background image

Communication

A

A.1

Communication

A.1.1

Communication according to PROFIdrive

PROFIdrive is the PROFIBUS and PROFINET profile for drive technology with a wide range 

of applications in production and process automation systems.     
PROFIdrive is independent of the bus system used (PROFIBUS, PROFINET).

Note
PROFIdrive for drive technology is standardized and described in the following document: 
● PROFIdrive – Profile Drive Technology, 

PROFIBUS User Organization e. V. 

Haid-und-Neu-Straße 7, D-76131 Karlsruhe, 

Internet: (

http://www.profibus.com

● IEC 61800-7

PROFIdrive device classes   

Table A-1

PROFIdrive device classes

PROFIdrive

PROFIBUS DP

PROFINET IO

Example:

Peripheral device (P device) DP slave

IO Device

Drive unit, Control Unit 

CU320-2 

Motion controller (higher-lev‐

el controller or host of the au‐

tomation system)

Class 1 DP master

IO Controller

Higher-level control, SIMAT‐

IC S7 and SIMOTION 

Supervisor (engineering sta‐

tion)

Class 2 DP master

IO Supervisor

Programming devices, hu‐

man machine interfaces

Note
Consistent naming conventions
For reasons of consistency, the terms "device", "controller", and "supervisor" are used below. 

The terms "slave" and "master" are only applied in the PROFIBUS chapter and are used there 

still. 

Industrial Security

Configuration Manual, 08/2017, A5E36912609A

83

Summary of Contents for SINAMICS

Page 1: ...ICS Industrial Security Configuration Manual 08 2017 A5E36912609A Introduction 1 Safety instructions 2 Industrial Security 3 General security measures 4 Security measures for SINAMICS 5 Communication A Service Support B References C ...

Page 2: ...e who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation If products and components from other manufacturers are used these m...

Page 3: ...NCE S 22 4 3 System integrity 26 4 3 1 System hardening 26 4 3 1 1 Reduction of attack points 26 4 3 1 2 Virus scanner 28 4 3 2 Whitelisting 29 4 3 3 Patch management 29 5 Security measures for SINAMICS 31 5 1 Network security 31 5 2 Write protection and know how protection 31 5 2 1 Write protection 32 5 2 2 Know how protection 34 5 2 2 1 Overview 34 5 2 2 2 Features of know how protection 35 5 2 ...

Page 4: ...rating your own certificates 76 5 6 10 Messages and parameters 77 5 7 Information about individual interfaces 77 5 8 SINAMICS Startdrive and Starter 79 5 8 1 SINAMICS Startdrive 79 5 8 2 SINAMICS STARTER 79 5 9 SINAMICS Drive Control Chart DCC 80 5 9 1 Use write and know how protection 82 A Communication 83 A 1 Communication 83 A 1 1 Communication according to PROFIdrive 83 A 1 1 1 PROFIdrive appl...

Page 5: ...g communication 191 A 1 5 5 Supported objects 192 A 1 5 6 Integrate the drive device into the Ethernet network via DHCP 202 A 1 5 7 Messages and parameters 202 A 1 6 Communication via SINAMICS Link 203 A 1 6 1 Basic principles of SINAMICS Link 203 A 1 6 2 Topology 206 A 1 6 3 Configuring and commissioning 207 A 1 6 4 Example 211 A 1 6 5 Communication failure when booting or in cyclic operation 214...

Page 6: ...Table of contents Industrial Security 6 Configuration Manual 08 2017 A5E36912609A ...

Page 7: ...s or plants You as operator are responsible for implementing the security recommendations The documentation is particularly geared toward Planners and project engineers IT departments of end users and OEMs The following knowledge is a prerequisite for implementing the described security concepts Administration of the IT technologies familiar from the office environment Configuration of the SINAMIC...

Page 8: ...Introduction Industrial Security 8 Configuration Manual 08 2017 A5E36912609A ...

Page 9: ...ions by applying suitable measures e g EMERGENCY STOP or EMERGENCY OFF WARNING Danger to life if the safety instructions and residual risks are not observed If the safety instructions and residual risks in the associated hardware documentation are not observed accidents involving severe injuries or death can occur Observe the safety instructions given in the hardware documentation Consider the res...

Page 10: ...ion including the documented boundary conditions safety information and residual risks The machine or plant is carefully set up and configured and a thorough acceptance test must then be performed by qualified personnel and the results documented All of the measures required in accordance with the machine plant risk analysis are implemented and validated by the programmed and configured Safety Int...

Page 11: ...asures should be taken into account For more information about industrial security please visit http www siemens com industrialsecurity Siemens products and solutions undergo continuous development to make them more secure Siemens strongly recommends to apply product updates as soon as available and to always use the latest product versions Use of product versions that are no longer supported and ...

Page 12: ...ly increasing This enables innovations such as cloud computing and the applications that go hand in hand with it In conjunction with cloud computing there has been a massive increase in the number of mobile devices such as cell phones and tablet PCs Wireless technology On the other hand the increasing use of mobile devices has only become possible thanks to the ubiquitous availability of mobile ne...

Page 13: ...ts and systems The ongoing networking of complete industrial plants and systems The vertical integration and networking of various company levels New techniques e g remote maintenance and or remote access The threats are diverse and the consequences are far reaching Possible threats Potential threats come from the industry environment and involve the topic of confidentiality integrity and availabi...

Page 14: ...tire Implement Security portfolio on the Internet https www industry siemens com services global en portfolio plant data services industrial_security Pages plant security services aspx Security measures With increasing digitalization comprehensive security in the automation system is becoming ever more important For this reason industrial security is a core element of every product that can be net...

Page 15: ...al en industrial security always active Pages Default aspx As manufacturer of automation and drive products Siemens supports secure operation for its customers through direct support of integrators and operators For this purpose Siemens provides patches security components and the appropriate services Security Information and Event Management System SIEM SIEMENS offers monitoring through a SIEM sy...

Page 16: ...RQFHSW 0RQLWRULQJ RI 5HVLGXDO 5LVN 3URWHFWLRQ RQFHSW 7DUJHW 3URWHFWLRQ HYHO XVLQHVV PSDFW VVHVVPHQW 6FRSH Figure 3 1 SI HSC security management process Standards and regulations Siemens complies with the valid standards and regulations in the industrial security area throughout the entire development process ISO 2700X Management of information security risks IEC 62443 IT security for industrial hi...

Page 17: ... processes in order to achieve a uniform procedure and to support compliance with the defined Industrial Security concept 3 Introduce coordinated technical measures You can find a list of general measures that help to protect your plant against threats in Section General security measures Page 19 You can find measures recommended for SINAMICS environments in chapter Security measures for SINAMICS ...

Page 18: ...Industrial Security 3 4 Security management Industrial Security 18 Configuration Manual 08 2017 A5E36912609A ...

Page 19: ...rol to copy protection For this purpose we use Defense in Depth as a general protection concept according to the recommendations of ISA99 IEC 62443 the leading standard for security in industrial automation 6HFXULW ULVNV GHPDQG DFWLRQ 3K VLFDO DFFHVV SURWHFWLRQ SURFHVVHV DQG VHFXULW VHUYLFH JXLGHOLQHV IRU WKH SURWHFWLRQ RI SURGXFWLRQ SODQWV 3ODQW VHFXULW HOO SURWHFWLRQ SHULPHWHU QHWZRUN ILUHZDOOV ...

Page 20: ...unauthorized changes via the engineering system or during maintenance The use of antivirus and whitelisting software to protect PC systems against malware Maintenance and update processes to keep the automation systems up to date e g patch management firmware updates etc 4 1 Plant security Unauthorized persons may be able to enter the production site building and damage or alter production equipme...

Page 21: ...on Pages security solution aspx 4 2 Network security Network security includes all measures taken to plan implement and monitor security in networks This includes the control of all interfaces e g between the office network and plant network or remote maintenance access via the Internet 4 2 1 Network segmentation 4 2 1 1 Separation between production and office networks One important protective me...

Page 22: ...e s Pages default aspx SCALANCE S security module SCALANCE S security modules with Security Integrated provide Stateful inspection firewall In order to implement user specific control and logging firewall rules can also be specified that only apply to certain users VPN via IPsec data encryption and authentication This establishes a secure tunnel between authenticated users whose data cannot be int...

Page 23: ...ation for data misuse Note that upstream security modules such as SCALANCE S must be installed close to the device to be protected in a locked control cabinet This ensures that data cannot be manipulated here without notice General security measures 4 2 Network security Industrial Security Configuration Manual 08 2017 A5E36912609A 23 ...

Page 24: ...and controls the data traffic from and to the devices within the automation cells If required the traffic between the cells can be encrypted and authenticated Secure channels and client access from the PCs to the cells can be established via SOFTNET Security Client VPN client software for PCs General security measures 4 2 Network security Industrial Security 24 Configuration Manual 08 2017 A5E3691...

Page 25: ...RQ 6 0 7 6 ZLWK 3 GYDQFHG 6 ZLWK 60 6 0 7 6 ZLWK 3 HE VHUYHU 6HUYHU 356 8076 QWHUQHW 0 QGXVWULDO WKHUQHW 6HUYHU RPDLQ FRQWUROOHU QWHUQHW URXWHU 6 0 7 73 RPIRUW 6 0 7 7 6 6 1 0 6 6 0 7 73 6 0 7 7 63 6 1 0 6 6 0 7 73 6 0 7 7 63 6 1 0 6 6 0 7 73 7 6 0 7 73 6 0 7 6 6 180 5 VO 6 0 7 6 352 1 7 352 1 7 352 1 7 352 1 7 352 1 7 6 1 6 6 1 6 6 1 6 6 1 0 6 1 0 Figure 4 2 SCALANCE S application example General...

Page 26: ...er accounts to the actually needed minimum Use secure access data for existing accounts This also involves assigning a secure password Regularly check the locally configured user accounts in particular Regularly change the passwords PC in the industrial environment PCs used in the industrial environment must comply with the generally valid security recommendations Therefore take the following meas...

Page 27: ...able files exe Regularly back up your security relevant data Protect the data backup from loss and manipulation Transporting data Always send confidential and or security relevant data via encrypted e mail Only transport confidential and or security relevant data on data carriers that are classified as secure such as USB flash drives hard disk etc Regularly check the data carriers for viruses Alwa...

Page 28: ...reats are extremely diverse in nature and are continually changing Always keep yourself up to date on a regular basis through the Industry Online Support Page 223 regarding whether there are new and relevant product security notifications for your particular products Comply with the instructions provided in the product security notifications 4 3 1 2 Virus scanner An anti virus program virus scanne...

Page 29: ...our PC systems Whitelisting mechanisms provide additional protection against undesired applications or malware and unauthorized changes to installed applications or executable files exe dll 4 3 3 Patch management WSUS The WSUS Windows Server Update Service system functionality provided by Microsoft is available for current Windows systems WSUS supports administrators by providing Microsoft updates...

Page 30: ...a direct connection to the WSUS server in the Internet Ensure that the environment is secure and install an intermediate layer e g DMZ network firewall SCALANCE S modules etc Product software Note Out of date product software also represents a potential security gap for attacks As a consequence always install the latest product software versions General security measures 4 3 System integrity Indus...

Page 31: ...security SINAMICS must only be used in a secure and trustworthy network with a firewall Note the information in chapter Network segmentation Page 21 5 2 Write protection and know how protection The write protection and know how protection functions allow you to protect your own projects against changes unauthorized access or copying know how protection KHP Protection Validity Objective Effect Writ...

Page 32: ...e protected The following user interfaces are write protected STARTER commissioning tool Parameter changes via fieldbus No password is required for write protection Setting up and activating write protection 1 Go online 2 Select the required drive unit in the project navigator of your STARTER project Security measures for SINAMICS 5 2 Write protection and know how protection Industrial Security 32...

Page 33: ...s If write protection should also be active for access operations via fieldbuses then in the expert list you must set p7762 to 1 4 Select the Copy RAM to ROM icon to retentively save the settings Deactivating write protection 1 Go online 2 Select the required drive unit in the project navigator of your STARTER project 3 Call the shortcut menu Write protection drive unit Deactivate The hatching in ...

Page 34: ...ers see the converter List Manual Parameter Function r7760 Write protection know how protection status p7761 Write protection p7762 Write protection multi master fieldbus system access behavior 5 2 2 Know how protection 5 2 2 1 Overview The know how protection KHP function prevents for example strictly confidential company knowledge for configuration and parameter assignment from being read by una...

Page 35: ...ory card must be inserted in the new drive unit Know how protection with extended copy protection The drive unit can only be operated if the associated memory card with the drive unit settings is inserted into it It is not possible to insert and use the memory card in another drive unit without knowing the password 5 2 2 2 Features of know how protection Features when know how protection is active...

Page 36: ... ensure that the same language setting is active on the computer for subsequent entry of the password Note Data security of the memory card After setting up and activating the know how protection for encrypted data backup on the memory card previously backed up non encrypted data of the SINAMICS software will be deleted This is standard deletion procedure in which only the entries on the memory ca...

Page 37: ...activated know how protection provided diagnostic functions were permitted when it was activated Trace function Function generator Measuring function Functions with restricted executability The following listed functions can only be partly executed when know how protection is active Displaying the topology actual topology only Uploading adjustable parameters that can be changed or read when know h...

Page 38: ...rom the exception list it is no longer possible to enter or change the password for know how protection You must reset the drive unit to factory settings in order to regain access to the drive unit s adjustable parameters When restoring the factory settings you lose what you have configured in the drive unit and you must recommission the drive unit Extending the exception list 1 Using the symbol o...

Page 39: ...it and go online 3 Select the required drive unit in the project navigator of your STARTER project 4 In the shortcut menu select Drive unit know how protection Activate The Activate Know how Protection for Drive Object dialog box opens Figure 5 3 Activating 5 The Without copy protection option is active by default When an appropriate memory card is inserted in the Control Unit you can choose from ...

Page 40: ...tivate the Allow diagnostic functions trace and measuring functions option with a mouse click This allows the trace function the measuring function and the function generator to be used despite know how protection 10 The Copy RAM to ROM option is active by default and ensures that the know how protection is permanently stored in the Control Unit If you want to use the know how protection temporari...

Page 41: ...e unit Procedure 1 Connect the drive unit to the programming device 2 Go online with STARTER If you have generated a project offline on your computer you must load the project into the drive unit and go online 3 Select the required drive unit in the project navigator of your STARTER project 4 In the shortcut menu select Drive unit know how protection Deactivate The Deactivate Know how Protection f...

Page 42: ...n or the deactivation of the know how protection is still running The values of all parameters are displayed again in the expert list However after switching off and switching on the power supply the password remains deleted Changing the password Requirement Know how protection has been activated for the drive unit Procedure To change the password for the know how protection proceed as follows 1 C...

Page 43: ...Control Unit of the drive is defective In these cases the OEM can create a new encrypted subproject for a drive object via STARTER The serial number of a new memory card or a new Control Unit is saved in this encrypted data record in advance Application example Control Unit is defective Scenario The Control Unit of an end user is defective The machine manufacturer OEM has the end user s STARTER pr...

Page 44: ... serial numbers do not match then fault F13100 is output If required the end user must re enter the changed parameters from the OEM exception lists Calling the Load to File System dialog box 1 Call STARTER 2 Open the required project 3 Select the required drive unit in the project navigator of your STARTER project 4 Call the Load to file system function The Load to File System dialog box opens Fig...

Page 45: ...activated in the default setting 2 If you want to store additional data such as program sources on the target device activate this option Optionally you can also activate Including DCC chart data Graphical chart data can then also be stored 3 Enter the path for the storage directory in the appropriate input field or click Browse and select the directory in your file system Security measures for SI...

Page 46: ...without copy prot Required inputs New password and Confirm password Know how protection with basic copy protection permanently linked to the memory card Required inputs New password Confirm password and Memory card specified serial number Know how protection with extended copy protection permanently linked to the memory card and CU Required inputs New password Confirm password Memory card specifie...

Page 47: ... trace function the measuring function and the function generator to be used despite know how protection 6 Click OK to confirm the settings you made Result The activation of the know how protection starts the encryption of the subproject data If larger data volumes are being encrypted a progress display informs that the encryption or the activation of the know how protection is still running With ...

Page 48: ...an be changed Further information You can find detailed information on this topic in chapter Access protection and rights Page 59 and in the List Manual of the converter in chapter Explanations for the list of parameters 5 4 Using the memory card The memory card must be handled with particular care for all SINAMICS devices that use a memory card so that no malicious software or erroneous parameter...

Page 49: ...match the security measures for the protection of the automation system to the used protocols e g firewall The security measures are restricted to Ethernet and PROFINET networks The following table shows the various layers and protocols that are used Layers and protocols Report Port number 2 Link layer 4 Transport layer Function Description PROFINET protocols DCP Discovery and configuration pro to...

Page 50: ...NET PROFINET Cy clic IO data transfer The PROFINET IO tele grams are used to cycli cally transfer IO data be tween the PROFINET IO controller and IO devices via Ethernet PROFINET Con text Manager 34964 4 UDP PROFINET connection less RPC The PROFINET context manager provides an endpoint mapper in order to establish an applica tion relationship PROFI NET AR Connection oriented communication protocol...

Page 51: ...text transfer protocol https is used for the com munication with the CU internal web server via Transport Layer Securi ty TLS Is open in the delivery state and can be deacti vated Internal protocol 5188 4 TCP Server incoming Communication with STARTER for download ing project data Reserved 49152 655 35 4 TCP 4 UDP Dynamic port area that is used for the active con nection endpoint if the ap plicati...

Page 52: ...ther information on this in the section titled User defined web pages Note Total memory size of user files The total amount of data stored by the web server must not exceed the total memory size of 100 MB The total memory size of the stored data influences the backup times The larger the data volume the longer the backup takes Basic configuration There are two options for the basic configuration o...

Page 53: ...e web server is also available via this interface Addressing The individual drives in the web server are reached via the IP address If you want to assign a symbolic name e g roller drive 1 to the drive use your IT infrastructure outside of the drive A cancellation of the symbolic name in the drive is not possible The IP address can be found in the CU parameter assignment Example Integrated Etherne...

Page 54: ...n Configure the web server via the Configure Web Server dialog box of STARTER The following configuration options are available In online or offline mode in STARTER Using the expert list as well given the corresponding parameters The configuration parameters for the web server can be found in the List Manual Parameter p8986 activates the web server Retrieving the web server configuration dialog 1 ...

Page 55: ...the converter in two different ways Via a non encrypted HTTP connection Via an encrypted HTTPS connection NOTICE Using non encrypted connections HTTP When using the HTTP protocol the login data is also transferred unencrypted This makes it easier for attackers to steal your password information Unauthorized personnel tampering with the data can lead to damage Limit access to secure connections so ...

Page 56: ...RTER for the web server is open The web server is activated by the checkbox Activate the Web server Enabling users The SINAMICS and Administrator users can be enabled with their specific rights You can also specify whether password protection should be active for the SINAMICS user Default settings SINAMICS user No password protection We recommend that you assign a password The password must consis...

Page 57: ...cters you must ensure that the same language setting is active on the computer for subsequent entry of the password To enable a user and activate a password proceed as follows 1 Click the checkbox of the user you want to enable e g enable Enable user SINAMICS restricted rights user etc 2 Click the Passwort option button The Specify password button then becomes active 3 Click the Specify password b...

Page 58: ...rm Password field Pay attention to upper and lower case For security reasons the password entries displayed in the input fields are encrypted 5 Confirm the input To do so click OK If both password entries were identical the input dialog box is closed If the passwords you have entered do not match the input dialog box remains open An error message appears At the same time the two entries in the inp...

Page 59: ...asons as the Administrator user you should never assign the SINAMICS user with the write and change list rights at the same time Otherwise the SINAMICS user would be able to change any chosen parameter at access levels 1 3 Summary The most effective access protection is a combination of the aforementioned safety mechanisms NOTICE Tampering with the converter parameter assignment resulting from pas...

Page 60: ... for a parameter list A default setting applies here depending on the user Access rights can be set individually for each user and parameter list in the parameter lists via the web server configuration Password assignment By default password protection is regulated as follows SINAMICS user No password protection We recommend that you assign a password The password must consist of 8 characters or m...

Page 61: ...eir own level Note For security reasons as the Administrator user you should never assign the SINAMICS user with the write and change list rights at the same time NOTICE Tampering with the converter parameter assignment resulting from password theft If unauthorized persons obtain a user s login data they can manipulate the parameter assignment and cause damage For your drive activate the know how ...

Page 62: ...e dialog box closes 5 6 4 Starting the Web server Requirements The web server is active in the configuration of STARTER Functional communication settings are available PG PC is connected to the Control Unit target device Start page of the web server Note Security In addition to a normal connection to your drive secure data transfer via HTTPS is also possible Data transmission via HTTPS requires th...

Page 63: ... item from the navigation area is displayed as the heading Display area The information regarding the selected item from the navigation area is shown in the display area In some areas the information is divided into tabs Navigation area You can select the information you need from the navigation area Starting the web server Enter your login name and the password in the login area Confirm the input...

Page 64: ...llows a drive object to be identified If the entry Identification via LED is displayed in this column an LED flash test can be carried out with the drive As soon as you click the entry Identification via LED the Ready LED on the corresponding component of the drive starts to flash and the component can thus be identified Status The current status of the component is displayed in this column Meanin...

Page 65: ... of the drive objects The following information is displayed for each drive object Column Explanation DO Number of the drive object DO Name Drive object name DO Typ view Drive object type Fault Alarms Graphical display of the status Fault Warning Maintenance request Maintenance required OK Operational display Status of the drive object via parameter r0002 Security measures for SINAMICS 5 6 Web ser...

Page 66: ...e converter commissioning manual In the STARTER online help Loading trace files from the memory card 1 Click the Diagnostics entry from the navigation 2 Click the Trace files tab The loadable trace files are displayed Figure 5 16 Example Loading trace files 3 In the list click the trace file that you wish to load You are then prompted on whether you want to open the trace file or store it in your ...

Page 67: ...Click the Diagbuffer tab The diagnostic buffer is displayed Figure 5 17 Example Displaying the diagnostic buffer The following information is displayed Column Explanation No Number of the event Time Time of the event Note If necessary no synchronized time is displayed when powering up but a time comprised of the following components is used instead 1 1 2000 Time stamp op erating hours Date Date of...

Page 68: ...mit the display to selected entries of the Type and Drive objekt columns 3 Acknowledge the faults To do this click the Reset alarms button The faults are acknowledged The Alarm display tab is updated 5 6 8 Displaying and changing drive parameters 5 6 8 1 Creating a parameter list Access to all drive parameters is possible by means of user defined parameter lists Including DCC and Tec parameters In...

Page 69: ...Click the Parameter entry from the navigation The Define tab is active Figure 5 19 Example Drive parameters defining the parameter list 2 Click the add new list button This displays a page for entering the list name 3 Enter a name for the new parameter list without using special characters Confirm the input To do so click Submit 4 Click the Access button and assign the access rights for this param...

Page 70: ...list appears in the tab You can view the actual parameter values and change them when required via this tab 10 If you wish to change the order of parameters within the current parameter list you have two options Move a selected parameter to the desired position in the list using the UP and DOWN buttons Drag and drop a selected parameter to the desired position in the list 5 6 8 2 Deleting a parame...

Page 71: ... name drop down list select the parameter list containing the selected list elements you wish to delete 2 For the list element you wish to delete click the DEL button The selected list element is deleted Figure 5 21 Example Delete list element 3 After deleting all the required list elements save the parameter list To do this click the Save list button Security measures for SINAMICS 5 6 Web server ...

Page 72: ...that can be changed with know how protection active Parameters with WRITE_NO_LOCK Parameters that can only be read with know how protection active Parameters with KHP_ACTIVE_READ Only those parameter values in the parameter list can be changed for which there is a Change button to the right of the line Changing parameter values The required parameter list must be created in the web server 1 Click ...

Page 73: ...LS is the basis for https access of the browser to the drive Transport Layer Security TLS more widely known under the predecessor designation Secure Sockets Layer SSL is a hybrid encryption protocol for secure transfer of data in the Internet The encrypted variant of communication between the browser and the Web server using HTTPS requires the creation and installation of certificates default conf...

Page 74: ...n find further information about Secure Socket Layer certificates at this address http www verisign com Delivery state When using HTTPS for the first time a private key is generated on the device as a file This means you can access the drive via HTTPS in the as delivered condition of the converter When accessing via HTTPS using this key you will receive a warning in your browser because the certif...

Page 75: ...wser Instructions for importing the certificate can be found in your browser s help options Alternatively you can import the root certificate via the path OEM SINAMICS HMICFG CERT ITDIAGROOTCA CRT instead of the server certificate This root certificate can be used irrespective of the IP address and drive 5 6 9 2 Using self created certificates If there is no Certification Authority in your busines...

Page 76: ...your browser s help options 7 Open an HTTPS web server connection to your drive in the browser If the certificate has been imported correctly the required connection is established If the certificate is not imported a message indicating that the signed Certification Authority is unknown is displayed when you open the browser 5 6 9 3 Generating your own certificates You can either generate your own...

Page 77: ...r Function r0196 0 255 Topology component status r8911 0 3 IE IP Address of Station actual r8931 0 3 PN IP Address of Station actual p8986 Web server configuration p8987 0 1 Web server port assignment 5 7 Information about individual interfaces X127 LAN Ethernet Note Additional security measures Networking of the X127 LAN interface outside of the secured control cabinet requires additional securit...

Page 78: ... only for authorized personnel Unauthorized persons may be able to damage or alter production equipment as a result of gaps in a company s physical security Confidential information can also be lost or altered as a result of this This can be prevented if both the company s site and the production areas are protected accordingly You can find information on suitable protective measures in chapter AU...

Page 79: ...y the specifications for SINAMICS drives and for the TIA Portal must be taken into account In addition to the commissioning of single drives drives on SIMATIC controllers such as the S7 1500 can also be configured Information on how to proceed with SIMATIC controllers can be found in the TIA Portal online help at Configuring networks Commissioning computer Make sure that your commissioning compute...

Page 80: ...ution in STARTER You must therefore test the scripts before using them on machines WARNING Risk due to incorrect configurations for automated operating actions Thanks to comprehensive automation options scripting gives you the capability of automating manual operations of the STARTER As a result the project and task configuration that is to be repeated is optimized with regard to the time that is ...

Page 81: ...ting commissioning computers Make sure that your commissioning computer runs in a secure environment and that the logon is protected via a secure password Using know how protection DCCs DCC libraries programs and backup files are subject to an increased risk of manipulation Therefore use the know how protection the write protection for drive units and the know how protection for DCC charts and DCC...

Page 82: ...nger to life through manipulation of DCC charts and DCC libraries The use of unprotected DCCs and DCC libraries entails a higher risk of manipulation of DCCs DCC libraries and backup files Protect important DCC charts and DCC libraries by using know how protection programs or via the know how protection for drive units in the SCOUT STARTER You can prevent manipulation by assigning a strong passwor...

Page 83: ...800 7 PROFIdrive device classes Table A 1 PROFIdrive device classes PROFIdrive PROFIBUS DP PROFINET IO Example Peripheral device P device DP slave IO Device Drive unit Control Unit CU320 2 Motion controller higher lev el controller or host of the au tomation system Class 1 DP master IO Controller Higher level control SIMAT IC S7 and SIMOTION Supervisor engineering sta tion Class 2 DP master IO Sup...

Page 84: ...data is usually time critical Acyclic data exchange via an acyclic data channel An acyclic parameter channel for exchanging parameters between the control supervisor and drive units is additionally available Access to this data is not time critical Alarm channel Alarms are output on an event driven basis and show the occurrence and expiry of error states Isochronous mode Cyclic data exchange in a ...

Page 85: ...cording to the scope and type of application processes PROFIdrive is divided into a total of 6 application classes of which the 3 important classes are compared below Class 1 AK1 The drive is controlled via a speed setpoint by means of PROFIBUS PROFINET Speed control is fully handled in the drive Typical application examples include simple frequency converters for controlling pumps and fans Class ...

Page 86: ...efined through the configuration of the drive unit Control Unit You can view and change the telegrams to be transferred in the STARTER screen form Figure A 1 PZD telegrams From the perspective of the drive unit the received process data represents the receive words and the process data to be sent the send words Communication A 1 Communication Industrial Security 86 Configuration Manual 08 2017 A5E...

Page 87: ...nd process data 2 2421 PROFIdrive Manufacturer specific telegrams and process data 3 2422 PROFIdrive Manufacturer specific telegrams and process data 4 Supplementary telegrams The converter List Manual contains the supplementary telegrams in the following function diagrams 2423 PROFIdrive manufacturer specific free telegrams and process data Free telegrams p0922 999 The converter List Manual conta...

Page 88: ...is retained and can now be changed If p0922 999 a telegram can be selected in p2079 A telegram interconnection is automatically made and blocked The telegram can also be extended This is an easy method for creating extended telegram interconnections on the basis of existing telegrams The telegram structure Parameter p0978 contains the drive objects that use a cyclic PZD exchange All drive objects ...

Page 89: ...0 371 999 2421 2423 B_INF 370 371 999 2421 2423 S_INF 370 371 999 2421 2423 VECTOR 1 2 3 4 20 220 352 999 2415 2416 2421 ENC 81 82 83 999 2416 2423 TM15DI_DO No predefined telegram HLA 166 999 2415 2420 TM31 No predefined telegram TM41 3 999 2415 2423 TM120 No predefined telegram TM150 No predefined telegram TB30 No predefined telegram CU_S 390 391 392 393 394 395 999 2422 2423 Depending on the dr...

Page 90: ...rter List Manual in the following function diagrams Function diagram Description 2439 PROFIdrive PZD receive signals profile specific interconnection 2440 PROFIdrive PZD receive signals manufacturer specific interconnection Overview of status words and actual values A detailed overview of the status words and actual values is contained in the converter List Manual in the following function diagram...

Page 91: ...erfaces Assignment of communication interfaces to cyclic interfaces With the factory setting p8839 99 the communication interfaces are permanently assigned to one of the cyclic interfaces IF1 IF2 depending on the communication system e g PROFIBUS DP PROFINET or CANopen The assignment to the cyclic interfaces can essentially be freely defined by user parameterization for the parallel operation of t...

Page 92: ...de p8815 1 2 IF2 supports PROFIsafe Additional parameter assignment options are possible if additionally the PROFINET module CBE20 is inserted in the CU320 2 DP p8839 0 1 and p8839 1 2 PROFIBUS isochronous PROFINET cyclic p8839 0 2 and p8839 1 1 PROFINET isochronous PROFIBUS cyclic Parameters for IF2 The following parameters are available in order to tune the IF2 for a PROFIBUS or PROFINET interfa...

Page 93: ...839 0 is valid and the setting of p8839 1 is treated like inactive If the CAN board CBC10 is used the input of p8839 0 2 is not permitted This means no assignment of the CAN board to IF1 An alarm is then issued If p8839 x is set to 2 and the COMM BOARD is missing or defective then the corresponding interface is not supplied from the Control Unit onboard interface Message A08550 is output instead O...

Page 94: ...lic communication Reference PROFIdrive Profile V4 1 May 2006 Order No 3 172 Addressing PROFIBUS DP The addressing is carried out via the logical address or the diagnostics address PROFINET IO The addressing is only undertaken using a diagnostics address which is assigned to a module as of slot 1 Parameters cannot be accessed via socket 0 F FOLF FRPPXQLFDWLRQ RQWUROOHU 6XSHUYLVRU HYLFH 3DUDPHWHU UH...

Page 95: ...onse must fit into a data set e g PROFIBUS Max 240 bytes The request or the response header is user data Structure of requests and responses Structure of parameter request and parameter response Parameter request Offset Values for write access only Request header Request reference Request ID 0 Axis Number of parameters 2 1st parameter address Attribute Number of elements 4 Parameter number 6 Subin...

Page 96: ... modified data to the non volatile memory p0971 p0977 Response ID Unsigned8 0x01 0x02 0x81 0x82 Read request Write request Read request Write request Mirrors the request identifier and specifies whether request execution was positive or nega tive Negative means Cannot execute part or all of request The error values are transferred instead of the values for each subresponse Drive object number Unsi...

Page 97: ...sible as a substitute Number of values Unsigned8 0x00 0xEA No 0 234 Limited by DPV1 telegram length Specifies the number of subsequent values Error values Unsigned16 0x0000 0x00FF Significance of the error values refer to the following table Error values in the DPV1 parameter re sponses The error values in the event of a negative response If the values make up an odd number of bytes a zero byte is...

Page 98: ...ex 0x15 Response too long The length of the present response exceeds the maximum transfer length 0x16 Illegal parameter address Illegal or unsupported value for attribute number of elements parameter number subindex or a combination of these 0x17 Illegal format Write request Illegal or unsupported parameter data format 0x18 Number of values inconsistent Write request A mismatch exists between the ...

Page 99: ...g state download p0010 29 0x77 Parameter s s must not be writ ten during download 0x78 Parameter s s Write access only in the commissioning state drive con figuration device p0009 3 0x79 Parameter s s Write access only in the commissioning state define drive type device p0009 2 0x7A Parameter s s Write access only in the commissioning state data re cord base configuration de vice p0009 4 0x7B Para...

Page 100: ...se an access code is not available Determining the drive object numbers Further information about the drive system e g drive object numbers can be determined as follows using parameters p0101 r0102 and p0107 r0107 1 The value of parameter r0102 Number of drive objects for drive object axis 1 is read via a read request Drive object 1 is the Control Unit CU which is a minimum requirement for each dr...

Page 101: ... Parameter request Offset Request header Request reference 25 hex Request ID 01 hex 0 1 Axis 02 hex Number of parameters 01 hex 2 3 Parameter address Attribute 10 hex Number of elements 08 hex 4 5 Parameter no 945 dec 6 Subindex 0 dec 8 Information about the parameter request Request reference The value is selected at random from the valid value range The request reference establishes the relation...

Page 102: ...ponse belongs to the request with request reference 25 Response ID 01 hex Read request positive values stored as of 1st value Axis mirrored number of parameters The values correspond to the values from the request Format 06 hex Parameter values are in the unsigned16 format Number of values 08 hex Eight parameter values are available 1st value 8th value A fault is only entered in value 1 of the fau...

Page 103: ... 1 speed setpoint p1059 600 rpm Jog 2 speed setpoint The request is to be handled using a request and response data block QGH QXPEHU 3DUDPHWHU QXPEHU 0DLQ VHWSRLQW RJ VHWSRLQW QBVHWB QSXW LQ S DQG S 2EMHFW GHYLFH 8 LULQJ WR LWVHOI 6DYH VHWSRLQW RJ VHWSRLQW H H U U U U S S S 9 S Figure A 4 Task description for multi parameter request example Basic procedure 1 Create a request to write the parameter...

Page 104: ...5 hex 38 3rd parameter val ue s Format 08 hex Number of values 01 hex 40 41 Value 4396 hex 42 Value 0000 hex 44 4th parameter val ue s Format 08 hex Number of values 01 hex 46 47 Value 4416 hex 48 Value 0000 hex 50 Notes relating to the parameter request Request reference The value is selected at random from the valid value range The request reference establishes the relationship between request a...

Page 105: ...onse ID 02 hex 0 Axis mirrored 02 hex Number of parameters 04 hex 2 Notes regarding the parameter response Request reference mirrored This response belongs to the request with request reference 40 Response ID 02 hex Write request positive Axis mirrored 02 hex The value matches the value from the request Number of parameters 04 hex The value matches the value from the request A 1 1 5 Diagnostics ch...

Page 106: ...FIdrive message classes Faults Alarms Component assignment PN GSDML X X X TIA X X X DP GSD X TIA X SINAMICS transfers the messages in the sequence in which they occurred If an alarm appears SINAMICS sends an incoming message The alarm remains until SINAMICS sends the corresponding outgoing message The time stamps are generated from the higher level controller when the messages are received The exi...

Page 107: ...nel Number 2 Byte Channel Properties 0x8000 2 Byte User Structure Identifier 2 Byte Channel Diagnosis Data 6 Byte Channel Number 2 Byte Channel Properties 2 Byte Channel Error Type 2 Byte Overview ORFN HDGHU ORFNW SH ORFNOHQJWK ORFNYHUVLRQ LJK ORFNYHUVLRQ RZ 3 6ORW QXPEHU 6XE 6ORW QXPEHU KDQQHO QXPEHU KDQQHO 3URSHUWLHV 8VHU 6WUXFWXUH GHQWLILHU WH WH WH WH WH WH WH WH WH WH WH WH KDQQHO UURU 7 SH K...

Page 108: ...Type U16 0x9000 0x9001 0x9002 0x9003 0x9004 0x9005 0x9006 0x9007 0x9008 0x9009 0x900A 0x900B 0x900C 0x900E 0x900F 0x9010 0x9011 0x9012 0x9013 Hardware software error Network fault Supply voltage fault DC link overvoltage Power electronics faulted Overtemperature of the electronic components Ground fault inter phase short circuit Motor overload Communication error to the higher level control system...

Page 109: ...ia PROFIBUS in the case of fault the following diagnostics data is output Standard diagnostics Page 110 Identifier related diagnostics Page 110 Status messages module status Page 111 Channel related diagnostics Page 112 Data sets DS0 DS1 and diagnostics alarm Page 112 Message structure The following applies if a message contains all of the specified diagnostics data Standard diagnostics Is always ...

Page 110: ...Number LowByte of the slave In this context the following values are decisive for diagnostics Ext_Diag Group signal for diagnostics in the slave 1 if at least 1 alarm is active Ext_Diag_Overflow Display diagnostics overflow in the slave for more than 240 bytes Identifier related diagnostics The identifier related diagnostics provides a bit KB_n for each slot 1 allocated when configuring the device...

Page 111: ...Header byte 0 0 Block length 2 32 incl this byte 2 Module status 0x82 3 Slot 0 4 Specifier 0 5 Slot_4 Slot_3 Slot_2 Slot_1 6 Slot_7 Slot_6 Slot_5 x 00 Slot_n Note Status value Diagnostics for SINAMICS are only available in cyclic PROFIBUS operation so that the state 00 Valid useful data is always output for all slots Communication A 1 Communication Industrial Security Configuration Manual 08 2017 ...

Page 112: ...ernal signal state error 30 Application function faulted 31 Parameterization commiss error 1 Channel related diagnostics 2 Input output 3 Channel type non specific System response Only one signal is generated if channel related diagnostics identifies several faults belonging to the same message class at the same drive object Data sets DS0 DS1 and diagnostics alarm The PROFIdrive message classes ar...

Page 113: ...nd the slot is OK 3 error is resolved and the slot is not okay 2 Channel fault present 1 as long as the drive object has an error condition 3 Internal fault 1 as long as the drive object has an error condition 4 Module fault 1 as long as the drive object has an error condition 5 Channel information present 1 DS1 exists 6 Type class of module 0011 Distributed A 1 2 Communication via PROFIBUS DP A 1...

Page 114: ... connect any CAN cable to the X126 interface Master and slave Master and slave properties Properties Master Slave As bus node Active Passive Send messages Permitted without external re quest Only possible on request by master Receive messages Possible without any restric tions Only receive and acknowledge permitted Master The following classes are differentiated Master class 1 DPMC1 Central automa...

Page 115: ...cts that are involved in exchanging process data Sequence of DOs in the telegram Sequence of drive objects in the telegram On the drive side the sequence of drive objects in the telegram is displayed via a list in p0978 0 24 where it can also be changed You can use the STARTER commissioning tool to display the sequence of drive objects for a commissioned drive system in the project navigator under...

Page 116: ...drive objects taken into account during configuration Configurations are permitted that do not take into account all of the drive objects that are present in the drive system Example The following configurations for example are possible Configuration with SERVO SERVO SERVO Configuration with A_INF SERVO SERVO SERVO TB30 etc Communication A 1 Communication Industrial Security 116 Configuration Manu...

Page 117: ...PROFIBUS interface with LEDs and address switches is available as standard on the CU320 2 DP Control Unit V 352 86 DGGUHVV VZLWFKHV 352 86 UHVHUYHG 5 20 237 Figure A 6 Interfaces and diagnostic LED Communication A 1 Communication Industrial Security Configuration Manual 08 2017 A5E36912609A 117 ...

Page 118: ...ignificance Examples 21dec 35dec 126dec 15hex 23hex 7Ehex C D E A B F DP H 1 0 2 3 4 5 6 7 8 9 161 16 1 2 7 C D E A B F DP L 1 0 2 3 4 5 6 7 8 9 160 1 5 3 E Setting the PROFIBUS address The factory setting for the rotary coding switches is 0dec 00hex There are two ways to set the PROFIBUS address 1 Using a parameter To set the bus address for a PROFIBUS node using STARTER first set the rotary code...

Page 119: ...preted as 0 If a value 0 or 127 is set the value in parameter p0918 defines the PROFIBUS address PROFIBUS interface in operation Generic station description file A generic station description file clearly and completely defines the properties of a PROFIBUS slave The SINAMICS S GSD file contains among other things standard telegrams free telegrams and slave to slave telegrams for configuring slave ...

Page 120: ...0964 0 6 device identification Bus terminating resistor Reliable data transmission via PROFIBUS depends amongst other things on the setting of the bus terminating resistors and the shielding of the PROFIBUS cables Bus terminating resistor The bus terminating resistors in the PROFIBUS plugs must be set as follows First and last nodes in the line Switch on terminating resistor Other nodes in the lin...

Page 121: ...You can use a SIMATIC HMI as a PROFIBUS master master class 2 to access SINAMICS directly With respect to SIMATIC HMI SINAMICS behaves like a SIMATIC S7 For accessing drive parameters the following applies Parameter number data block number Parameter sub index bit 0 9 of data block offset Drive object number bit 10 15 of data block offset Pro Tool and WinCC flexible The SIMATIC HMI can be configur...

Page 122: ...drive object No sub index Length Not activated Acquisition cycle Any Number of elements 1 Decimal places Any Note You can operate a SIMATIC HMI together with a drive unit independently of an existing controller A basic point to point connection can only be established between two nodes devices The variable HMI function can be used for drive units Other functions cannot be used e g messages or reci...

Page 123: ...erated even without PROFIdrive FOLF WHOHJUDPV IURP WKH PDVWHU RU EXV IDXOW 7 7 S S U 4 5 4 6 W Figure A 7 Monitoring telegram failure with a bus fault Telegram failure with a CPU stop After telegram failure bit r2043 0 is set to 1 Binector output r2043 0 can be used for a quick stop for example Once the delay time p2044 has elapsed fault F01910 is output Fault F01910 triggers fault response OFF2 p...

Page 124: ... and fault F01910 are output for VECTOR 2 When F01910 is output an OFF3 is triggered for the drive 3 After a two second delay time p2044 fault F01910 is output on the infeed and triggers OFF2 A 1 2 3 Slave to slave communication For PROFIBUS DP the master interrogates all of the slaves one after the other in a DP cycle In this case the master transfers its output data setpoints to the particular s...

Page 125: ...del Publisher With the slave to slave communication function at least one slave must act as the publisher The publisher is addressed by the master when the output data is transferred with a modified layer 2 function code DXB req The publisher then sends its input data for the master with a broadcast telegram to all bus nodes Subscriber The subscribers evaluate the broadcast telegrams sent from the...

Page 126: ...following preconditions should be observed for the slave to slave communication function STARTER as of Version 4 2 Configuration Drive ES Basic Drive ES SIMATIC or Drive ES PCS7 as of Version 5 3 SP3 Alternatively using a GSD file Firmware as of Version 4 3 The maximum number of process data per drive can be identified from the value in r2050 minus the resources that have already been used A maxim...

Page 127: ...The slave to slave communication function must be activated both in the publishers as well as in the subscribers whereby only the subscriber is to be configured The publisher is automatically activated during bus startup Activation in the publisher The master is informed abut which slaves are to be addressed as publishers with a modified layer 2 function code DXB req via the configuration of the s...

Page 128: ...meterizing telegram SetPrm Configuration telegram ChkCfg Using the configuration telegram a slave knows how many setpoints are to be received from the master and how many actual values are to be sent to the master For slave to slave communication a special space ID is required for each tap The PROFIBUS configuration tool e g HW Config generates this ID The ID is then transferred with the ChkCfg in...

Page 129: ...dure 1 You have generated a project e g with SIMATIC Manager and HW Config In the project example you defined a CPU 314 controller as master and 2 SINAMICS Control Units as slaves Of the slaves one CU310 2 DP is the publisher and one CU320 2 DP the subscriber 2 Select the CU320 2 DP Control Unit as slave Communication A 1 Communication Industrial Security Configuration Manual 08 2017 A5E36912609A ...

Page 130: ...ch to the detailed view Slots 4 5 contain the actual and setpoint values for the first drive object e g SERVO Slots 7 8 contain the telegram components for the actual and setpoint values for the second drive object Figure A 13 Detail view of slave configuration Communication A 1 Communication Industrial Security 130 Configuration Manual 08 2017 A5E36912609A ...

Page 131: ...n output type to a slave to slave communication type 7 In the first column select the PROFIBUS DP address of the publisher in this example 5 All PROFIBUS DP slaves are listed here for which actual value data can be retrieved It also provides the possibility of sharing data via slave to slave communication within the same drive device Communication A 1 Communication Industrial Security Configuratio...

Page 132: ... the publisher is not to be read set this using the Length column Alternatively you can shift the start address of the access so that the required data can be read out from the center section of the telegram component of the drive object Figure A 15 Configuring the slave to slave communication nodes Communication A 1 Communication Industrial Security 132 Configuration Manual 08 2017 A5E36912609A ...

Page 133: ... to slave communication link has been created instead of showing Standard telegram 2 for the drive object User defined appears in the configuration overview under telegram selection Figure A 17 Telegram assignment for slave to slave communication The details after creation of the slave to slave communication link for a drive object of the drive device are as follows Communication A 1 Communication...

Page 134: ...gram The publisher can only detect and report an interruption of the cyclic connection to the DP master A01920 F01910 The broadcast telegram to the subscriber will not provide any feedback A fault of a subscriber must be fed back via slave to slave communication In case of a master drive 1 n however the limited quantity framework see Links and requests should be observed It is not possible to have...

Page 135: ...lable in the converter List Manual A 1 2 4 Messages via diagnostic channels_PROFIBUS Messages can be displayed not only via the well known commissioning tools STARTER SCOUT After the activation of a diagnostic function the messages are also transferred to the higher level controller via the standardized PROFIdrive fault classes The messages are evaluated there or forwarded for convenient display t...

Page 136: ...s mode of this controller is first transferred to the drive With activated diagnostics SINAMICS first transfers all pending messages to the master Similarly all currently pending messages in the master are deleted by SINAMICS when closing the communication connection Messages The message texts are described in detail in the converter List Manual chapter Explanations on the list of faults and alarm...

Page 137: ...ated into PROFINET IO An Ethernet based automation standard defined by PROFIBUS International PROFIBUS user organization PROFINET IO is a manufacturer independent communication and engineering model PROFINET IO defines every aspect of the data exchange between IO controllers devices with so called master functionality and the IO devices devices with so called slave functionality as well as carryin...

Page 138: ...e 90 Real time RT and isochronous real time IRT communication Real time communication When communication takes place via TCP IP the resultant transmission times may be too long and not defined to meet the production automation requirements When communicating time critical IO user data PROFINET IO therefore uses its own real time channel rather than TCP IP Real time means that a system processes ex...

Page 139: ... PV F FOH FOLF SODQQHG FRPPXQLFDWLRQ 8QSODQQHG FRPPXQLFDWLRQ 0RQLWRUHG OLPLW 0RQLWRUHG OLPLW Figure A 20 Bandwidth distribution reservation PROFINET IO Addresses MAC address Every Ethernet and therefore every PROFINET interface is assigned a worldwide unique device identifier in the factory This 6 byte long device identifier is the MAC address The MAC address is divided up as follows Three bytes f...

Page 140: ...es of the onboard interfaces It is not permissible that the IP address band of the Ethernet interface and the PROFINET interface are the same The factory setting of the IP address of the Ethernet interface X127 is 169 254 11 22 the subnet mask is 255 255 0 0 Ethernet interface X127 is intended for commissioning and diagnostics Do not use this interface for other purposes and ensure that X127 e g f...

Page 141: ...ry card of the Control Unit The memory card allows module exchange without an IO supervisor when a fault occurs in a PROFINET device If a complete Control Unit needs to be replaced due to a device or module defect the new Control Unit automatically parameterizes and configures using the data on the memory card Following this cyclic exchange of user data is restarted Dynamic IP address assignment I...

Page 142: ...N to obtain a new IP address from the DHCP server Setting the DHCP address assignment with SINAMICS parameters As an alternative to the address assignment by the SIMATIC Manager the DHCP address assignment can also be initiated using SINAMICS parameters In this case the Control Unit always fetches the IP address from a DHCP server after each POWER ON You can make the settings using the expert list...

Page 143: ...pports the simultaneous operation of IRT Isochronous Real Time Ethernet RT Real Time Ethernet Standard Ethernet services TCP IP LLDP UDP and DCP PROFIdrive telegram for cyclic data transmission acyclic services PROFIdrive telegrams are available for implementing cyclic communication via PROFINET IO see chapter Communication according to PROFIdrive Cyclic communication Page 86 Telegrams to send and...

Page 144: ...nfig The structure of the telegram depends on the drive objects taken into account during configuration Configurations are permitted that do not take into account all of the drive objects that are present in the drive system Example The following configurations for example are possible Configuration with VECTOR VECTOR Configuration with A_INF VECTOR TB30 etc Communication channels for PROFINET PRO...

Page 145: ... it must be ensured that for standard applications a ring topology is not created Additional information on ring topologies can be found in chapter Media redundancy Page 169 Note Support for the medium dependent interface auto MDI X The Ethernet interface does not support auto MDI X If the network card of the PG PC does not support auto MDI X either only crossed cables may be used to connect devic...

Page 146: ... p8925 PN interfaces configuration p8929 PN number of remote controllers r8930 0 239 PN Name of Station actual r8931 0 3 PN IP Address actual r8932 0 3 PN Default Gateway actual r8933 0 3 PN Subnet Mask actual r8935 0 5 PN MAC Address r8936 0 1 PN state of the cyclic connections r8937 0 5 PN diagnostics r61000 0 239 PROFINET name of station r61001 0 3 PROFINET IP of station CBE20 p8829 CBE2x numbe...

Page 147: ...ible with PROFINET IO with RT The real update cycle in which cyclic data is exchanged depends on the bus load the devices used and the quantity framework of the I O data The update cycle is a multiple of the send cycle IRT Two options are available with this RT class IRT high flexibility IRT high performance The real time classes IRT high flexibility and IRT high performance can be selected as opt...

Page 148: ...mes well below one millisecond and with a deviation in the cycle start jitter of less than a microsecond provide sufficient performance reserves for demanding motion control applications In contrast to standard Ethernet and PROFINET IO with RT the telegrams for PROFINET IO with IRT are transferred according to a schedule Modules The following modules support the IRT high performance CU320 in conju...

Page 149: ...IRT high flexibility tele grams in the current cycle by the reserved bandwidth Exactly planned transfer times for transmission and re ceiving are guaranteed for any topologies Reload the network configu ration after a change Not relevant Only when the size of the IRT high flexibility interval needs to be modified reser vation of position is possible Always when the topology or the communications r...

Page 150: ... drive that is assigned to the I O system of SIMOTION1 This is arranged in the topology in such a way that its RT communication must be established through the IRT synchronization domain RPPXQLFDWLRQ RXWVLGH WKH V QFKURQL DWLRQ GRPDLQ 6 QF RPDLQ 57 6 QF RPDLQ 57 6 1 0 6 6 1 0 6 6 027 21 6 027 21 6 1 0 6 Figure A 21 RT communication across the limits of synchronization domains Update cycles and sen...

Page 151: ... this case the update cycle mode must always be set to fixed factor under IO device properties IO cycle tab Mode pulldown menu This means that STEP 7 will not automatically adjust the update cycle and thus the update cycle will always correspond to the send cycle 3 The send cycles from the odd range can be set only if a synchronization domain does not include any IO devices with real time class RT...

Page 152: ...gy Device selection in HW Config Hardware catalog The drive unit from the appropriate device family entry in the hardware catalog must be configured For the real time class IRT these are all entries as of firmware version V2 5 GSDML GSDML files for devices which contain IRT as of firmware version V2 5 A 1 3 3 PROFINET GSDML SINAMICS supports the GSDML version PROFINET GSDML to embed the converter ...

Page 153: ...Reserved 5 21 TM15 TM17 Not supported The telegrams in subslots 2 3 and 4 can be freely configured i e they can also remain empty Configuration 1 Insert a DO VECTOR module 2 Insert the optional submodule PROFIsafe telegram 30 3 Insert a submodule PZD telegram xyz 4 Insert the optional submodule PZD extension 5 Assign the I O addresses for the module and the submodules You will find a detailed desc...

Page 154: ...ely Overview of important parameters Note For a description of the parameters see the converter List Manual p8835 CBE20 firmware selection r8858 0 39 COMM BOARD read diagnostics channel r8859 0 7 COMM BOARD identification data A 1 3 5 Communication via PROFINET Gate Overview The PN GATE FOR SINAMICS is a PROFINET solution for controller manufacturers or mechanical equipment manufacturers who wish ...

Page 155: ...e I O data cyclically and in a compact form in one or more Ethernet telegrams For this purpose a driver part of the PN Gate is used on the controller for the communication with the CBE20 The CBE20 then distributes the I O data to each individual device in the PROFINET network with one telegram in each case both IRT and RT telegrams 7KLUG SDUW FRQWUROOHU DWH 3 6WDQGDUG WKHUQHW LQWHUIDFH 6 1 0 6 8 3...

Page 156: ...ated subslot numbers IO address Diagnostic addresses Module ID vendor ID and module ID Send cycles and update times Activating deactivating Activating and deactivating devices via the API without alarm triggering Automatic address assignment Topology based initialization Number of IO devices A maximum of 64 devices IO area in the controller 4096 bytes each in and out Maximum number of slots 2048 M...

Page 157: ...U performance mainboard hardware Ethernet chipset and its connection and the BIOS and the software components involved operating system components such as memory mapping Ethernet driver interrupt link configuration Software STARTER as of V4 3 or Drive ES as of V5 5 or SIMATIC STEP 7 as of V5 5 SP2 Development kit for the development and configuration SINAMICS PN Gate DevKit Article No 6SL3071 0CA0...

Page 158: ...ications in binary and in source code Documentation German PN Gate documentation in German English PN Gate documentation in English A 1 3 6 PROFINET with 2 controllers Control Unit settings Note Operation with two controllers is only possible in conjunction with an F CPU SINAMICS allows 2 control systems to be connected simultaneously to a Control Unit via PROFINET e g an automation controller A C...

Page 159: ...meters p9601 3 p9801 3 1 enable PROFIsafe for axes 1 and 2 3 Configure the PROFINET communication in HW Config see section Configuring the controllers When the system powers up using p8929 2 the drive system identifies that PROFINET telegrams are expected from 2 controllers The controller establishes the communication Note When booting the drive system first requires the configuration data of A CP...

Page 160: ...u configure both of the controllers using the shared device function in a common project Using GDSML you configure each controller independently in its own project The first of these options is described in the following example Note Detailed information on configuring with HW Config is provided in the STEP 7 documentation Example 2 controllers in a common project Start STEP 7 1 Under S7 create an...

Page 161: ... drive from the object manager in the example a CU320 2 PN Figure A 25 Automation controller created in HW Config Communication A 1 Communication Industrial Security Configuration Manual 08 2017 A5E36912609A 161 ...

Page 162: ... 5 To configure the drives in STARTER from the shortcut menu of the SINAMICS drive select Open object with STARTER Figure A 26 New project transferred from HW Config into STARTER Communication A 1 Communication Industrial Security 162 Configuration Manual 08 2017 A5E36912609A ...

Page 163: ...e an infeed and three drives in servo control We have selected telegram 370 for the infeed communication and standard telegrams 1 2 and 3 for the drives Then click under project Save and recompile all Click in the navigation window Communication Telegram Configuration Figure A 28 Telegram overview for PROFIdrive channel IF1 Communication A 1 Communication Industrial Security Configuration Manual 0...

Page 164: ...The PROFIsafe telegrams were added to the PROFIdrive table Figure A 30 List of telegrams that are available 4 To transfer your telegram changes into HW Config click on Set up addresses Figure A 31 The telegrams were aligned with HW Config After the telegrams have been successfully transferred to HW Config the red exclamation mark is replaced by a checkmark Communication A 1 Communication Industria...

Page 165: ...elegrams You must enable this in order that the PROFIsafe controller can access telegram 30 2 Select the Object properties option from the SINAMICS drive shortcut menu 3 In the following window you lock the access of the PROFIsafe telegrams through the A CPU Communication A 1 Communication Industrial Security Configuration Manual 08 2017 A5E36912609A 165 ...

Page 166: ... Inserting the PROFIsafe controller in STEP 7 You configure the PROFIsafe controller in precisely the same way as the automation controller under STEP 7 Communication A 1 Communication Industrial Security 166 Configuration Manual 08 2017 A5E36912609A ...

Page 167: ...communication select PROFINET IO again Figure A 34 PROFIsafe controller configuration 3 In HW Config click Station Save and compile 4 In the automation controller window click the SINAMICS drive 5 In the menu select Edit copy to start copying 6 Return to the HW Config window of the PROFIsafe controller 7 Right click the PROFINET line Communication A 1 Communication Industrial Security Configuratio...

Page 168: ...fig click Station Save and compile 10 Click Open object with STARTER again After completing the last save operation you will see in the STARTER window that the PROFIsafe telegrams have been assigned to PN IO 1 and the drive telegrams to PN IO Figure A 36 New project completed in STARTER If there is a checkmark after each telegram type in STARTER then the Shared Device has been successfully configu...

Page 169: ...rd procedure for media redundancy Using this procedure a maximum of 50 devices can participate in each ring In the case of an interrupted cable data transfer is only briefly interrupted as the system switches over to the redundant data path If a short term interruption is not permitted data transfer must be set to IRT High Performance The uninterruptible MRRT is automatically set A SIMOTION contro...

Page 170: ...oing operation Automatic synchronization after replacing components Restrictions IRT is not supported No simultaneous operation of Shared Device and Shared I Device Maximum 2 cyclical PROFINET connections System redundancy only via the onboard interface of SINAMICS PROFINET Control Unit For the duration of switching from one controller to the other the setpoints of the last connection remain froze...

Page 171: ...uency converter with PROFINET Control Units Figure A 37 System redundancy with converters Configuring Configuring the redundancy takes place in STEP 7 In the converter you only have to configure the communication via PROFINET System redundancy does not depend on the topology of the system Communication A 1 Communication Industrial Security Configuration Manual 08 2017 A5E36912609A 171 ...

Page 172: ...matic fault tolerant systems s7 400h dti 0 lc en WW Application description Configuration examples for S7 400H PROFINET SIMATICS S7 400H configuration examples https support industry siemens com cs document 90885106 configuration examples for s7 400h with profinet simatic s7 400h as of v6 0 dti 0 lc en WW Messages and parameters Faults and alarms Note You can find the description of faults and ala...

Page 173: ... date PROFINET supports I M data sets 0 4 I M data sets 1 3 can be set with the SIMATIC Manager STEP 7 and also with HW Config STEP 7 I M parameters Table A 13 Parameter designation assignment and meaning I M parameter designation Format Size oc tets Initialization SINAMICS pa rameters Significance I M 0 IM_SUP PORTED r8820 62 63 The parameter indicates which I M data sets are supported The value ...

Page 174: ...e change tracking with Safety Integrated The check signature has the following format The first four octets 0 3 contain the content of parameter r9781 index 0 SI change monitoring checksum Control Unit The second four octets 4 7 contain the content of parameter r9782 index 0 SI change monitoring time stamp Control Unit The remainder octets 8 53 contains zeroes The I M data sets 1 4 are stored perm...

Page 175: ...ers three transmission modes Modbus ASCII via a serial interface data in the ASCII code The data throughput is lower compared to RTU Modbus RTU via a serial interface data in the binary format The data throughput is greater than in ASCII code Modbus TCP via Ethernet data as TCP IP packages TCP port 502 is reserved for Modbus TCP In SINAMICS only the Modbus TCP transmission mode is available Possib...

Page 176: ...bject that can be addressed via Modbus With Modbus TCP you always address the first drive object from the list of drive objects p0978 0 A servo or vector drive object must be in this parameter However Modbus TCP is only activated if under p0978 0 there is a drive object that is supported by Modbus TCP If p0978 0 does not contain a valid drive object then establishing communication is acknowledged ...

Page 177: ...2040 Setting the monitoring time to monitor the received process data via fieldbus inter face If process data is not transferred within one cycle of the fieldbus monitoring time then the drive shuts down with fault F01910 r2050 0 19 Connector output to interconnect the PZD received from the fieldbus controller via IF1 p2051 0 24 Selects the PZD actual values to be sent to the fieldbus controller i...

Page 178: ...nnector output to interconnect the PZD received from the fieldbus controller via IF1 p2051 0 24 Selects the PZD actual values to be sent to the fieldbus controller in the word format via IF1 r2053 0 24 Displays the PZD actual values sent to the fieldbus controller in the word format via IF1 r2054 Status display for the internal communication interface p8840 Setting the monitoring time to monitor t...

Page 179: ... Data parameter Control data 40100 Control word see converter List Man ual function diagram 2442 R W 1 Process data 1 40101 Main setpoint R W 1 Process data 2 40102 STW 3 R W 1 Process data 3 40103 STW 4 R W 1 Process data 4 40104 PZD 5 R W 1 Process data 5 40105 PZD 6 R W 1 Process data 6 40106 PZD 7 R W 1 Process data 7 40107 PZD 8 R W 1 Process data 8 40108 PZD 9 R W 1 Process data 9 40109 PZD ...

Page 180: ...TO r0807 Fault diagnostics 40400 Failure number index 0 R 1 0 65535 r0947 0 40401 Failure number index 1 R 1 0 65535 r0947 1 40402 Failure number index 2 R 1 0 65535 r0947 2 40403 Fault number index 3 R 1 0 65535 r0947 3 40404 Fault number index 4 R 1 0 65535 r0947 4 40405 Fault number index 5 R 1 0 65535 r0947 5 40406 Fault number index 6 R 1 0 65535 r0947 6 40407 Fault number index 7 R 1 0 65535...

Page 181: ... differ from normal rotary drives 3 The technology controller parameters can only be accessed if in the STARTER project also the Technology controller function module is activated Table A 16 Assignment of the Modbus register for general parameter access using DS47 Regis ter Description Ac cess Unit Scaling ON OFF text or Value range Data parameter 40601 DS47 Control R W 40602 DS47 header R W 40603...

Page 182: ...ss Via FC 03 the control can address more than one register with one request The number of addressed registers is contained in bytes 10 and 11 of the read request Table A 17 Structure of a read request for device number 17 example Value Byte Description MBAP header 03 h 00 h 6D h 00 h 02 h 7 8 9 10 11 Register start address High register 40110 Register start address Low Number of registers High 2 ...

Page 183: ... h 55 h 66 h 7 8 9 10 11 Function code Register start address High write register 40100 Register start address Low Register data High Register data Low The response returns register address bytes 8 and 9 and the value bytes 10 and 11 which the higher level control had written to the register Table A 21 Device response to the write request example Value Byte Description MBAP header 06 h 00 h 63 h 5...

Page 184: ...0605 contains the attribute that you use to control whether you read out the parameter value or the parameter attribute In the number of elements you specify how many indices are read Communication details General parameter access is realized using the Modbus register 40601 40722 Communication via DS47 is controlled using 40601 40602 contains the function code always 47 2F hex and the number of th...

Page 185: ... 1 h 40604 DO Id 1 number of parameters 1 40605 Attribute number of elements 1 40606 Parameter number 2 40607 Subindex 0 Table A 24 Start parameter request Reading parameter value of r0002 from device number 17 Value Byte Description MBAP header 03 h 0258 h 0007 h 0010 h 7 8 9 10 11 12 13 Function code read Register start address Number of registers to be read 40601 40607 Number of registers Table...

Page 186: ...10 Number of data bytes 10 registers each 2 bytes 20 bytes 0001 h 2F10 h 8002 h 0101 h 1001 h 0461 h 0000 h 0801 h 4142 h 6666 h 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 40601 C1 activate request 40602 Function 2F h 47 request length 16 bytes 10 h 40603 Request reference 80 h request identifier 2 h write 40604 DO Id 1 number of parameters 1 40605 Attribute number of elements 1 4...

Page 187: ...been issued A 1 4 7 Communication procedure Logical error If the device detects a logical error within a request it responds to the controller with an exception response In the response the device sets the highest bit in the function code to 1 If the device receives for example an unsupported function code from the controller the device responds with an exception response with code 01 illegal func...

Page 188: ...s and no process data is requested within this time period A 1 4 8 Messages and parameters Faults and alarms Note You can find the description of faults and alarms in the converter List Manual Fault number Message F01910 Fieldbus Setpoint timeout A01925 Modbus TCP connection interrupted F08501 PN COMM BOARD Setpoint timeout A08526 PN COMM BOARD No cyclic connection A08555 Modbus TCP commissioning ...

Page 189: ...2 0 3 CBE2x Default Gateway p8943 0 3 CBE2x Subnet Mask p8944 CBE2x DHCP mode p8945 CBE2x interfaces configuration A 1 5 Communication via EtherNet IP A 1 5 1 Overview EtherNet IP is real time Ethernet and is mainly used in automation technology Communication via EtherNet IP is possible via the following connections Via the onboard interface X150 Via the Option Board Ethernet CBE20 Possible drive ...

Page 190: ... your drive objects from STARTER Output 102 Here enter the sum of all output process data of your drive objects from STARTER Configuration 1 or 103 Here always enter a value of 0 4 In STARTER set the same values for IP address subnet mask standard gateway and the station name as in the controller see chapter Configuring communication Result You have connected the drive to the control system via Et...

Page 191: ...sion EtherNet IP 2 Set the IP address using p8941 You can find the currently valid address in r8951 3 Set the subnet mask using p8943 You can find the currently valid subnet mask in r8953 4 Set the standard gateway using p8942 You can find the currently valid standard gateway in r8952 5 Set the station name using p8940 You can find the currently valid station name in r8950 6 Select the setting Sav...

Page 192: ... 772 Explicit Message Diagnostic List Object x 401 hex 1025 Parameter object x 402 hex 43E hex 1026 10 86 Parameter object x 1 These objects are part of the Ethernet IP system management For Assembly Object 4 hex you define the data length Assembly Object is assigned a cycle in the control system Identity Object Instance Number 1 hex Supported services Class Get Attribute all Get Attribute single ...

Page 193: ...0 Owned 0 Converter is not assigned to a controller 1 Converter is assigned to a controller 1 Reserved 2 Configured 0 Ethernet IP basic settings 1 Modified Ethernet IP settings 3 Reserved 4 7 Extended De vice Status 0 Self test or status not known 1 Firmware update active 2 At least one I O connection with error 3 No I O connections 4 Incorrect configuration in the ROM 5 Fatal fault 6 At least one...

Page 194: ...single Table A 37 Class Attribute No Service Type Name 1 get UINT16 Revision 2 get UINT16 Max Instance 3 get UINT16 Num of Instances Table A 38 Instance Attribute No Service Type Name Value explanation 1 get UINT16 OpenReqs Counters 2 get UINT16 OpenFormat Rejects Counters 3 get UINT16 OpenResource Rejects Counters 4 get UINT16 OpenOther Rejects Counters 5 get UINT16 CloseReqs Counters 6 get UINT1...

Page 195: ... get set Ramp Down Time p1121 0 ramp function generator ramp down time 39 get set Current Limit p0640 0 current limit 40 get set Frequency MAX Limit p1082 0 maximum speed 41 get set Frequency MIN Limit p1080 0 minimum speed 42 get set OFF3 Ramp Down Time p1135 0 OFF3 ramp down time 43 get set PID Enable p2200 0 technology controller enable 44 get set PID Filter Time Con stant p2265 Technology cont...

Page 196: ...r0752 1 analog input 2 68 get Analog Output 1 r0774 0 analog output 1 69 get Analog Output 2 r0774 1 analog output 2 70 get Fault Code 1 r0947 0 fault number 1 71 get Fault Code 2 r0947 1 fault number 2 72 get Fault Code 3 r0947 2 fault number 3 73 get Fault Code 4 r0947 3 fault number 4 74 get Fault Code 5 r0947 4 fault number 5 75 get Fault Code 6 r0947 5 fault number 6 76 get Fault Code 7 r0947...

Page 197: ...L Rated Power p0307 rated motor power 9 get set REAL Rated Frequency p0310 rated motor frequency 10 get set REAL Rated Tempera ture p0605 threshold and temperature value for monitor ing the motor temperature 11 get set REAL Max Speed p0322 maximum motor speed 12 get set UINT16 Pole pair number p0314 motor pole pair number 13 get set REAL Torque Constant p0316 motor torque constant 14 get set REAL ...

Page 198: ...value 2 hex UNIT8 Path 20 hex F6 hex 24 hex 05 hex where 5 hex is the number of instances of F6 hex four physical ports plus one internal port 5 get set STRING Interface Configu ration r61000 Name of Station UNIT32 r61001 IP address 6 get set UNIT16 Host Name Host Name Length STRING 10 get set UNIT8 Select ACD local OM flash 0 Disabled 1 Enabled 11 get set UNIT8 Last Conflict De tected local OM fl...

Page 199: ...uct of Interface Coun ters Optional required if the Media Counters Attribute is implemented UINT32 In Octets Received octets UINT32 In Ucast Packets Received Unicast packets UINT32 In NUcast Pack ets Received non Unicast packets UINT32 In Discards Incoming packets not processed UINT32 In Errors Incoming packets with errors UINT32 In Unknown Pro tos Incoming packets with unknown protocol UINT32 Out...

Page 200: ...UINT32 MAC Transmit Er rors Transmission unsuccessful as a result of an internal MAC sublayer transmission error UINT32 Carrier Sense Er rors Number of errors when attempting to send a request frame where the transmission condition was lost or was not assigned UINT32 Frame Too Long Structure too large UINT32 MAC Receive Er rors Transmission unsuccessful as a result of an internal MAC sublayer rece...

Page 201: ...bute single function with the following values Class 401 hex Instance 1520 5F0 hex parameter number Attribute 0 0 hex index 0 Data 500 0 value Parameter Object Instance Number 401 hex 43E hex Supported services Class Get Attribute All Get Attribute Single Instance Get Attribute Single Set Attribute Single Table A 48 Class Attribute No Service Type Name 1 get UINT16 2 get UINT16 Max slot num 3 get ...

Page 202: ...ress the drive as Ethernet node Note Immediate switchover without restart The switchover to DHCP is performed immediately and without a restart if the change is carried out with the Ethernet IP command Set Attribute Single class F5 hex attribute 3 e g via an Ethernet IP controller an Ethernet IP commissioning tool This means that you have integrated the drive into Ethernet Displays r8950 Station n...

Page 203: ...CBE2x interfaces configuration r8950 0 239 CBE2x Name of Station actual r8951 0 3 CBE2x IP address actual r8952 0 3 CBE2x Default Gateway actual r8954 CBE2x DHCP Mode actual r8955 0 5 CBE2x MAC address A 1 6 Communication via SINAMICS Link A 1 6 1 Basic principles of SINAMICS Link A drive unit with a node number most frequently comprises a Control Unit with a number of connected drive objects DOs ...

Page 204: ... 13 14 15 PZD 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 SINAMICS Link telegram content Part 1 Index 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 PZD 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 SINAMICS Link telegram content Part 2 Each transfer cycle every SINAMICS Link node can send 1 telegram with 32 PZD Each node receives all of the telegrams that are sent For each transfer cycle clock a no...

Page 205: ...des You can operate the bus cycle of the SINAMICS Link with the current controller cycle either synchronized or non synchronized Synchronized operation is set with p8812 0 1 A maximum of 64 nodes can then communicate with one another via SINAMICS Link To do so set the maximum number of nodes with p8811 project selection Number of nodes project no PZD count Bus cycle ms 64 16 1 or 2 16 16 0 5 12 24...

Page 206: ...he data in the additional description are applicable for the case IF1 SINAMICS Link The number of the respective node must be entered manually in parameter p8836 Each node must be assigned a different number Enter the numbers in ascending order starting with 1 If p8836 is set to 0 the nodes and the complete following line is shut down for SINAMICS Link Gaps in the numbering are not permitted as th...

Page 207: ...6 3 Configuring and commissioning Commissioning When commissioning proceed as follows 1 Set the Control Unit parameter p0009 1 device configuration 2 Set the Control Unit parameter p8835 3 SINAMICS Link 3 Using p8839 define which interface should be used for example for IF1 p8839 0 2 4 If SINAMICS Link is assigned to IF1 set parameter p2037 of the drive objects to 2 do not freeze setpoints If SINA...

Page 208: ...71 0 31 2 Enter the double words in p2061 x Double word data is simultaneously written to p8861 0 31 3 For each drive object allocate the send parameters in p8871 0 31 to a send slot of its own node Table A 50 Compile send data of drive 1 DO2 p2051 x Index p2061 x Index Contents From parame ter Telegram word p8871 0 ZSW1 r0899 1 1 Actual speed value part 1 r0061 0 2 Actual speed value part 2 3 3 A...

Page 209: ...nables part 1 r0046 13 14 Missing enables part 2 14 15 15 0 0 15 0 31 0 0 31 0 2 0 11 here remain free as they are already assigned by DO2 and DO3 Send slots PZD 16 to 31 are not required for this telegram and are therefore filled with a zero 1 For double words e g 1 2 assign two consecutive send slots e g p2061 1 p8871 1 PZD 2 and p8871 2 PZD 3 2 Enter the following PZD into the next parameter sl...

Page 210: ...out the values Table A 53 Receive data for Control Unit 2 From the sender Receiver Transfer from Tel word1 p8871 x Address p8872 x Receive buffer p8870 x Data transferred in Parameter Contents r2050 x r2060 x p2051 0 0 1 PZD 1 0 r0899 ZSW1 p2061 1 1 1 PZD 2 1 r0061 0 Actual speed value part 1 2 1 PZD 3 r0061 0 Actual speed value part 2 p2061 3 3 1 PZD 4 3 r0080 Actual torque value part 1 4 1 PZD 5...

Page 211: ... values Send data from node 1 to node 2 r0898 CO BO Control word sequence control drive 1 1 PZD in the example PZD 1 r0079 CO Total torque setpoint 2 PZD in the example PZD 2 r0021 CO Smoothed actual speed 2 PZD in the example PZD 3 Send data from node 2 to node 1 r0899 CO BO Status word sequence control drive 2 1 PZD in the example PZD 1 IF1 is used for SINAMICS Link Procedure 1 For all nodes set...

Page 212: ... 1st part p8871 4 5 r0021 2nd part 9 Define the receive data for node 2 Specify that the data placed in the receive buffer p8872 of node 2 in locations 0 to 4 will be received by node 1 p8872 0 1 p8872 1 1 p8872 2 1 p8872 3 1 p8872 4 1 Specify that PZD1 PZD2 and PZD3 of node 1 will be placed in the receive buffer p8870 of node 2 in locations 0 to 4 p8870 0 1 PZD1 p8870 1 2 PZD2 1st part p8870 2 3 ...

Page 213: ...t p8842 1 to activate parameters p8870 p8871 and p8872 6HQG EXIIHU 5HFHLYH EXIIHU 5HFHLYH EXIIHU 6HQG EXIIHU 3 3 3 3 6 1 0 6 LQN 3DUWLFLSDQW 6 1 0 6 LQN 3DUWLFLSDQW U FWXDO VSHHG VPRRWKHG U 7RWDO WRUTXH VHWSRLQW U RQWURO ZRUG VHTXHQFH FRQWURO GULYH U 6WDWXV ZRUG VHTXHQFH FRQWURO GULYH U 3 SDUWLF S S U GULYH U 3 S ULYH REMHFW 1DPH GULYH ULYH REMHFW 1DPH GULYH U 3 SDUWLF U 3 SDUWLF U 3 SDUWLF S S S ...

Page 214: ...5 fault F08501 is output COMM BOARD Monitoring time process data expired At node 1 fault F08501 is not triggered This node should be used for specifying setpoint values to other nodes A 1 6 6 Examples Transmission times for SINAMICS Link Example 1 Transmission times at a communication cycle of 1 ms p2048 or p8848 1 ms Bus cycle Transmission time Sync both Sync send Sync receive Async both 0 5 1 0 ...

Page 215: ...ject selection p8812 0 1 SINAMICS Link cycle settings p8835 CBE20 firmware selection p8836 SINAMICS Link node address p8839 0 1 PZD interface hardware assignment p8870 0 31 SINAMICS Link PZD receive word p8871 0 31 SINAMICS Link PZD send word p8872 0 31 SINAMICS Link PZD receive address A 1 7 Communication services and used port numbers SINAMICS converters support the communication protocols liste...

Page 216: ...Ethernet II and IEEE 802 1Q and Ethertype 0x88E3 PROFINET PROFINET me dium redundan cy MRP enables the control of redundant routes through a ring topology MRP uses the special multicast MAC address xx xx xx 01 15 4E xx xx xx Organization ally Unique Identifier PTCP Precision Trans parent Clock Pro tocol Not relevant 2 Ethernet II and IEEE 802 1Q and Ethertype 0x8892 PROFINET PROFINET send clock an...

Page 217: ...DHCP mode http Hypertext trans fer protocol 80 4 TCP Hypertext transfer proto col http is used for the com munication with the CU internal web server Is open in the delivery state and can be deacti vated ISO on TCP according to RFC 1006 102 4 TCP ISO on TCP protocol ISO on TCP according to RFC 1006 is used for the message oriented data exchange to a re mote CPU WinAC or de vices of other suppliers...

Page 218: ...opened when se lecting EtherNet IP Modbus TCP protocols server Request Re sponse 502 4 TCP Is used for exchanging data packages Is closed when delivered and is opened when se lecting Modbus TCP A 1 8 Time synchronization between the control and converter In the factory setting SINAMICS drives use an operating hours counter Based on the operating hours the SINAMICS drive saves alarms and warnings t...

Page 219: ...tive signal edge cyclically to the converter Simultaneously in acyclic operation the device sends the time in the UTC format in what is known as snap As soon as the ping has been received in the drive a timer starts which measures the time until the snap has been completely transferred The drive accepts the time that the snap transfers It then corrects it by the time that has expired between recei...

Page 220: ...sfer ping snap time The actual UTC time is displayed in the drive system using r3102 At certain intervals synchronization according to the same technique is repeated depending on the setting in the time master If a previously defined tolerance window is exceeded then alarm A01099 is output The tolerance window for time synchronization can be defined using p3109 If alarm A01099 occurs then generall...

Page 221: ...Note You can find the description of faults and alarms in the converter List Manual Fault number Message A01099 UTC synchronization tolerance violated Overview of important parameters Note For a description of the parameters see the converter List Manual Parameter Description p2048 IF1 PROFIdrive PZD sampling time p3100 RTC time stamp mode p3101 0 1 Set UTC time r3102 0 1 Display UTC time p3103 UT...

Page 222: ...Communication A 1 Communication Industrial Security 222 Configuration Manual 08 2017 A5E36912609A ...

Page 223: ... you wish to request on site service or order spare parts please contact your local office This office will contact the responsible service center on your behalf You can find your contact person in the relevant contact data base www siemens com yourcontact www siemens com yourcontact Siemens Support for on the move You can obtain optimum support anywhere you go using the Siemens In dustry Online S...

Page 224: ...Service Support Industrial Security 224 Configuration Manual 08 2017 A5E36912609A ...

Page 225: ...rial_security Pages plant security services aspx Operational Guidelines for Industrial Security https www industry siemens com topics global en industrial security Documents operational_guidelines_industrial_security_en pdf Additional product specific information about Industrial Security is available here SINAMICS homepage https www industry siemens com drives global en converter Pages Default as...

Page 226: ...ortDocumentation https support industry siemens com My ww en documentation Here you can find information on how to create your own individual documentation based on Siemens content and adapt it for your own machine documentation You can find information on the training here Sitrain https sitrain automation siemens com DE sitrain default aspx AppLang en training courses from Siemens for products sy...

Page 227: ...can be attacked Attack An attempt to destroy a resource to deprive it of its protection to change it to deactivate it to steal it to gain unauthorized access to it or to use it in an illegal way Authentication Verification of the identity of a user process or device frequently as prerequisite for the permission to access resources in an information system Authorization The right granted by a syste...

Page 228: ...nformation is not made available or disclosed to unauthorized individuals entities or processes Defense in depth Potential cause of an undesirable incident which may result in damage to a system or organization Denial of service DoS Denial of service DoS is the non availability of an IT based service that is normally available Although there can be many reasons for such non availability the term D...

Page 229: ...ir exploitation Industrial security Measures to increase the industrial security standards of a plant They protect against unauthorized access to higher level control systems industrial controls and PC based systems of the plant as well as against cyber attacks Information security Safeguards the confidentiality integrity and availability of information Integrity Property which guarantees that res...

Page 230: ... data packets belong to which TCP connection This process is called NAT Network Address Translation NCU Central control module of a CNC control for NC HMI PLC and closed loop control OpenVPN OpenVPN is a program to establish a virtual private network VPN via an encrypted TLS connection Libraries belonging to the OpenSSL program are used for encryption OpenVPN uses either UDP or TCP for transferrin...

Page 231: ...ts SIEM system SIEM stands for Security Information and Event Management and has become an established term in IT security Such systems are able to identify and evaluate security relevant events and notify the administrator Switch Network component for connecting several terminal devices or network segments in a local network LAN Threat Potential cause of an undesirable incident which may result i...

Page 232: ...WSUS Windows Server Update Services Windows Server Update Services abbreviation WSUS is the software component of the Microsoft Windows Server since Version 2003 which is responsible for patches and updates It is the successor version of the Software Update Services software component Glossary Industrial Security 232 Configuration Manual 08 2017 A5E36912609A ...

Page 233: ...trategy 19 Determining the axis number 100 Determining the object number 100 Determinism 138 Device identification 120 Device name 140 Diagnostics channel Forwarding of messages 135 Diagnostics channels 105 DMZ network 22 E Effects 13 Encryption Data 27 Encryption methods 73 EtherNet IP 189 Commissioning the drive 190 Connect the drive device 190 Create generic I O module 189 Integrating the drive...

Page 234: ...the parameters of the Control Unit 179 Parameterizing communication for X1400 178 Parameterizing communication for X150 177 Read and write access 181 Reading and writing parameters 184 More information 223 N Network security 20 O OEM list of exceptions for know how protection 37 On site service 223 Operating hours counter 218 P Parameter list Creating in the web server 68 Parameters Access levels ...

Page 235: ... classes Send cycles 150 Setting 149 Update cycles 150 S SCALANCE S 22 Security audit 17 Security by Design 14 Security certificates Web server 75 76 Security holes 13 Security integrity 15 Security module SCALANCE S 22 Security service 14 Security support 14 Sequence of objects in the telegram 115 143 Services 26 Shared device 158 SI HSC 15 SIEM system 15 Siemens Industrial Holistic Security Conc...

Page 236: ...parameters 72 Changing parameter values 72 Configuration 52 54 Creating a parameter list 68 Creating security certificates yourself 75 Data transfer 52 Deactivating 54 Default settings 54 Delete list element 70 Deleting a parameter list 70 Displaying faults and alarms of the drive 68 Interfaces 53 Login 62 Logout 62 Password protection 56 Read access 56 Secure connection 54 Security certificates f...

Reviews: