Siemens CP 1543-1 Скачать руководство пользователя страница 61 | Manualshive

Страница: 61 / 90

background image

Configuration, programming

4.8 Security

CP 1543-1
Operating Instructions, 12/2019, C79000-G8976-C289-08

61

4.8

Security

You will find an overview of the range and use of the security functions in section Industrial

Ethernet Security (Page 14).
For the configuration limits of the security functions refer to the section Characteristics

security (Page 18).
To be able to configure the security functions, you need to create a security user; see

section Security user (Page 61).

4.8.1

Security user

Creating a security user

You need the relevant configuration rights to be able to configure security functions. For this

purpose, you need to create at least one security user with the corresponding rights.
Navigate to the global security settings > "User and roles" > "Users" tab.
1.

Create a user and configure the parameters.

2.

Assign this user the role "NET Standard" or "NET Administrator" in the area below

"Assigned roles".

After logging on, this user can make the necessary settings in the STEP 7 project.
In the future, continue to log on as this user when working on security parameters.

4.8.2

VPN

The "VPN" parameter group of the module is only displayed when you assign the module to

a VPN group in the global security functions.

What is VPN?

Virtual Private Network (VPN) is a technology for secure transportation of confidential data in

public IP networks, for example the Internet. With VPN, a secure connection (= tunnel) is set

up and operated between two secure IT systems or networks via a non-secure network.
One of the main characteristics of the VPN tunnel is that it forwards all network packets

regardless of higher protocols (HTTP, FTP).
The data traffic between two network components is transported practically unrestricted

through another network. This allows entire networks to be connected together via a

neighboring network.

Properties

●

VPN forms a logical subnet that is embedded in a neighboring (assigned) network. VPN

uses the usual addressing mechanisms of the assigned network, however in terms of the

«
...
59
60
61
62
63
...
»

Содержание CP 1543-1

Страница 1: ...Operating Instructions 12 2019 C79000 G8976 C289 08 Preface Guide to the documentation 1 Product overview functions 2 Installation connecting up commissioning operation 3 Configuration programming 4 Diagnostics and upkeep 5 Technical specifications 6 Approvals 7 ...

Страница 2: ... only by personnel qualified for the specific task in accordance with the relevant documentation in particular its warning notices and safety instructions Qualified personnel are those who based on their training and experience are capable of identifying risks and avoiding potential hazards when working with these products systems Proper use of Siemens products Note the following WARNING Siemens p...

Страница 3: ...cations processor for SIMATIC S7 1500 View of the CP 1543 1 LEDs for status and error displays LED displays of the Ethernet interface for connection status and activity Type plate Ethernet port 1 x 8 pin RJ 45 jack The padlock icon symbolizes the interface to the external non secure subnet Label with MAC address Figure 1 View of the CP 1543 1 with closed left and open right front cover Address lab...

Страница 4: ...ee section Virtual interface of the CPU Page 37 New ATEX IECEx approval Editorial revision Version history Firmware version V2 1 with the following new functions Extended security settings using IP routing via the backplane bus see section IP routing Page 36 Firmware version V2 0 with the following new functions Secure OUC Open User Communication via TCP IP Secure Mail New system data types SDTs f...

Страница 5: ...etworks against cyber threats it is necessary to implement and continuously maintain a holistic state of the art industrial security concept Siemens products and solutions constitute one element of such a concept Customers are responsible for preventing unauthorized access to their plants systems machines and networks Such systems machines and components should only be connected to an enterprise n...

Страница 6: ...upport industry siemens com cs ww en view 50305045 Device defective If a fault develops please send the device to your Siemens representative for repair Repairs on site are not possible Recycling and disposal The product is low in pollutants can be recycled and meets the requirements of the WEEE directive 2012 19 EU Waste Electrical and Electronic Equipment Do not dispose of the product at public ...

Страница 7: ...mmissioning operation 25 3 1 Important notes on using the device 25 3 1 1 Notes on use in hazardous areas 25 3 1 2 Notes on use in hazardous areas according to ATEX IECEx 26 3 1 3 Notes on use in hazardous areas according to UL HazLoc 27 3 1 4 General notices on use in hazardous areas according to FM 27 3 2 Installing and commissioning the CP 1543 1 28 3 3 Operating mode of the CPU Reaction of the...

Страница 8: ...criber of VPN connections 65 4 8 3 Firewall 66 4 8 3 1 Firewall sequence when checking incoming and outgoing frames 66 4 8 3 2 Notation for the source IP address advanced firewall mode 66 4 8 3 3 HTTP and HTTPS not possible with IPv6 66 4 8 3 4 Firewall settings for connections via a VPN tunnel 67 4 8 4 Online functions 67 4 8 4 1 Settings for online security diagnostics and downloading to station...

Страница 9: ... Most important contents System descrip tion System manual S7 1500 Automation System https support industry siemens com cs ww e n view 59191792 Application planning Installation Connecting Commissioning System diagnos tics Function manual System diagnostics https support industry siemens com cs ww e n view 59192926 Overview Diagnostics evaluation for hardware software Communication Function manual...

Страница 10: ...ry siemens com cs ww e n view 59193558 Basics Calculations CP documentation in the Manual Collection article number A5E00069051 The SIMATIC NET Manual Collection DVD contains the device manuals and descriptions of all SIMATIC NET products current at the time it was created It is updated at regular intervals Version History Current Downloads for the SIMATIC NET S7 CPs The Version History Current Do...

Страница 11: ...munication services Open User Communication OUC Open User Communication supports the following communications services via the CP using programmed or configured communications connections ISO transport complying with ISO IEC 8073 TCP IPv4 IPv6 acc to RFC 793 and 8200 With the interface via TCPv4 v6 connections the CP supports the socket interface to TCP IP available on practically every end system...

Страница 12: ...k Time Protocol The CP sends timeofday queries at regular intervals to an NTP server and synchronizes its local time of day The time is also be forwarded automatically to the CPU modules in the S7 station allowing the time to be synchronized in the entire S7 station Security function The CP supports the NTP secure protocol for secure time of day synchronization and transfer of the time of day Addr...

Страница 13: ...on the CP An IP address according to IPv6 can be used for the following communications services FETCH WRITE access CP is server FTP server mode FTP client mode with addressing via program block E mail transfer with addressing via program block TCP via OUC blocks with the following SDTs TCON_QDN TCON_QDN_SEC SNMP When using IPv6 addresses make sure to configure the DNS server accordingly Access to ...

Страница 14: ...y measures Data espionage FTPS HTTPS Data manipulation Unauthorized access Secure underlying networks can be operated via additional Ethernet PROFINET interfaces implemented by the CPU or additional CPs Security functions of the CP for the S7 1500 station As result of using the CP the following security functions are accessible to the S7 1500 station on the interface to the external network Firewa...

Страница 15: ...umber of freely usable connections on Industrial Ethernet 118 The value applies to the total number of connections of the following types S7 connections Connections for open communications services FTP FTP client Note Connection resources of the CPU Depending on the CPU type different numbers of connection resources are available The number of connection resources is the decisive factor for the nu...

Страница 16: ...ngths ISO on TCP TCP ISO transport 1 to 64 kB UDP 1 byte to 2 KB E mail Job header user data 1 to 256 bytes E mail attachment up to 64 kB LAN interface max data field length generat ed by CP per protocol data unit TPDU transport protocol data unit sending ISO transport ISOonTCP TCP 1452 bytes TPDU receiving ISO transport 512 bytes TPDU ISO on TCP 1452 bytes TPDU TCP 1452 bytes TPDU Note Connection...

Страница 17: ...ommunication provides data transfer via the ISO Transport or ISO on TCP protocols Characteristic Explanation values Total number of freely usable S7 connections on Industrial Ethernet Max 118 LAN interface data field length generated by CP per protocol data unit PDU protocol data unit For sending 480 bytes PDU For receiving 480 bytes PDU Number of reservable OP connections Max 4 Number of reservab...

Страница 18: ...FTP_CMD for FTP client mode For communication use the program block FTP_CMD The block execution time in FTP depends on the reaction times of the partner and the length of the user data A generally valid statement is therefore not possible 2 4 4 Characteristics security IPsec tunnel VPN VPN tunnel communication allows the establishment of secure IPsec tunnel communication with one or more security ...

Страница 19: ...mentation Page 9 Note Power supply via the CPU adequate or additional power supply modules required You can operate a certain number of modules in the S7 1500 station without an additional power supply Make sure that you keep to the specified power feed to the backplane bus for the particular CPU type Depending on the configuration of the S7 1500 station you may need to provide additional power su...

Страница 20: ...N_SEC TCON_Configured ISO on TCP TCON_IP_RFC ISO TCON_ISOnative UDP TCON TDISCON TUSEND TURCV TCON_IP_v4 E mail TMAIL_C TMAIL_V4 TMAIL_QDN TMAIL_QDN_SEC TMAIL_V6 TMAIL_V6_SEC Table 2 2 Block for communication services of the CP Protocol Program block instruction System data type FTP FTP_CMD FTP_CONNECT_IPV4 FTP_CONNECT_IPV6 FTP_CONNECT_NAME FTP_FILENAME FTP_FILENAME_PART Table 2 3 Block for config...

Страница 21: ...LED ERROR LED MAINT LED LINK ACT LED Reserve LED Figure 2 1 LED display of the CP 1543 1 without front cover Meaning of the LED displays of the CP The CP has the following 3 LEDs to display the current operating status and the diagnostics status RUN one color LED green ERROR one color LED red MAINT one color LED yellow ...

Страница 22: ... red LED lit yellow LED test during startup LED lit green LED lit red LED off Startup booting the CP LED lit green LED off LED off CP is in RUN mode No disruptions LED lit green LED flashing red LED off A diagnostics event has occurred LED lit green LED off LED lit yellow Maintenance maintenance is demand ed LED lit green LED off LED flashing yellow Maintenance is required Downloading the user pro...

Страница 23: ...an Ethernet connection between the Ethernet interface of your CP and a communications partner green on yellow flickers At the current time data is being received sent via the Ethernet interface of the Ethernet device of a communi cations partner on Ethernet 2 7 Gigabit interface Ethernet interface with gigabit specification and security access The CP has an Ethernet interface according to the giga...

Страница 24: ...Product overview functions 2 7 Gigabit interface CP 1543 1 24 Operating Instructions 12 2019 C79000 G8976 C289 08 ...

Страница 25: ... low voltage supply system and within a single building Ensure that the LAN is in an of type A environment according to IEEE 802 3 or in a type 0 environment according to IEC TR 62101 Never establish a direct electrical connection to TNV networks telephone network or WANs Wide Area Network 3 1 1 Notes on use in hazardous areas WARNING The device may only be operated in an environment with pollutio...

Страница 26: ...dous areas according to ATEX IECEx WARNING Requirements for the cabinet enclosure To comply with EU Directive 94 9 ATEX95 the enclosure or cabinet must meet the requirements of at least IP54 in compliance with EN 60529 WARNING Cable If the cable or conduit entry point exceeds 70 C or the branching point of conductors exceeds 80 C special precautions must be taken If the equipment is operated in an...

Страница 27: ...tions only 3 1 4 General notices on use in hazardous areas according to FM WARNING EXPLOSION HAZARD You may only connect or disconnect cables carrying electricity when the power supply is switched off or when the device is in an area without inflammable gas concentrations This equipment is suitable for use in Class I Division 2 Groups A B C and D or non hazardous locations only This equipment is s...

Страница 28: ...omplete Procedure for installation and commissioning Step Execution Notes and explanations 1 When installing and connecting up keep to the procedures described for installing I O modules in the system manual S7 1500 Au tomation System 2 Connect the CP to Industrial Ethernet via the RJ45 jack Underside of the CP 3 Turn on the power supply 4 Close the front covers of the module and keep them closed ...

Страница 29: ... 5 GND Ground D3 D3 bidirectional 6 RD_N Receive Data D2 D2 bidirectional 7 GND Ground D4 D4 bidirectional 8 GND Ground D4 D4 bidirectional You will find additional information on the topics of Connecting up and Accessories RJ 45 plug in the system manual Link https support industry siemens com cs ww en view 59191792 3 3 Operating mode of the CPU Reaction of the CP Switching the CPU RUN STOP You c...

Страница 30: ...e CP CP 1543 1 30 Operating Instructions 12 2019 C79000 G8976 C289 08 The following functions remain enabled Configuration and diagnostics of the CP System connections for configuration diagnostics and PG channel routing still exist Web diagnostics S7 routing function Time of day synchronization ...

Страница 31: ...ialsecurity Here you can find information on security in industrial communication Link http w3 siemens com mcms industrial communication en ie industrial ethernet security Seiten industrial security aspx You can find a selection of documentation on the topic of network security here Link https support industry siemens com cs ww en view 92651441 Keep the firmware up to date Check regularly for secu...

Страница 32: ... Use the secure protocol variants HTTPS FTPS NTP secure and SNMPv3 Use the program blocks for secure OUC communication Secure OUC Leave access to the Web server of the CPU CPU configuration and to the Web server of the CP disabled Protection of the passwords for access to program blocks Protect the passwords stored in data blocks for the program blocks from being viewed You will find information o...

Страница 33: ...rts Port number protocol Port number assigned to the protocol Default of the port Open The port is open at the start of the configuration Closed The port is closed at the start of the configuration Port status Open The port is always open and cannot be closed Open after configuration The port is open if it has been configured Open login when configured As default the port is open After configuring...

Страница 34: ...s via port 8448 Page 68 Ports of communication partners and routers Make sure that you enable the required client ports in the corresponding firewall on the communications partners and in intermediary routers These can be DHCP 67 68 UDP DNS 53 UDP NTP 123 UDP SMTP 25 TCP Open in CP on block call outgoing only SMTPS 587 TCP Open in CP on block call outgoing only 4 2 Restricting communications servi...

Страница 35: ...he partner are not possible The following communications services of the CP relate to a CPU V2 When the option is disabled the following is not possible PUT GET access via the CP FETCH WRITE access via the CP When the option is disabled the following is possible FTP access via the CP 4 3 Network settings Automatic setting The Ethernet interface of the CPU is set permanently to autosensing Note In ...

Страница 36: ...work during startup the CP detects double addressing in the network Behavior when the CP starts up If double addressing is detected when the CP starts up the CP changes to RUN and cannot be reached via the Ethernet interface The ERROR LED flashes 4 4 3 IP routing IP routing via the backplane bus The CP supports static IP routing IPv4 to other CMs CPs CP 1545 1 CM 1542 1 V2 0 CP 1543 1 V2 0 You can...

Страница 37: ...cations such as OPC UA not only via its local PROFINET interfaces but also via the interface of one CP 15431 in the same station The virtual interface is called W1 Features of the virtual interface The virtual interface is not a fully diagnosable interface with the familiar properties of conventional interfaces The virtual interface is not displayed in the graphical views because the internal conn...

Страница 38: ...FINET interfaces of the CPU must be in different disjointed address bands The IP address of the virtual interface must be in the subnet of the Ethernet interface so that the services of the CP can be reached from the CPU and vice versa After loading the configuration data the CPU services such as the OPC UA server can be reached via the CP and the virtual interface The IP address of the virtual in...

Страница 39: ...on changes A change of the assigned CP may have an effect on the configuration of the virtual interface Changes in the configuration Assign a different CP The configuration is used for the new CP Deselect the assigned CP The virtual interface W1 is deactivated and the configuration is lost When a CP is assigned again you need to configure the virtual interface again Changes to the station configur...

Страница 40: ...nnect the CP to a non secure network it is absolutely necessary to connect an additional firewall to the interface between the CP and the non secure network For this purpose use a security module e g SCALANCE S602 V3 or S623 4 4 5 Programmed connections Restriction of firewall rules Restrictions with programmed connections and configured security functions In principle it is possible to set up com...

Страница 41: ...om non synchronized NTP servers is not selected the response is as follows If the CP receives a time of day frame from an unsynchronized NTP server with stratum 16 the time of day is not set according to the frame In this case none of the NTP servers is displayed as NTP master in the diagnostics but rather only as being reachable Security In the extended NTP configuration you can create and manage...

Страница 42: ... a user with suitable rights has been created in the STEP 7 project This means that the security functions must be enabled on the CP For this security settings are available in the global user administration 4 7 1 FTP server 4 7 1 1 Configuring the FTP server function CP configuration Configure the FTP server function of the CP in the following parameter group With security functions disabled FTP ...

Страница 43: ...45 1 V1 0 Name of the directory mmc_cpu1 Access to the following folders of the SIMATIC memory card is possible DATALOGS Directory for log files RECIPES Directory for recipe files Note FTP access to the SIMATIC memory card of the CPU CPU STOP possible Note that the cards have a limited capacity If the memory space of the SIMATIC memory card is completely occupied due to storage of large amounts of...

Страница 44: ... CPU DB File name Comment Meaning Assignment of the CPU Selectable from drop down list No of the data block file DB Selectable from drop down list The file name assigned to the file DB Automatic name pro posal entry can edita ble Informal comment Example cpu1 PLC_1 20 cpu1_db20 dat Measured values plant 1 Notes on the syntax The following applies to the file name of a file DB The file name begins ...

Страница 45: ...CP V2 x V2 x As soon as the station obtains a CPU V1 x or CP V1 x you must use FTP_CMD in the older version V1 x e g V1 4 To do this change the version of the SIMATIC NET CP library to V3 4 You can then select an older version of the block The table below shows the compatibility Table 4 1 Compatibility of the block FTP_CMD with versions of the CPU and CP FTP_CMD CPU CP 1543 1 V1 5 V1 x Any V1 5 An...

Страница 46: ...available for the connection establishment using the following types of access FTP_CONNECT_IPV4 Connection establishment with IP addresses according to IPv4 FTP_CONNECT_IPV6 Connection establishment with IP addresses according to IPv6 FTP_CONNECT_NAME Connection establishment with server name DNS Data transfer For the data transfer two different data structures are available FTP_FILENAME Data stru...

Страница 47: ...arks REQ Input BOOL E A M DB L Starts the send job on a rising edge ID INPUT INT 1 2 64 The FTP jobs are handled on FTP connec tions The parameter identifies the connection being used CMD INPUT BYTE See following table Commands FTP command to be executed when the in struction is called You will find value ranges for the FTP command types after the table The FTP command specified here must be speci...

Страница 48: ...ile DB already exists on the FTP server it will be overwritten 3 RETRIEVE FTP_FILENAME This function call transfers a file from the FTP server to the FTP client S7 CPU Caution If the data block file DB on the FTP client already contains a file it will be overwritten 4 DELETE FTP_FILENAME With this function call you delete a file on the FTP server 5 QUIT With this function call you close the FTP co...

Страница 49: ...ter Type Range of values Meaning remarks InterfaceID HW_ANY Module start address When you call an instruction you transfer the module start address of the CP in the LADDR parameter You will find the module start address of the CP in the configuration of the CP under Proper ties Addresses Inputs ID CONN_OUC 1 2 64 The FTP jobs are handled on FTP connections The pa rameter identifies the connection ...

Страница 50: ...tion of the CP under Proper ties Addresses Inputs ID CONN_OUC 1 2 64 The FTP jobs are handled on FTP connections The pa rameter identifies the connection being used ConnectionType BYTE 0 Connection type FTP ActiveEstablishment BOOL TRUE TRUE active connection establishment FTPCmd BYTE 1 FTP command CONNECT FTP command that executes when the instruction is called You can find the value ranges for t...

Страница 51: ...re handled on FTP connections The pa rameter identifies the connection being used ConnectionType BYTE 0 Connection type FTP ActiveEstablishment BOOL TRUE TRUE active connection establishment FTPcmd BYTE 1 FTP command CONNECT FTP command that executes when the instruction is called You can find the value ranges for the command types in the section Input parameter FTP_CMD Page 47 Note The FTP comman...

Страница 52: ...ment FTPcmd BYTE 2 3 4 6 FTP command STORE RETRIEVE DELETE APPEND FTP command that executes when the instruction is called You can find the value ranges for the command types in the section Input parameter FTP_CMD Page 47 Note The FTP command specified here must be specified identi cally in the CMD input parameter CertIndex BYTE 0 FTP 1 FTPS Here choose between the protocol types FTP or FTPS Note ...

Страница 53: ...n find the value ranges for the command types in the section Input parameter FTP_CMD Page 47 The FTP command specified here must be specified identi cally in the CMD input parameter CertIndex BYTE 0 FTP 1 FTPS Here choose between the protocol types FTP or FTPS Note on FTPS If the FTP server is configured outside the STEP 7 project of the FTP client the certificate must be imported from the FTP ser...

Страница 54: ...types execute the type UDT of the specified job block is therefore unimportant Note Response if the reference to the FTP job block is missing If this reference is not supplied the command is not executed The instruction remains blocked in an apparent execution status without any feedback to the user program on the interface 4 7 2 4 Output parameters and status information FTP_CMD Parameters BUSY D...

Страница 55: ... it is usually best to repeat the job in the user program 0 1 8183H The configuration does not match the job parameters 0 1 8401H Unknown error Possible causes A timeout was detected on the connection The FTP server has aborted the connection Remedy Send the QUIT and CONNECT commands again to re establish the connection 0 1 8402H The connection has an error status The timeout of the connection may...

Страница 56: ...connection resource available 0 1 8429H Unknown channel ID 0 1 8430H The file DB is too short 0 1 8431H Error when writing to the file DB 0 1 8432H Error when reading from the file DB 0 1 8433H Error when accessing the file DB 0 1 8434H Action was aborted 0 1 8435H Channel will be reset 0 1 8436H Unexpected server reply 0 1 8437H Certificate could not be verified 0 1 8438H Unknown error occurred 0...

Страница 57: ...the action on the FTP server 0 1 8492H The file already exists The file will not be overwritten 0 1 8496H A problem occurred reading the SSL CA certificate 0 1 8497H An unexpected error occurred in the SSH session 0 1 8498H It was not possible to terminate the SSL connection 0 1 8499H The socket is not ready for sending receiving Wait until it is ready and try again 0 1 8501H The SSL certificate c...

Страница 58: ...gth and structure Data consistency Make sure that you do not access the same file DB more than once at the same time Creating a file DB 1 Create a new data block in STEP 7 2 Open the block editor 3 In the block editor of the DB select the line you want to use as the start line for the file DB 4 In the Data type column enter the type FILE_DB_HEADER using the keyboard A data structure with the heade...

Страница 59: ...ocked The STORE and RETRIEVE FTP commands set LOCKED 1 when they are executed if the bit was previously at 0 The user program on the S7 CPU can also set or reset LOCKED during write access to achieve data consistency This results in mutual locking between the user program and FTP handling to ensure consistency Recommended sequence in the user program 1 Check LOCKED bit if 0 2 Set WRITEACCESS bit 0...

Страница 60: ...when EXIST 1 Updated by the FTP protocol handler with the FTP command processing of the server DATE_TIME DATE_AND_TIME Date and time of the last modifica tion to the file The content of this field is only valid when EXIST 1 The current date is updated following a write access If the function for forwarding the time of day is used the entry corresponds to the time that was passed on If the function...

Страница 61: ...d roles After logging on this user can make the necessary settings in the STEP 7 project In the future continue to log on as this user when working on security parameters 4 8 2 VPN The VPN parameter group of the module is only displayed when you assign the module to a VPN group in the global security functions What is VPN Virtual Private Network VPN is a technology for secure transportation of con...

Страница 62: ...o servers is possible without being accessible to third parties end to end or host to host connection Ensuring information security in networked automation systems Securing the computer systems including the associated data communication within an automation network or secure remote access via the Internet Secure remote access from a PC programming device to automation devices or networks protecte...

Страница 63: ...d to work through the following steps 1 Create a security user If the security user has already been created Log on as a user 2 Select the Activate security features check box 3 Create the VPN group and assign security modules 4 Configure properties of the VPN group Configure local VPN properties of the two CPs You will find a detailed description of the individual steps in the following paragraph...

Страница 64: ...eate a VPN group Result A new VPN group is displayed below the selected entry 3 In the global security settings double click on the entry VPN groups Assign module to a VPN group 4 Assign the security modules between which VPN tunnels will be established to the VPN group Configuring properties of the VPN group 1 Double click on the newly created VPN group Result The properties of the VPN group are ...

Страница 65: ...tunnel communication to a lower level internal node This communication establishment to a non existing node prevents the required communication being established to the CP To establish successful VPN tunnel communication to the CP you need to disable the internal node Use the procedure for disabling the node as explained below only if the described problem occurs Disable the node in the SOFTNET Se...

Страница 66: ...t checked by the IP firewall layer 3 This means that with suitable MAC firewall rules IP communication can be restricted or blocked See also Programmed connections Restriction of firewall rules Page 40 Virtual interface of the CPU Page 37 4 8 3 2 Notation for the source IP address advanced firewall mode If you specify an address range for the source IP address in the advanced firewall settings of ...

Страница 67: ...nloading to station with the firewall activated Setting the firewall for online functions With the security functions enabled follow the steps outlined below 1 In the global security settings see project tree select the entry Firewall Services Define services for IP rules 2 Select the ICMP tab 3 Insert a new entry of the type Echo Reply and another of the type Echo Request 4 Now select the CP in t...

Страница 68: ...h you may not be able to achieve the maximum performance for the communication The high number of output error messages can delay or prevent the processing of the communications connections In Security Log settings Configure system events set the Level parameter to the value 3 Error to ensure the reliable establishment of the communications connections 4 9 Program blocks for OUC Programming Open U...

Страница 69: ...ram block TCON must be called for each connection A separate connection must be established for each communications partner even if identical blocks of data are being sent After a successful transfer of the data a connection can be terminated A connection is also terminated by calling TDISCON Note Connection abort If an existing connection is aborted by the communications partner or due to disturb...

Страница 70: ...ve For transferring frames via ISO transport TMail_V4 For transferring e mails addressing the e mail server using an IPv4 address TMail_V6 For transferring e mails addressing the e mail server using an IPv6 address TMail_FQDN For transferring e mails addressing the e mail server using the host name TMail_V4_SEC For secure transfer of e mails addressing the e mail server using an IPv4 address TMail...

Страница 71: ...ns via the Online Diagnostics shortcut menu Using the online functions you can read various diagnostics information of the module from an engineering station on which the STEP 7 project is stored and perform maintenance functions You will find additional information on the diagnostics functions of STEP 7 in the STEP 7 information system Diagnostics Here you can obtain the following static informat...

Страница 72: ...TPS These pages provide various information For access to the content see Guide to the documentation Page 9 SNMP You will find detailed information about the supported functions in the section Diagnostics with SNMP Page 73 5 2 Connect online Online functions Together with STEP 7 the CP offers various diagnostic and maintenance functions at the engineering station ES The ES and the CP must be in th...

Страница 73: ...in using the Disconnect button See also Online functions Page 67 5 3 Diagnostics with SNMP Requirement The requirement for using SNMP is the enabling of the function in the configuration SNMP Simple Network Management Protocol SNMP is a protocol for diagnostics and managing networks and nodes in the network To transmit data SNMP uses the connectionless UDP protocol The information on the propertie...

Страница 74: ...s Automation MIB Note the rights for writing to the MIB objects see the next section SNMPv3 Supported MIB objects in SNMPv3 If SNMPv3 is enabled the CP returns the contents of the following MIB objects MIB II acc to RFC1213 The CP supports the following groups of MIB objects System Interfaces The Interfaces MIB object provides status information about the CP interfaces IP IPv4 IPv6 ICMP TCP UDP SN...

Страница 75: ...ity names SNMPv1 TCP uses the following community strings to control the permissions for access to the SNMP agent Table 5 1 Access rights in the SNMP agent Type of access Community string Read access public Read and write access private Note the use of lowercase letters Note Security of the access For security reasons change the generally known strings public and private 5 4 Update firmware New fi...

Страница 76: ...completion of the firmware update can be recognized from the LEDs see below Loading the firmware with the online functions of STEP 7 via Ethernet Requirements The CPU of the station is accessible via Ethernet The engineering station and the CPU are located in the same subnet The new firmware file is stored on your engineering station The engineering station is connected to the network The relevant...

Страница 77: ...e Guide to the documentation Page 9 Requirements You have copied the new firmware file from your PC to the SD card using a suitable card reader Optional You have saved a backup file of the currently used firmware file Procedure 1 Set the operating mode switch of the CPU to STOP Ensure that no write functions e g online or test functions are active in the STOP state 2 Remove the SIMATIC Memory Card...

Страница 78: ...in the IP configuration of the CP is to obtain the IP address from a DHCP server Note Recommendation Configuring a client ID When replacing modules remember that the factoryset MAC address of the new module is different from the previous module When the factory default MAC address of the new module is sent to the DHCP server the DHCP server returns a different or no IP address Ideally you should t...

Страница 79: ...hment to Industrial Ethernet Number 1 x Ethernet gigabit interface Design RJ 45 jack Transmission speed 10 100 1000 Mbps Electrical data Power supply via S7 1500 backplane bus 15 V Current consumption From backplane bus 350 mA Power dissipation 5 3 W Insulation Insulation tested with 707 VDC type test Design dimensions and weight Module format Compact module S7 1500 single width Degree of protecti...

Страница 80: ...g 180 Max 45 m IE TP Torsion Cable with IE FC RJ45 10 m TP Cord via IE FC RJ45 Outlet 0 85 m Max 85 m IE FC TP Marine Trailing Flexible FRNC Festoon Food Cable with IE FC RJ45 Plug 180 Max 75 m IE FC TP Marine Trailing Flexible FRNC Festoon Food Cable 10 m TP Cord via IE FC RJ45 Outlet 0 100 m Max 100 m IE FC TP Standard Cable with IE FC RJ45 Plug 180 Max 90 m IE FC TP Standard Cable 10 m TP Cord ...

Страница 81: ...e harmonized European standards EN for programmable logic controllers which are published in the official documentation of the European Union 2014 34 EU ATEX explosion protection directive Directive of the European Parliament and the Council of 26 February 2014 on the approximation of the laws of the member states concerning equipment and protective systems intended for use in potentially explosiv...

Страница 82: ...Part 7 Equipment protection by increased safety e You can see the current versions of the standards in the IECEx certificate that you can find on the Internet at the following address Link https support industry siemens com cs ww en ps 15340 cert The conditions must be met for safe usage of the product according to the section Notes on use in hazardous areas according to ATEX IECEx Page 26 You sho...

Страница 83: ...dules in a Zone 2 Hazardous Area that you will find here On the SIMATIC NET Manual Collection DVD under All documents Use of subassemblies modules in a Zone 2 Hazardous Area On the Internet at the following address Link https support industry siemens com cs ww en view 78381013 EMC The product meets the requirements of the EC Directive 2014 30 EU Electromagnetic Compatibility EMC directive Applied ...

Страница 84: ...ed Locations Underwriters Laboratories Inc cULus IND CONT EQ FOR HAZ LOC Applied standards ANSI ISA 12 12 01 CSA C22 2 No 213 M1987 APPROVED for Use in Cl 1 Div 2 GP A B C D T3 T6 Cl 1 Zone 2 GP IIC T3 T6 Ta Refer to the temperature class on the type plate of the CP Report UL file E223122 NRAG NRAG7 Note the conditions for the safe deployment of the product according to the section Notes on use in...

Страница 85: ...norme NMB 003 du Canada MSIP 요구사항 For Korea only A급 기기 업무용 방송통신기자재 이 기기는 업무용 A급 전자파 적합기기로서 판매자 또는 사용자는 이 점을 주의하시기 바라며 가정 외의 지역에서 사용하는것을 목적으로 합니다 Note that in terms of the emission of interference this device corresponds to limit class A This device can be used in all areas except for residential environments Current approvals SIMATIC NET products are regularly submitted to the relevant authorities...

Страница 86: ...Approvals CP 1543 1 86 Operating Instructions 12 2019 C79000 G8976 C289 08 ...

Страница 87: ...iguration via T_CONFIG 20 Pin assignment 29 F FETCH WRITE 12 35 S5 S7 addressing mode 14 FETCH WRITE connections 16 Firewall 14 Firmware version 3 FTP 35 Response if the reference to the FTP job block is missing 54 FTP FTP client 15 FTP client Configuration limits 18 FTP server Configuration limits 18 FTP_CMD 45 Block execution time 18 FTPS 14 FTPS Security 42 G Gateway VPN 65 Gigabit specificatio...

Страница 88: ...Additional 19 Program blocks max Data length 16 Programmed communications connections 40 Programmed connections Quantity 17 PUT GET 35 R Recycling 6 RUN STOP 29 S S5 S7 addressing mode 14 S7 communication 11 S7 connections 11 15 Number of freely usable 17 Safety notices 25 Security diagnostics 68 SIMATIC NET 10 SIMATIC NET glossary 6 SMTPS 15 SNMP 73 SNMP agent 12 SNMPv3 15 Special notes Connectin...

Страница 89: ...Index CP 1543 1 Operating Instructions 12 2019 C79000 G8976 C289 08 89 VPN Virtual Private Network Areas of application 62 Cell protection concept 62 W Web server 13 ...

Страница 90: ...Index CP 1543 1 90 Operating Instructions 12 2019 C79000 G8976 C289 08 ...

Отзывы:

Нет отзывов

Похожие инструкции для CP 1543-1

ControlMaster CM15

Бренд: ABB Страницы: 28

Бренд: ICP DAS USA Страницы: 4

Бренд: ICP DAS USA Страницы: 6

EIP-2000 Series

Бренд: ICP DAS USA Страницы: 19

Бренд: Patron Страницы: 17

Бренд: Yoshitake Страницы: 4

Бренд: YOKOGAWA Страницы: 20

UTAdvanced UT32A

Бренд: YOKOGAWA Страницы: 3

Бренд: CAME Страницы: 2

Smart Control Panel 880RGD

Бренд: Raynor Страницы: 4

Бренд: Seiko Страницы: 30

ASC G Wi-Fi kit

Бренд: Waeco Страницы: 386

Бренд: M-system Страницы: 7

Бренд: Engineering Solutions Страницы: 34

VBA-2E-G11-I/U/PT100-F

Бренд: Pepperl+Fuchs Страницы: 24

NovoCon S Digital

Бренд: Danfoss Страницы: 2

Expedition Double Jogger

Бренд: BABYTREND Страницы: 18

TITAN-TRACKSIDE-3

Бренд: Remote Control Systems Страницы: 4

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды