Default setting 256 Key wrap algorithm Selection of the Advanced Encryption Standard AES Range of values AES 128 AES 256 Default setting AES 128 Key length Specifies the length of the pre shared key in bytes Permitted range 16 128 Depending on the secure hash algorithm configured in STEP 7 above the...

Page 67: ...the response from the master to an authentication request of the CP Exceeding the wait time is evaluated as an error by the CP In this case the CP generates a security event and sends this to the master Range of values 1 65535 s Default setting 5 Pre shared key The pre shared key can be configured in two ways Manual configuration Enter the pre shared key in STEP 7 manually as a hexadecimal value I...

Page 68: ...nd a communications partner you will need to adapt the local firewall settings of the CP In advanced firewall mode Security Firewall IP rules select the action Allow for both communications directions of the VPN tunnel See also Settings for online security diagnostics and downloading to station with the firewall activated Page 68 4 9 4 4 Settings for online security diagnostics and downloading to ...

Page 69: ... CPU can trigger the sending of e mails Along with the e mail process data can also be sent You configure the individual e mails in the message editor entry Messages see section Messages Page 113 Requirements The following requirements must be met in the configuration for sending e mails The security functions are enabled The time of the CP is synchronized In the E mail configuration entry the pro...

Page 70: ...edure refer to the section Handling certificates Page 72 4 9 6 Log settings Filtering of the system events Communications problems if the value for system events is set too high If the value for filtering the system events is set too high you may not be able to achieve the maximum performance for the communication The high number of output error messages can delay or prevent the processing of the ...

Page 71: ...write access and can also be used for read access Leave the preset string private or configure a string Note the use of lowercase letters with the preset community strings SNMPv3 The algorithms need to be configured for encrypted access to the CP via SNMPv3 Authentication algorithm Select the authentication method to be used from the drop down list Encryption algorithm Select the encryption method...

Page 72: ...rtificate for authentication If you have configured secure communication with authentication for the CP own certificates and certificates of the communications partner will be required for communication to take place All nodes of a STEP 7 project with enabled security functions are supplied with certificates The STEP 7 project is the certification authority Note No certificate with security functi...

Page 73: ...ate manager Global security settings Certificate manager 3 Open the Trusted certificates and root certification authorities tab 4 Click in a row of the table can select the shortcut menu Import 5 In the dialog that opens import the certificate from the file system of the engineering station into the STEP 7 project Assigning certificates locally To be able to use an imported certificate for the CP ...

Page 74: ...ddress and URI from the parameter Subject Alternative Name Windows Alternative applicant name from the STEP 7 configuration data You can change this parameter of a certificate inn the certificate manager of the global security settings To do this select the a certificate in the table of device certificates and call the shortcut menu Renew Properties of the parameter Alternative name of the certifi...

Page 75: ...site connection Secure access to a server end to end connection Communication between two servers without being accessible to third parties end to end or host to host connection Ensuring information security in networked automation systems Securing the computer systems including the associated data communication within an automation network or secure remote access via the Internet Secure remote ac...

Page 76: ...s Procedure To create a VPN tunnel you need to work through the following steps 1 Creating a security user If the security user has already been created Log on as a user 2 Select the Activate security features check box 3 Creating the VPN group and assigning security modules 4 Configure the properties of the VPN group 5 Configure local VPN properties of the two CPs You will find a detailed descrip...

Page 77: ... recognition of the certificates to be exchanged the current date and the current time are required on both stations The establishment of a VPN connection to an engineering station that is also the telecontrol server at the same time TCSB installed runs as follows along with the time of day synchronization of the CP On the engineering station with TCSB you want the CP to establish a VPN connection...

Page 78: ...t of VPN tunnel communication between SOFTNET Security Client and the CP fails SOFTNET Security Client also attempts to establish VPN tunnel communication to a lower level internal node This communication establishment to a non existing node prevents the required communication being established to the CP To establish successful VPN tunnel communication to the CP you need to disable the internal no...

Page 79: ...SOFTNET Security Client license required on the computer of the telecontrol server and configure the security functions in the STEP 7 project With both options you achieve the requirements at the TCSB end for secure communication between the CPs of the remote station and the telecontrol server via secure VPN connections Configure the security functions of the CPs as described above 4 9 10 5 Establ...

Page 80: ...t to use SYSLOG with level 7 debug via Vpn connections this is only possible with a single established VPN connection 4 9 11 Configuration of the TeleService access Configuration for using TeleService To meet the requirements for using the TeleService functions for the CP you need to make the necessary settings at the following points in STEP 7 Communication types parameter group of the CP Select ...

Page 81: ... the start of a TeleService session Authentication method Select the authentication method Password for this user Password Assign the password You require the password at the start of a TeleService session Note You specify the password properties of the security functions in the Password policies tab You enter the password on the engineering station when starting a TeleService session Maximum time...

Page 82: ...PLC tags intended to be used for data point configuration must have the attribute Visible in HMI Address areas of the PLC tags are input output or bit memory areas on the CPU Note Number of PLC tags Remember the maximum possible number of PLC tags the can be used for data point configuration in the section Configuration limits and performance data Page 15 The formats and S7 data types of the PLC t...

Page 83: ...itching over between the two editors Creating obects With the data point or message editor open create a new object data point message by double clicking Add object in the first table row with the grayed out entry A preset name is written in the cell You can change the name to suit your purposes but it must be unique within the module Figure 4 3 Data point table You configure the remaining propert...

Page 84: ...tain the letters you have entered are displayed Select the required data source Note Assignment of parameter values to PLC tags The mechanisms described here also apply when you need to assign the value of a parameter to a PLC tag The input boxes fro the PLC tag e g PLC tag for partner status support the functions described here for selecting the PLC tag Arranging and copying objects As with many ...

Page 85: ...ey you can use the functions named with the shortcut menu copy paste cut delete You can paste cut or copied objects within the table or in the first free row below the table Exporting and importing data points To simplify the engineering of larger plants you can export the data points of a configured module and import them into other modules in the project This is an advantage particularly in proj...

Page 86: ...r every module in STEP 7 Instead you simply import the copied and adapted CSV file to the other modules of the same type When you import this file into another module the changed parameter values of the CSV file are adopted in the data point configuration of this module The lines of the CSV file have the following content Line 1 Name Type This line must not be changed Line 2 PLC CPU name CPU type ...

Page 87: ... the import is made have different names than in the module that exported the corresponding data points cannot be assigned to your PLC tags Importing into several modules You can import the data points from several modules into the modules of a different project To do this in the import dialog select all the required CSV files with the control key Before importing the data points make sure that th...

Page 88: ...PLC tags appropriately or add missing PLC tags You can then repair the assignment between unassigned data points and PLC tags This function is available either via the shortcut menu of the module see above or with the following icon to the upper left in the data point editor If a PLC tag with a matching name is found for a data point by the repair function the assignment is restored However the da...

Page 89: ...tal output in Bool Q M DB Byte Digital input in Byte Char USInt I Q M DB Digital output out Byte Char USInt Q M DB Integer with sign 16 bits Analog input in Int I Q M DB Analog output out Int Q M DB Counter 16 bits Counter input in Word UInt I Q M DB Integer with sign 32 bits Analog input in DInt Q M DB Analog output out DInt Q M DB Counter 32 bits Counter input in UDInt DWord I Q M DB Floating po...

Page 90: ... 2 in Bool I Q M DB Binary Output 1 10 2 out Bool Q M DB Binary Output Event 1 11 1 2 out Bool Q M DB Binary Command 12 1 out Bool Q M DB Integer 16 bits Counter Static 20 2 in UInt Word I Q M DB Frozen Counter 2 21 2 6 in UInt Word I Q M DB Counter Event 22 2 6 in UInt Word I Q M DB Frozen Counter Event 3 23 2 6 in UInt Word I Q M DB Analog Input 30 2 in Int I Q M DB Analog Input Event 32 2 in In...

Page 91: ... This object group can be configured in the Data point editor of STEP 7 using the substitute object group 22 4 This object group can be configured in the Data point editor of STEP 7 using the substitute object group 41 5 With these data point types contiguous memory areas up to a size of 64 bytes can be transferred All S7 data types with a size between 1 and 64 bytes are compatible Substitute obje...

Page 92: ...format 48 bits and contain milliseconds Data point types of the IEC protocol Table 4 3 Supported data point types IEC types and compatible S7 data types Format memory requirements Data point type IEC type Direction S7 data types Operand area Bit Single point information 1 in Bool I Q M DB Single point information with time tag CP56Time2a 1 30 in Bool I Q M DB Single command 45 out Bool Q M DB Sing...

Page 93: ... with time tag CP56Time2a 1 63 out Real Q M DB Data block 1 2 Bit 2 Double point information 3 in 2 DB Double point information with time tag CP56Time2a 1 31 in 2 DB Double command 46 out 2 DB Regulating step command 47 out 2 DB Double command with time tag CP56Time2a 1 59 out 2 DB Regulating step command with time tag CP56Time2a 1 60 out 2 DB Data block 1 32 Bit 3 Bitstring of 32 bits 3 7 in 3 DB...

Page 94: ...cation Note that for inter station communication with a CP in another S7 station the indexes of the two corresponding data points data point pair must be identical on the sending and receiving CP For information on the configuration refer to the section Partner configuration with TeleControl Basic data points Page 112 Data point index with the DNP3 protocol On a CP data point indexes must be uniqu...

Page 95: ...e of the status RESTART of a data point configured as an event changes form 1 value not yet updated to 0 value updated when the station starts up this causes an event to be generated Status identifiers with the TeleControl Basic protocol Depending on their status the status bits see table are converted to the OPC quality code by TCSB Quality BAD Bit 2 or 7 1 Quality UNCERTAIN Bit 1 or 3 or 5 1 Qua...

Page 96: ...ys 0 1 1 1 1 1 Status identifiers with the IEC protocol The status IDs correspond to the following elements of the specification Quality descriptor IEC 60870 Part 5 101 Table 4 6 Bit assignment of the status byte Bit 7 6 5 4 3 2 1 0 Flag name SB substituted CY carry OV overflow NT not topical IV invalid Meaning Substitute value Counted value over flow before reading the value Value range exceeded ...

Page 97: ...h the CPU parameter group with the Max number of read jobs parameter The values that exceed this value and can therefore not be read in one cycle are then read in the next or one of the following cycles Write jobs In every cycle the values of a certain number of unsolicited write jobs are written to the CPU The number of values written per cycle is specified for the CP in the Communication with th...

Page 98: ...at are configured as an event The maximum size of the send butter can be found in the section Configuration limits and performance data Page 15 The configured number of events is divided equally among all configured and enabled communications partners For information on the configuration refer to the parameter Frame memory size in the section SNMP Page 53 If the connection to a communications part...

Page 99: ...e data points Page 95 Example When the value of a data point configured as an event is updated during startup of the station by reading the CPU data for the first time the status RESTART of this data point changes bit status change 1 0 This leads to generation of an event When data points are configured as an event via the Type of transmission parameter the following event classes are available Ev...

Page 100: ... is transferred only when one of the two following conditions is fulfilled The telecontrol server queries the station The value of another event with the transmission mode Unsolicited is transferred 4 10 8 Trigger tab Trigger Data points are configured as a static value or as an event using the Type of transmission parameter Saving the value of a data point configured as an event Saving the value ...

Page 101: ...ications partner immediately after the trigger fires or after a delay in the Transmission mode parameter Transmission mode The transmission mode of a frame is set in the Trigger tab of the data point With the option you specify whether messages of events are sent immediately or following a delay Immediate transfer Spontaneous The value is transferred immediately Buffered transfer Conditionally spo...

Page 102: ...r the integrated deviation Absolute method For each binary value a check is made to determine whether the current possibly smoothed value is outside the threshold value band The current threshold value band results from the last saved value and the amount of the configured threshold value Upper limit of the threshold value band Last saved value threshold value Lower limit of the threshold value ba...

Page 103: ...2 1 The new process value stored in the send buffer is 19 9 In this example if a deviation of the process value of approximately 0 5 should fire the trigger then with the behavior of the process value shown here a threshold value of approximately 1 5 2 5 would need to be configured 4 10 10 Analog value preprocessing CPs with data point configuration support analog value preprocessing For analog va...

Page 104: ...Instructions 04 2017 C79000 G8976 C365 03 Sequence of the analog value preprocessing options The values of analog inputs configured as an event are processed on the CPU according to the following scheme Figure 4 5 Sequence of the analog value preprocessing ...

Page 105: ...read in a 100 millisecond cycle and totaled The number of read values per time unit depends on the read cycle of the CPU and the CPU scan cycle of the CP The mean value is calculated from the accumulated values as soon as the transfer is triggered by a trigger Following this the accumulation starts again so that the next mean value can be calculated The mean value can also be calculated if the tra...

Page 106: ...ues from the underrange should not be transferred as real measured values Exception With process data from input modules the value 32768 8000h for wire break of a live zero input is transferred With a software input on the other hand all values lower than zero are corrected to zero Fault suppression time Requirements for the function Configuration of the threshold trigger for this data point Restr...

Page 107: ... useful if these finished values also adopt the values listed above 32767 7FFFh or 32768 8000h in the overflow or underflow range If this is not the case the parameter should not be configured for preprocessed values For finished values preprocess in the CPU the limits for the overflow and underflow can be freely assigned Smoothing factor Requirements for the function Configuration of the threshol...

Page 108: ...g range Status identifier OVER_RANGE overflow With protocols that support status identifiers if the limit value is overshot or undershot the status identifier of the data point is set for measured range violation known below as the identifier OV This status identifiers are described in the section Status IDs of the data points Page 95 The OV bit of the status identifier of the data point is set as...

Page 109: ...e bipolar 27649 32512 93FF 8100 20 001 23 516 100 004 117 593 Undershoot wire break 32768 8000 3 518 1 185 17 593 Note Evaluation of the value even when the option is disabled If you enable one or both options and configure a value and then disable the option later the grayed out value is nevertheless evaluated To disable the two options delete the previously configured values limit values from th...

Page 110: ...r of pulses see below The following control codes sent by the master station are evaluated Table 4 8 Functions of the data object Receipt of Reaction of the object depends on the configuration Control Code TCC Op Type Output mode Pulse on Output mode Latch on off 0x01 NUL PULSE_ON The output is set to 1 for the duration of On time The command is rejected 0x03 NUL LATCH_ON The command is rejected T...

Page 111: ... the master exceeds the value configured here the configurable Pulse duration replacement time is used If the Pulse duration replacement time is configured with zero the com mand is rejected With 0 zero the Pulse duration replacement time is used for every pulse Name Pulse duration equivalent time Range of val ues 0 65535 Default 0 Explanation Replacement value for the pulse duration If the pulse ...

Page 112: ...or deselected 4 10 12 2 Partner configuration with TeleControl Basic data points Enabling the partner for data points TeleControl Basic Enable the partner with which the selected data point will exchange data A communications can be configured The telecontrol server and an S7 station cannot be selected as the partner for a data point at the same time The communications partner may be The telecontr...

Page 113: ...s to the receiving data point of CP 1 Once again both have an identical data point index 4 11 Messages Configuring e mails If important events occur the CP can send e mails to a communications partner For the requirements for using e mails see section E mail configuration Page 69 You configure the e mail in STEP 7 in the editor for the data point and message configuration You can find this using t...

Page 114: ...ction to a partner established Triggers the sending of the e mail when the connection returns Following triggers only with TeleControl Basic Connection establishment to partner failed Triggers the sending of the e mail when the connection to a partner could not be established Teleservice session started Teleservice session ended PLC tag for trigger PLC tag for the e mail trigger Use PLC tag If the...

Page 115: ...essage The value is entered in the message text instead of the placeholder can be a placeholder for data point types with a simple data type up to a size of 32 bits PLC tag for value PLC tag in which the value to be sent is written 4 12 Access to the Web server Access to the Web server of the CPU The Web server of the S7 1200 station is located in the CPU Via the CP you have access to the Web serv...

Page 116: ...Configuration 4 12 Access to the Web server CP 1243 1 116 Operating Instructions 04 2017 C79000 G8976 C365 03 ...

Page 117: ...ns Note that in STEP 7 you cannot use different versions of a program block in a station Supported program blocks for OUC The following instructions in the specified minimum version are available for programming Open User Communication TSEND_C V3 0 TRCV_C V3 0 Compact blocks for Connection establishment termination and sending data Connection establishment termination and reception of data Use as ...

Page 118: ...y in the declaration table of the block instead of selecting an entry from the Data type drop down list The corresponding SDT is then created with its parameters Using the SDT TCON_IP_v4 For transferring frames via TCP TADDR_Param For transferring frames via UDP TCON_IP_RFC For transferring frames via ISO on TCP direct communication between two S7 1200 stations TMail_V4 For transferring e mails ad...

Page 119: ...ng TDISCON Make sure that you take this into account in your programming 5 2 Changing the IP address during runtime Changing the IP address during runtime You can change the following address parameters of the CP at runtime controlled by the program IP address Subnet mask Router address Note Changing the IP parameters with a dynamic IP address Note the effects of program controlled changes to the ...

Page 120: ...version the following program blocks and system data types can be used STEP 7 Basic V14 T_CONFIG Along with IF_CONF_V4 IF_CONF_NTP IF_CONF_V6 IF_CONF_DNS STEP 7 Basic V14 TC_CONFIG Along with IF_CONF_V4 You will find detailed information on programming the blocks in the STEP 7 information system Requirements CP programming To be able to change the IP parameters program controlled the option IP add...

Page 121: ...ine and diagnostics menu Using the online functions you can read diagnostics information from the CP from an engineering station on which the project with the CP is stored If you want to operate online diagnostics with the station via the CP you need to activate the online functions in the parameter group Communication types see the section Communication types Page 45 Diagnostics group Here you ca...

Page 122: ...ile on the engineering station and then analyze it Device specific events Information on CP internal events Time Information on the time on the device Functions group Saving service data The function serves for logging of internal processes is situations in which you cannot eliminate unexpected or unwanted behavior of the module yourself The log file is created with the Save service data button Th...

Page 123: ...STEP 7 on the engineering station ES the CP provides various diagnostics and maintenance functions under the following terms Online functions Access from the ES to the station via LAN Requirement The ES and the CP are located in the same subnet TeleService Access from the ES to the station via WAN Internet Requirement The CP is connected to the telecontrol server and can be reached via this path R...

Page 124: ... already selected The path both via the CP or the CPU is possible 8 Click on the icon next to the PG PC interface drop down list The Establish remote connection via telecontrol dialog box opens 9 Make the necessary entries in this dialog see below and click on Connect Information in the Establish remote connection via telecontrol dialog In this dialog enter the data previously configured in STEP 7...

Page 125: ...ics of networks and nodes in the network To transmit data SNMP uses the connectionless UDP protocol The information on the properties of SNMP compliant devices is entered in MIB files MIB Management Information Base Range of performance of the CP as an SNMP agent The CP supports data queries in the following SNMP versions SNMPv1 standard SNMPv3 Security It returns the contents of MIB objects of th...

Page 126: ...or information on the configuration refer to With security functions disabled SNMPv1 SNMP Page 53 With security functions enabled SNMPv1 SNMPv3 SNMP Page 70 6 5 Processing status of e mails Configuration of the processing status of e mails The following status identifiers apply to e mails configured with the message editor of the CP The output of status identifiers is enabled by the option Enable ...

Page 127: ...ection was aborted 8411 Sending the e mail failed Cause There was not enough memory space for sending 8412 The configured DNS server could not resolve specified domain name 8413 Due to an internal error in the DNS subsystem the domain name could not be resolved 8414 An empty character string was specified as the domain name 8415 An internal error occurred in the cURL module Execution was aborted 8...

Page 128: ...ete Check the User name and Password parameters in the CP configuration 8550 SMTP server cannot be reached You have no access rights Check the following configu ration data CP configuration E mail configuration User name Password Email address sender Alarm configuration E mail data Content Recipient address To or Cc 8554 Transfer failed 85xx Other error message from the e mail server Apart from th...

Page 129: ...t You will find a description of connecting the ES to the station in the section Online functions and TeleService Page 123 Downloading the firmware via the Web server of the CPU as of CPU firmware version V4 0 This method is described below Note Effects on the retentive memory of the CPU If you use a SIMATIC memory card to install the firmware file the retentive memory is retained If you use the W...

Page 130: ...f the CPU permitted Web browser and the description of the procedure in the STEP 7 information system under the keyword Information about the Web server Connection establishment with HTTP 1 Connect the PC on which the new firmware file is located to the CPU via the Ethernet interface 2 Enter the address of the CPU in the address box of your Web browser http IP address 3 Press the Enter key The sta...

Page 131: ...start page of the Web server as a user with the necessary rights Use the user data configured in the user administration of the Web server of the CPU 2 After logging in select the entry Module status in the navigation panel of the Web server 3 Select the CP in the module list 4 Select the Firmware tab lower down in the window 5 Browse for the firmware file on your PC using the Browse button and do...

Page 132: ...Controller refer to the documentation in the Appendix When installing and connecting up keep to the procedures described in the system manual S7 1200 Programmable Controller Make sure that the power supply is turned off when installing uninstalling the devices The STEP 7 project data of the CP is stored on the local CPU If there is a fault on the device this allows simple replacement of the CP wit...

Page 133: ...xible FRNC Festoon Food Cable with IE FC RJ45 Plug 180 Max 75 m IE FC TP Marine Trailing Flexible FRNC Festoon Food Cable 10 m TP Cord via IE FC RJ45 Outlet 0 100 m Max 100 m IE FC TP Standard Cable with IE FC RJ45 Plug 180 Max 90 m IE FC TP Standard Cable 10 m TP Cord via IE FC RJ45 Outlet Electrical data Power supply From the S7 1200 backplane bus 5 VDC Current consumption typical From the S7 12...

Page 134: ...acteristics and performance data in the section Application and properties Page 11 7 2 Pinout of the Ethernet interface Pinout of the Ethernet interface The table below shows the pin assignment of the Ethernet interface The pin assignment corresponds to the Ethernet standard 802 3 2005 100BASE TX version Table 7 2 Pin assignment of the Ethernet interface View of the RJ 45 jack Pin Signal name Assi...

Page 135: ...e approximation of the laws of the Member States concerning equipment and protective systems intended for use in potentially explosive atmospheres official journal of the EU L96 29 03 2014 pages 309 356 2014 30 EU EMC EMC directive of the European Parliament and of the Council of February 26 2014 on the approximation of the laws of the member states relating to electromagnetic compatibility offici...

Page 136: ... that you will find on the Internet at the following address Link https support industry siemens com cs ww en view 78381013 ATEX The product meets the requirements of the EC directive 2014 34 EC Equipment and Protective Devices for Use in Potentially Explosive Atmospheres ATEX approval II 3 G Ex nA IIC T4 Gc Type Examination Certificate KEMA 10ATEX0166 X Relevant standards EN 60079 0 2006 Potentia...

Page 137: ...ar requirements for control equipment Canadian Standards Association CSA C22 2 No 142 Process Control Equipment File Number E223122 cULus Hazardous Classified Locations Underwriters Laboratories Inc cULus IND CONT EQ FOR HAZ LOC Applied standards ANSI ISA 12 12 01 CSA C22 2 No 213 M1987 APPROVED for Use in Cl 1 Div 2 GP A B C D T4A Ta 20 C 60 C Cl 1 Zone 2 GP IIC T4 Ta 20 C 60 C Report UL file E22...

Page 138: ...ccording to the technical regulations of the customs union TR CU Current approvals SIMATIC NET products are regularly submitted to the relevant authorities and approval centers for approvals relating to specific markets and applications If you require a list of the current approvals for individual devices consult your Siemens contact or check the Internet pages of Siemens Industry Online Support L...

Page 139: ...CP 1243 1 Operating Instructions 04 2017 C79000 G8976 C365 03 139 Dimension drawings B Note All dimensions in the drawings of the CP are in millimeters Figure B 1 Front view and side view left ...

Page 140: ...Dimension drawings CP 1243 1 140 Operating Instructions 04 2017 C79000 G8976 C365 03 Figure B 2 From above ...

Page 141: ...also find the product information in the Siemens Industry Mall at the following address Link https mall industry siemens com Manuals on the Internet You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online Support Link https support industry siemens com cs ww en ps 15247 man Go to the required product in the product tree and make the following settings Entry type Manuals ...

Page 142: ...ol Server Basic Version V3 Operating Instructions Siemens AG Link https support industry siemens com cs ww en ps 15918 man 4 SIMATIC NET Industrial Ethernet Security Security basics and applications Configuration manual Siemens AG Link https support industry siemens com cs ww en ps 15326 man 5 SIMATIC NET Diagnostics and configuration with SNMP Diagnostics manual Siemens AG Link https support indu...

Page 143: ...guration 113 Programming OUC 117 Quantity 16 Encryption 11 Ethernet interface Assignment 134 Events 98 F Firewall 14 Firmware version 3 Forced image mode 98 Frame memory 16 98 G Gateway 79 Glossary 6 H Hardware product version 3 I IEC addressing 41 Image memory 98 Importing a certificate e mail 70 Instructions OUC 117 Internet connections 42 Inter station communication 94 IP address program contro...

Page 144: ...ing a module 132 Reset trigger bit 99 S S7 connections Enable 46 Resources 16 Safety notices 31 Security 13 Security diagnostics without port 102 123 Send buffer 16 98 Service Support 6 SIMATIC NET glossary 6 SMS Programming OUC 117 SMTPS 69 SNMP 13 53 125 SNMPv3 15 70 SSL TLS 69 STARTTLS 69 Static values 98 STEP 7 version 23 SYSLOG 80 T T_CONFIG 119 TC_CONFIG 119 TeleService 13 Time stamp 90 Time...

Reviews: