Page 1 Communication...
Page 2 Preface Function manuals Documentation Guide SIMATIC Product overview Communications services S7-1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro PG communication Communication HMI communication Function Manual Open User Communication S7 communication Point-to-point link OPC UA communication Routing Connection resources Diagnostics and fault correction Communication with the redundant system S7-...
Page 3 Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.
Page 4: Preface
● Knowledge about how to use STEP 7 (TIA Portal) Scope of the documentation This documentation is the basic documentation for all products of the SIMATIC S7-1500, ET 200MP, ET 200SP, ET 200AL and ET 200pro systems. The product documentation is based on this documentation.
Page 5 (Page 324) Scope of the function manual Functions with which you are familiar from the Redundant System S7-1500R/H expanded to include the redun- SIMATIC S7-1500 automation system are im- System Manual dant system S7-1500R/H plemented for the redundant system (https://support.industry.siemens.co S7-1500R/H.
Page 6 Preface What's new in the Communication Function Manual, Edition 12/2017 compared to Edition 09/2016 What's new? What are the customer benefits? Where can I find the information? OPC UA Companion Specifica- Through OPC UA Companion Specification, Section OPC UA server interface tion methods can be specified in a uniform and configuration (Page 199)
Page 7 Siemens' products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customers' exposure to cyber threats.
Page 8 This information is provided by the Siemens Industry Online Support in the Internet (http://www.siemens.com/automation/service&support). Industry Mall The Industry Mall is the catalog and order system of Siemens AG for automation and drive solutions on the basis of Totally Integrated Automation (TIA) and Totally Integrated Power (TIP).
Page 9: Table Of Contents
Table of contents Preface ..............................3 Function manuals Documentation Guide ....................12 Product overview ............................. 14 Communications services ........................19 Overview of communication options ..................19 Communications protocols and port numbers used for Ethernet communication ....22 Overview of connection resources ..................27 Setting up a connection ......................
Page 10 Table of contents 6.11 Secure Open User Communication ..................92 6.11.1 Secure OUC of an S7-1500 CPU as TLS client to an external PLC (TLS server) ....92 6.11.2 Secure OUC of an S7-1500 CPU as TLS server to an external PLC (TLS client) ....95 6.11.3 Secure OUC between two S7-1500 CPUs ................
Page 11 Table of contents 9.3.4 OPC UA server interface configuration ................199 9.3.4.1 What is a server interface? ....................199 9.3.4.2 Creating a user-defined server interface ................201 9.3.4.3 Using OPC UA companion specifications ................206 9.3.4.4 Rules for OPC UA XML files ....................213 9.3.4.5 Data types for companion specifications ................
Page 12 Table of contents Connection resources ..........................307 11.1 Connection resources of a station ..................307 11.2 Allocation of connection resources ..................311 11.3 Display of the connection resources ..................316 Diagnostics and fault correction ......................320 12.1 Connection diagnostics ......................320 12.2 Emergency address ......................
Page 13: Function Manuals Documentation Guide
Function manuals Documentation Guide The documentation for the SIMATIC S7-1500 automation system, for CPU 1516pro-2 PN based on SIMATIC S7-1500, and for the distributed I/O systems SIMATIC ET 200MP, ET 200SP and ET 200AL is divided into three areas. This division allows you easier access to the specific information you require.
Page 14 You must register once to use the full functionality of "mySupport". You can find "mySupport" on the Internet (https://support.industry.siemens.com/My/ww/en). Application examples The application examples support you with various tools and examples for solving your automation tasks.
Page 15: Product Overview
Product overview CPUs, communications modules and processors, and PC systems of the S7-1500, ET 200MPET 200SPET 200pro and ET 200AL systems provide you with interfaces for communication via PROFINET, PROFIBUS and point-to-point connections. CPUs, communications modules and communications processors PROFINET and PROFIBUS DP interfaces are integrated in the S7-1500 CPUs. The CPU 1516-3 PN/DP for example has two PROFINET interfaces and one PROFIBUS DP interface.
Page 16 Product overview Interfaces of communications modules Interfaces of communications modules (CMs) extend the interfaces of CPUs (for example, the communication module CM 1542-5 adds a PROFIBUS interface to S7-1500 automation system). ① PROFIBUS DP interface Figure 2-2 PROFIBUS DP interface of the CM 1542-5 and CM DP (to an ET 200SP CPU) Communication Function Manual, 11/2019, A5E03735815-AH...
Page 17 Product overview Interfaces of communications processors Interfaces of communication processors (CP) offer additional functionality to what is provided by the integrated interfaces of the CPUs. CPs allow special applications, for example the CP 1543-1 provides Industrial Ethernet security functions for protecting Industrial Ethernet networks via its Industrial Ethernet interface.
Page 18 Product overview Interfaces of communications modules for point-to-point connections The communication modules for point-to-point connections provide communication via their RS 232-, RS 422- and RS 485 interfaces, for example, Freeport or Modbus communication. ① Interface for point-to-point connections Figure 2-4 Example of interface for point-to-point connection at the CM PtP RS422/485 BA Communication Function Manual, 11/2019, A5E03735815-AH...
Page 19 Product overview Interfaces of interface modules PROFINET and PROFIBUS DP interfaces of the interface modules (IM) in ET 200MP, ET 200SP and ET 200AL are used to connect the distributed I/O ET 200MP, ET 200SP and ET 200AL to PROFINET or PROFIBUS of the higher-level IO controller or DP master. ①...
Page 20: Communications Services
Communications services Overview of communication options Overview of communications options The following communications options are available for your automation task. Table 3- 1 Communications options Communications options Functionality Via interface: PN/IE serial PG communication On commissioning, testing, diagnostics HMI communication On operator control and monitoring Open communication via TCP/IP Data exchange via PROFINET/Industrial Ethernet...
Page 21 Communications services 3.1 Overview of communication options Communications options Functionality Via interface: PN/IE serial Open communication via ISO (only CPs Data exchange via PROFINET/Industrial Ethernet with PROFINET/Industrial Ethernet with the ISO protocol interface) Instructions: TSEND_C/TRCV_C • TSEND/TRCV • TCON • T_DISCON •...
Page 22 ● Application example: CPU-CPU communication with SIMATIC controllers (compendium) You can find the application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/20982954). ● This FAQ (https://support.industry.siemens.com/cs/ww/en/view/102420020) describes how to configure fetch/write communication via CP1543-1 with S7-1500. ● Additional information about the Fetch/Write services is available in the STEP 7 online help.
Page 23: 3.2 Communications Protocols And Port Numbers Used For Ethernet Communication
Communications services 3.2 Communications protocols and port numbers used for Ethernet communication Communications protocols and port numbers used for Ethernet communication This section provides an overview of the supported protocols and port numbers used for communication over PN/IE interfaces. For each protocol the address parameters, the respective communications layer as well as the communications role and the communications direction are specified.
Page 24 Communications services 3.2 Communications protocols and port numbers used for Ethernet communication Protocol Port num- (2) Link layer Function Description (4) Transport layer PTCP Not relevant (2) Ethertype PROFINET PTCP provides a time delay measure- 0x8892 ment between RJ45 ports and thus send Precision send clock and time syn- (PROFINET)
Page 25 Communications services 3.2 Communications protocols and port numbers used for Ethernet communication Protocol Port num- (2) Link layer Function Description (4) Transport layer Modbus (4) TCP Modbus/TCP protocol Modbus/TCP is used by MB_CLIENT/MB_SERVER instructions in the user program. Modbus Transmission Control Proto- OPC UA 4840...
Page 26 Communications services 3.2 Communications protocols and port numbers used for Ethernet communication The following table shows the protocols that are supported by the S7-1500 software controller via the Ethernet interfaces assigned to Windows. Table 3- 3 Layers and protocols of the S7-1500 Software Controller (via Ethernet interface on the Windows side) Protocol Port num- (2) Link layer...
Page 27 Communications services 3.2 Communications protocols and port numbers used for Ethernet communication Protocol Port num- (2) Link layer Function Description (4) Transport layer IGMPv2 Not relevant (3) Network layer Internet Group Man- Network protocol for the organization of mul- agement Protocol ticast groups.
Page 28: Overview Of Connection Resources
Communications services 3.3 Overview of connection resources Overview of connection resources Connection resources Some communications services require connections. Connections allocate resources on the CPUs, CPs and CMs involved (for example memory areas in the CPU operating system). In most cases one resource per CPU/CP/CM is allocated for a connection. In HMI communication, up to 3 connection resources are required per HMI connection.
Page 29 Communications services 3.4 Setting up a connection Setting up a programmed connection You set up the programmed connection in the program editor of STEP 7 in the context of a CPU by assigning instructions for communication, for example TSEND_C. When specifying the connection parameters (in the Inspector window, in the properties of the instruction), you are supported by the easy-to-use user interface.
Page 30 Communications services 3.4 Setting up a connection Setting up a configured connection You set up the configured connection in the network view of the Devices & networks editor of STEP 7 in the context of a CPU or a software controller. Figure 3-2 Configured setup Communication...
Page 31 Communications services 3.4 Setting up a connection Effects on the connection resources of the CPU You can often choose between a configured or a programmed connection. Programmed connection setup allows connection resources to be released following data transfer. Like routed connections, programmed connections are not guaranteed, meaning that they are only established when resources are available.
Page 32: Data Consistency
Communications services 3.5 Data consistency Data consistency Definition Data consistency is important for data transfer and you need to take this into account when configuring the communication task. Otherwise, malfunctions may occur. A data area which cannot be modified by concurrent processes is called a consistent data area.
Page 33 Communications services 3.5 Data consistency The following figure shows a data area that is larger than the maximum size of the consistent data area. In this case, the data can be changed during an interruption of the data transfer. An interruption also occurs if, for example, the data area needs to be transferred in several parts.
Page 34 Communications services 3.5 Data consistency System-specific maximum data consistency for S7-1500: No inconsistency occurs if the system-specific maximum size of the consistent data is kept to. With an S7-1500, communication data is copied consistently into or out of the user memory in blocks of up to 512 bytes during the program cycle.
Page 35: Secure Communication
Communications services 3.6 Secure Communication Secure Communication 3.6.1 Basics of Secure Communication For STEP 7 (TIA Portal) as of V14 and for S7-1500 CPUs as of firmware V2.0, the options for secure communication have been broadened considerably. Introduction The attribute "secure" is used for the identification of communication mechanisms that are based on a Public Key Infrastructure (PKI) (for example RFC 5280 for Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile).
Page 36 Communications services 3.6 Secure Communication Common principles of secure communication Independent of the context, secure communication is based on the concept of the Public Key Infrastructure (PKI) and contains the following components: ● An asymmetric encryption scheme that allows: – Encryption or decryption of messages using public or private keys. –...
Page 37: Confidentiality Through Encryption
Communications services 3.6 Secure Communication The figure below shows the TLS protocol in the context of communication layers. Figure 3-6 TLS protocol in the context of communication layers Secure communication with OPC UA An OPC UA server is implemented in S7-1500 CPUs as of firmware V2.0. OPC UA Security also covers authentication, encryption and data integrity with digital X.509 certificates and also uses a Public Key Infrastructure (PKI).
Page 38 Communications services 3.6 Secure Communication Symmetric encryption The central aspect of symmetric encryption is that both communication partners use the same key for message encryption and decryption, as shown in the figure below. Bob uses the same key for encryption as Alice uses for decryption. In general, we also say that the two sides share the secret key with which they encrypt or decrypt a message as a secret.
Page 39 Communications services 3.6 Secure Communication Asymmetric encryption Asymmetric encryption works with a pair of keys consisting of one public key and one private key. Used with a PKI, it is also known as Public Key cryptography or simply PKI cryptography. A communication partner, Alice in the figure below, has a private key and a public key.
Page 40: Authenticity And Integrity Through Signatures
Communications services 3.6 Secure Communication Encryption processes in practice In practice, for example with a CPU Web server and Secure Open User Communication, the TLS protocol is used below the relevant application layer. Application layers are HTTP or SMTP, for example, as detailed above. TLS (Transport Layer Security) uses a combination of asymmetric encryption and symmetric encryption (hybrid encryption) for secure data transfer, for example, over the Internet, and uses the following subprotocols:...
Page 41 Communications services 3.6 Secure Communication How certificates establish trust The main role of X.509 certificates is to bind an identity with the data of a certificate subject (for example, e-mail address or computer name) to the public key of the identity. Identities can be people, computers or machines.
Page 42 Communications services 3.6 Secure Communication Features of self-signed certificates The "CN" (Common Name of Subject) for the certificate subject and "Issuer" attributes of self-signed certificates are identical: You have signed your certificate yourself. The field "CA" (Certificate Autority) must be set to "False"; the self-signed certificate should not be used to sign other certificates.
Page 43 Communications services 3.6 Secure Communication Verifying a signature: 1. The authenticator of the "MyCert" certificate obtains the certificate of the issuer and thus the public key. 2. A new hash value is formed from the certificate data with the same hash algorithm that was used for signing (for example SHA-1).
Page 44: Managing Certificates With Step 7
Communications services 3.6 Secure Communication Chain of certificates to root certificate The certificates of a PKI are often organized hierarchically: The top of the hierarchy is formed by root certificates. Root certificates are certificates that are not signed by a higher- level certificate authority.
Page 45 Communications services 3.6 Secure Communication Creating or assigning certificates You create certificates for various applications in STEP 7 for devices with security properties, such as an S7-1500 CPU as of firmware V2.0. The following areas in the Inspector window of the CPU allow the creation of new certificates or the selection of existing ones: ●...
Page 46 Communications services 3.6 Secure Communication Special features of the section "Protection & Security > Certificate manager" Only in this section of the Inspector window do you switch between the global, i.e. project- wide, and the local, i.e. device-specific, certificate manager (option "Use global security settings for the certificate manager").
Page 47 Communications services 3.6 Secure Communication When you double-click "User login" in the project tree below the global security settings and log in, a line called "Certificate manager" is displayed, among other data. When you double-click the "Certificate manager" line, you obtain access to all the certificates in the project, divided into the tabs "CA"...
Page 48: Examples For The Management Of Certificates
Communications services 3.6 Secure Communication 3.6.5 Examples for the management of certificates. As explained in the preceding sections, certificates are required for every type of secure communication. The following section shows as an example how you handle the certificates with STEP 7 so that the requirements for Secure Open User Communication are fulfilled. The devices which are involved at the respective communication partners are differentiated below.
Page 49 Communications services 3.6 Secure Communication Procedure STEP 7 automatically loads the required CA certificates together with the hardware configuration to the participating CPUs so that the requirements for certificate verification exist for both CPUs. You therefore only have to generate the device certificates for the respective CPU;...
Page 50 Communications services 3.6 Secure Communication Using self-signed certificates instead of CA certificates When creating device certificates you can select the "Self-signed" option. You can create self-signed certificates without being logged in for the global security settings. This procedure is not recommended because the resulting certificates do not exist in the global certificate memory and can therefore not be assigned directly to a partner CPU.
Page 51 Communications services 3.6 Secure Communication Secure Open User Communication between S7-1500 CPU as a TLS client and an external device as a TLS server Two devices are to exchange data with each other via TLS connection or TLS session, for example, exchanging recipes, production data or quality data: ●...
Page 52 Communications services 3.6 Secure Communication Optionally the MES system can also request a device certificate of the CPU to authenticate the CPU (i.e., the TLS client). In this case, the CA certificates of the CPU must be made available to the MES system. The prerequisite for importing the certificates into the MES system is a preceding export of the CA certificates from the STEP 7 project of the CPU.
Page 53 Communications services 3.6 Secure Communication Secure Open User Communication to a mail server (SMTP over TLS) An S7-1500 CPU can establish a secure connection to an e-mail server with the communication instruction TMAIL-C. The system data types TMail_V4_SEC and TMail_QDN_SEC allow you to determine the partner port of the e-mail server and thus to reach the e-mail server via "SMTP over TLS".
Page 54: Example: Http Over Tls
Communications services 3.6 Secure Communication 3.6.6 Example: HTTP over TLS The following paragraphs show how the mechanisms described are used to establish a secure communication between a Web browser and the Web server of an S7-1500 CPU. Initially the changes for the "Permit access only with HTTPS" option in STEP 7 are described.
Page 55 Communications services 3.6 Secure Communication Loading the Web server certificate The server certificate generated by STEP 7 is then automatically also loaded to the CPU when the hardware configuration is loaded. ● If you use the certificate manager in the global security settings, the certificate authority of the project (CA certificate) signs the server certificate of the Web server: During loading the CA certificate of the project is loaded as well automatically.
Page 56 Communications services 3.6 Secure Communication Course of the secure communication The figure below shows, in simplified terms, how communication is established ("handshake") focusing on the negotiation of keys used for data exchange (here with HTTP over TLS). However, the course can be applied to all communication options that are based on the usage of TLS, i.e.
Page 57 Communications services 3.6 Secure Communication The steps for verifying the authenticity of the Web server: 1. Alice must know the public keys of all relevant certificate authorities, which means she requires the complete certificate chain to verify the Web server certificate (i.e. the end- entity certificate of the Web server): Alice will generally have the required root certificate in her certificate memory.
Page 58: Snmp
Which SNMP requests the S7-1500 CPUs and the S7-1200 CPUs can receive, is described in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/79993228). SNMP uses the transport protocol UDP. SNMP recognizes two network components, the SNMP manager and the SNMP client. The SNMP manager monitors the network nodes: The SNMP clients collect the various network-specific information in the individual network nodes and store it in a structured form in the MIB (Management Information Base).
Page 59: Example: Disabling Snmp For A Cpu 1516-3 Pn/Dp
Communications services 3.7 SNMP 3.7.2 Example: Disabling SNMP for a CPU 1516-3 PN/DP Task As the security guidelines in your network do not allow SNMP, you want to disable SNMP for a CPU 1516-3 PN/DP. Requirements ● CPU 1516-3 PN/DP with firmware version V2.0 ●...
Page 60 Communications services 3.7 SNMP In the following program code, the data record B071 is transferred with the WRREC instruction in a REPEAT UNTIL loop. ORGANIZATION_BLOCK "Startup" TITLE = "Complete Restart" { S7_Optimized_Access := 'TRUE' } VERSION : 0.1 BEGIN REPEAT "WRREC_DB_1"...
Page 61: Pg Communication
PG communication Properties Using PG communication, the CPU or another module capable of communication exchanges data with an engineering station (for example PG, PC). The data exchange is possible via PROFIBUS and PROFINET subnets. The gateway between S7 subnets is also supported. PG communication provides functions needed to load programs and configuration data, run tests, and evaluate diagnostic information.
Page 62 PG communication 3. In the "Go online" dialog, make the following settings for your online connection: – Select interface type (e.g. PN/IE) in the "Type of PG/PC interface" drop-down list. – In the "PG/PC interface" drop-down list, select the PG/PC interface (e.g. Ind. Ethernet card) you want to use to establish the online connection.
Page 63 PG communication 4. Click "Start search". All devices that you can address with PG communication appear shortly thereafter in the table "Compatible devices in target subnet". 5. In the "Compatible devices in target subnet" table, select the relevant CPU and confirm with "Go online".
Page 64: Hmi Communication
HMI communication Properties Using HMI communication, one or more HMI devices (for example HMI Basic/Comfort/Mobile Panel) exchanges data with a CPU for operator control and monitoring with via the PROFINET or PROFIBUS DP interface. The data exchange is via HMI connections.
Page 65 HMI communication 4. In the "Connections" tab, select the row of the HMI connection. In the "General" area of the "Properties" tab, you see the properties of the HMI connection, some of which you can change. Figure 5-1 Setting up HMI communication 5.
Page 66: Open User Communication
Open User Communication Overview of Open User Communication Features of Open User Communication Through Open User Communication, also called "open communication", the CPU exchanges data with another device capable of communication. Open User Communication has the following features and characteristics: ●...
Page 67: Protocols For Open User Communication
Open User Communication 6.2 Protocols for Open User Communication Protocols for Open User Communication Protocols for Open User Communication The following protocols are available for open communication: Table 6- 1 Transport protocols for open communication Transport protocol Via interface TCP according to RFC 793 PROFINET/Industrial Ethernet ISO-on-TCP according to RFC 1006 (Class 4) PROFINET/Industrial Ethernet...
Page 68 S7 devices. The communication is controlled by instructions in the user program at the client end. Application example: MQTT Publisher for the SIMATIC S7-1500 CPU The "Message Queue Telemetry Transport" (MQTT) is a simple protocol on the TCP/IP level. It is suitable for the exchange of messages between devices with lower functionality and for the transfer via unreliable networks.
Page 69: Instructions For Open User Communication
In addition to the library, an application example is provided that shows you how to generate Syslog messages in your controller and send them to the Syslog server. You can find the block library "LSyslog" and the associated application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/51929235). Instructions for Open User Communication Introduction...
Page 70 – E-mail – FTP You can modify the connection parameters in the "connection description DB". This FAQ (https://support.industry.siemens.com/cs/ww/en/view/58875807) describes how to program the TCON instruction to set up a connection for Open User Communication between two S7-1500 CPUs. Protocols, system data types and employable instructions for programmed setup The following table shows the protocols of the Open User Communication and the matching system data types and instructions.
Page 71 Open User Communication 6.3 Instructions for Open User Communication Protocol System data type Instructions Modbus TCP TCON_IP_v4 MB_CLIENT • • TCON_QDN MB_SERVER • • TCON_Configured • E-mail TMAIL_v4 TMAIL_C • • TMAIL_v6 • TMAIL_FQDN • FTP_CONNECT_IPV FTP_CMD • • FTP_CONNECT_IPV •...
Page 72 ● T_DIAG: Check the connection Basic examples for Open User Communication The Siemens Online Support offers you function blocks (FBs) that facilitate the handling of the instructions of the Open User Communication. You can find the function block with corresponding examples on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109747710).
Page 73 Open User Communication 6.3 Instructions for Open User Communication Additional information The STEP 7 online help describes: ● The user and system data types ● The instructions for open communication ● The connection parameters You will find information about the allocation and release of connection resources in the section Allocation of connection resources (Page 311).
Page 74: Open User Communication With Addressing Via Domain Names
Open User Communication 6.4 Open User Communication with addressing via domain names Open User Communication with addressing via domain names As of firmware version V2.0, S7-1500 CPUs, ET 200SP CPUs and the CPUs 1513/1516pro-2 PN support Open User Communication with addressing via Domain Name System (DNS).
Page 75 Open User Communication 6.4 Open User Communication with addressing via domain names Setting up a TCP connection via the domain name of the communication partner For TCP communication via the domain name you need to create a data block with the TCON_QDN system data type yourself, assign parameters and call it directly at the instruction.
Page 76: Setting Up Open User Communication Via Tcp, Iso-On-Tcp, Udp And Iso
Open User Communication 6.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO Addressing a UDP connection via the domain name of the communication partner For S7-1500 CPUs as of firmware version V2.0, you can address the recipient with its fully qualified domain name (FQDN) when sending data via UDP.
Page 77 Open User Communication 6.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO 3. Select the "Connection parameters" group. Until you select a connection partner, only the empty drop-down list for the partner end point is enabled. All other input options are disabled.
Page 78 Open User Communication 6.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO 4. In the drop-down list box of the partner end point, select a connection partner. You can select an unspecified device or a CPU in the project as the communication partner. Certain connection parameters are then entered automatically.
Page 79 Open User Communication 6.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO 6. Select an existing connection description DB in the "Connection data" drop-down list or for configured connections select an existing connection under "Connection name". You can also create a new connection description DB or a new configured connection.
Page 80 Open User Communication 6.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO 7. Enter a connection ID as needed for the connection partner. No connection ID can be assigned to an unspecified partner. Note You must enter a unique value for the connection ID at a known connection partner. The uniqueness of the connection ID is not checked by the connection parameter settings and there is no default value entered for the connection ID when you create a new connection.
Page 81 Open User Communication 6.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO Configuring connections, e.g. for TSEND/TRCV If you want to use the instructions for TSEND/TRCV for open communication, for example, you first need to configure a connection (e.g. TCP connection). To configure a TCP connection, follow these steps: 1.
Page 82 Select CP 1543-1 ISO protocol Additional information The STEP 7 online help describes: ● The instructions for open communication ● The connection parameters This FAQ (https://support.industry.siemens.com/cs/ww/en/view/109479564) describes how the instructions TSEND_C and TRCV_C behave in the S7-1500. Communication Function Manual, 11/2019, A5E03735815-AH...
Page 83: Setting Up Communication Over Fdl
Open User Communication 6.6 Setting up communication over FDL Setting up communication over FDL Requirements ● Configuration software: STEP 7 Professional V14 ● End point of the connection: CPU S7-1500 firmware version V2.0 or higher with communication module CM 1542-5 with firmware version V2.0 Setting up a configured FDL connection Proceed as follows to set up a configured FDL connection in STEP 7: 1.
Page 84 Open User Communication 6.6 Setting up communication over FDL The figure below shows a fully configured FDL connection in STEP 7. Figure 6-6 Configuring the FDL connection Setting up an FDL connection in the user program For communication via FDL, you need to create the data block of the TCON_FDL system data type yourself in each case, assign parameters and call it directly at the instruction.
Page 85: Setting Up Communication With Modbus Tcp
Open User Communication 6.7 Setting up communication with Modbus TCP 4. Create a TCON instruction in the program editor. 5. Interconnect the CONNECT parameter of the TCON instruction with the tag of the data type TCON_FDL. In the example below, the CONNECT parameter of the TCON instruction is interconnected with the tag "FDL_Connection"...
Page 86 Open User Communication 6.7 Setting up communication with Modbus TCP 3. Select the required instruction, for example MB_CLIENT, from the "Instructions" task card, "Communication" area, "Other", "MODBUS TCP" and drag it to a network of OB1. 4. Assign the parameters of the MB_CLIENT or MB_SERVER instruction. Observe the following rules: An IPv4 server address must be specified for each MB_CLIENT connection.
Page 87 MB_CLIENT instruction. You can find more information on the MB_UNIT_ID parameter in the STEP 7 online help. Reference ● This FAQ (https://support.industry.siemens.com/cs/ww/en/view/94766380) describes how to program and configure the Modbus TCP communication between two S7-1500 CPUs. ● This FAQ (https://support.industry.siemens.com/cs/ww/en/view/102020340) describes how to program and configure Modbus TCP communication between an S7-1500 CPU and an S7-1200 CPU.
Page 88: Setting Up Communication Via E-Mail
Open User Communication 6.8 Setting up communication via e-mail Setting up communication via e-mail Setting up a connection for e-mail via the user program For communication using e-mail, you need to create the data block of the relevant system data type yourself, assign parameters and call the instruction directly. This procedure is introduced below.
Page 89: Setting Up Communication Via Ftp
Open User Communication 6.9 Setting up communication via FTP Setting up communication via FTP Setting up a connection for FTP via the user program For communication via FTP, you need to create the data block of the relevant system data type yourself, assign parameters and call the instruction directly.
Page 90 Open User Communication 6.9 Setting up communication via FTP Procedure for setting up FTP server functionality Requirement: The FTP server can be reached via the IPv4 network. 1. Configure an S7-1500 automation system with CPU and CP 1543-1 in the device view of the Devices &...
Page 91 Application examples ● Application example: FTP communication with S7-1500 and CP 1543-1 You can find the application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/103550797). ● Application example: FTP client communication with S7-1200/1500 You can find the application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/81367009).
Page 92: Establishment And Termination Of Communications Relations
Open User Communication 6.10 Establishment and termination of communications relations 6.10 Establishment and termination of communications relations Establishment and termination of communications The table below shows the establishment and termination of communications as part of open communication. Table 6- 5 Establishment and termination of communications Setting up the connection Establishing communication...
Page 93: Secure Open User Communication
Open User Communication 6.11 Secure Open User Communication 6.11 Secure Open User Communication 6.11.1 Secure OUC of an S7-1500 CPU as TLS client to an external PLC (TLS server) The following section describes how you can set up Open User Communication via TCP from an S7-1500 CPU as TLS client to a TLS server.
Page 94 Open User Communication 6.11 Secure Open User Communication 3. Set the connection parameters of the TCP connection in the "Start value" column. Enter the fully qualified domain name (FQDN) of the TLS server, for example, for "RemoteQDN". 4. Set the parameters for secure communication in the "Start value" column. –...
Page 95 Open User Communication 6.11 Secure Open User Communication 5. Create one of the instructions TSEND_C, TRCV_C or TCON in the program editor. 6. Interconnect the CONNECT parameter of one of the instructions TSEND_C, TRCV_C or TCON with the tags of the data type TCON_QDN_SEC. In the example below, the CONNECT parameter of the TCON instruction is interconnected with the tag "DNS connectionSEC"...
Page 96: Secure Ouc Of An S7-1500 Cpu As Tls Server To An External Plc (Tls Client)
Open User Communication 6.11 Secure Open User Communication 6.11.2 Secure OUC of an S7-1500 CPU as TLS server to an external PLC (TLS client) The following section describes how you can set up Open User Communication via TCP from an S7-1500 CPU as TLS server to a TLS client. Setting up a secure TCP connection via the domain name of the communication partner S7-1500 CPUs as of firmware version V2.0 support secure communication with addressing via a Domain Name System (DNS).
Page 97 Open User Communication 6.11 Secure Open User Communication 4. Set the parameters for secure communication in the "Start value" column. – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant. You can set up a non-secure TCP or UDP connection in this case.
Page 98: Secure Ouc Between Two S7-1500 Cpus
Open User Communication 6.11 Secure Open User Communication Additional information You can find more information about the system data types TCON_QDN_SEC in the STEP 7 online help. For additional information on secure communication, refer to the section Secure Communication (Page 34). 6.11.3 Secure OUC between two S7-1500 CPUs The following section describes how you can set Secure Open User Communication via TCP...
Page 99 Open User Communication 6.11 Secure Open User Communication Settings at the TLS client To set up a secure TCP connection in the TLS client, follow these steps: 1. Create a global data block in the project tree. 2. Define a tag of the data type TCON_IP_4_SEC in the global data block. The example below shows the global data block "Data_block_1"...
Page 100 Open User Communication 6.11 Secure Open User Communication 4. Set the parameters for secure communication in the "Start value" column. – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant. You can set up a non-secure TCP or UDP connection in this case.
Page 101 Open User Communication 6.11 Secure Open User Communication 4. Set the parameters for secure communication in the "Start value" column. – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant. You can set up a non-secure TCP or UDP connection in this case.
Page 102: Secure Ouc Via Cp Interface
Open User Communication 6.11 Secure Open User Communication 6.11.4 Secure OUC via CP interface The following sections describes the particular points to be taken into consideration in the case of Secure Open User Communication via a CP interface. At least one station is an S7-1500 station with the following modules: ●...
Page 103 Open User Communication 6.11 Secure Open User Communication Example: Setting up a secure TCP connection between two S7-1500 CPUs via CP interfaces For secure TCP communication between two S7-1500 CPs you need to create a data block with the TCON_IP_V4_SEC system data type yourself in every CPU, assign parameters and call it directly at one of the instructions TSEND_C, TRCV_C or TCON.
Page 104 Open User Communication 6.11 Secure Open User Communication Settings at the TLS client To set up a secure TCP connection in the TLS client, follow these steps: 1. Create a global data block in the project tree. 2. Define a tag of the data type TCON_IP_4_SEC in the global data block. To do so, enter the string "TCON_IP_V4_SEC"...
Page 105 Open User Communication 6.11 Secure Open User Communication 5. Create one of the instructions TSEND_C, TRCV_C or TCON in the program editor. 6. Interconnect the CONNECT parameter of one of the instructions TSEND_C, TRCV_C or TCON with the tags of the data type TCON_IP_V4_SEC. Settings at the TLS server To set up a secure TCP connection in the TLS server, follow these steps: 1.
Page 106 Open User Communication 6.11 Secure Open User Communication 4. Set the parameters for secure communication in the "Start value" column. – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant. You can set up a non-secure TCP or UDP connection in this case.
Page 107: Secure Ouc With Modbus Tcp
Open User Communication 6.11 Secure Open User Communication 6.11.5 Secure OUC with Modbus TCP For secure Modbus TCP connection you need to create a data block with one of the system data types TCON_IP_V4_SEC or TCON_QDN_SEC yourself, assign parameters and call it directly at the MB_Server or MB_CLIENT instruction.
Page 108: Secure Ouc Via E-Mail
Open User Communication 6.11 Secure Open User Communication 4. Set the parameters for secure communication in the "Start value" column. Enter the certificate ID of the CA certificate of the communication partner, for example, for "TLSServerCertRef". – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant.
Page 109 Open User Communication 6.11 Secure Open User Communication Process for establishing a secure connection to the mail server You can choose between two processes for establishing the secure connection to the mail server: ● SMTPS: The client attempts to immediately establish a TLS connection to the mail server ("handshake"...
Page 110 Open User Communication 6.11 Secure Open User Communication Example: Setting up a secure connection to a mail server over IPv4 The following section describes how to set up a secure connection to an IPv4 mail server with the TMAIL_C communication instruction. To set up a secure connection via the IP4 address of the mail server, follow these steps: 1.
Page 111 Open User Communication 6.11 Secure Open User Communication 4. Set the parameters for secure communication in the "Start value" column. Enter the certificate ID of the CA certificate of the communication partner, for example, for "TLSServerCertRef". – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant.
Page 112 6.11 Secure Open User Communication Application example This application example (https://support.industry.siemens.com/cs/ww/en/view/46817803) show how you can use the CP of an S7-1500 or S7-1200 station to set up a secure connection to an email server and send an email with the default application "TMAIL_C" from the S7 CPU.
Page 113: S7 Communication
S7 communication Characteristics of S7 communication S7 communication as homogeneous SIMATIC communication is characterized by vendor- specific communication between SIMATIC CPUs (not an open standard). S7 communication is used for migration and for connecting to existing systems (S7-300, S7-400). For data transfer between two S7-1500 automation systems, we recommend that you use open communication (see section Open User Communication (Page 65)).
Page 114 You must also enable this service for protection in the CPU configuration in the "Protection" area. This FAQ (https://support.industry.siemens.com/cs/ww/en/view/82212115) provides information about how to configure and program an S7 instruction and the GET and PUT communication instructions for data exchange between two S7-1500 CPUs.
Page 115 S7 communication S7 communication via PROFIBUS DP interface in slave mode You can find the "Test, commissioning, routing" check box in STEP 7 in the properties of the PROFIBUS DP interface of communications modules (e.g. CM 1542-5). Using this check box, you decide whether the PROFIBUS DP interface of the DP slave is an active or passive device on PROFIBUS.
Page 116 S7 communication 3. Select the "Connection parameters" group. Until you select a connection partner, only the empty drop-down list for the partner end point is enabled. All other input options are disabled. The connection parameters already known are displayed: – Name of the local end point –...
Page 117 S7 communication 4. In the drop-down list box of the partner end point, select a connection partner. You can select an unspecified device or a CPU in the project as the communication partner. The following parameters are automatically entered as soon as you have selected the connection partner: –...
Page 118 S7 communication 6. In the Project tree, select the "Program blocks" folder for one of the CPUs and open OB1 in the folder by double-clicking on it. The program editor opens. 7. In the program editor, call the relevant instructions for S7 communication in the user program of the communication partner (configured at one end) or in the user programs of the communication partners (configured at both ends).
Page 119 S7 communication Procedure for setting up an S7 connection via different S7 subnets You have the option of using an S7 connection over multiple S7 subnets (PROFIBUS, PROFINET/Industrial Ethernet) (S7 routing (Page 289)). 1. Configure the communications partners in the network view of the Devices & networks editor of STEP 7.
Page 120 S7 communication 4. Select the "Connections" button and the "S7 connection" entry from the drop-down list. 5. Using drag-and-drop in our example, connect PLC_1 in the left S7 subnet (PROFIBUS) to PLC_3 in the right S7 subnet (PROFINET). The S7 connection between CPU 1 and CPU 3 is configured. Figure 7-4 S7 connections via different subnets Communication...
Page 121 S7 communication ET 200SP Open Controller as router for S7 connections If you assign the "PROFINET onboard [X2]" interface to the CPU 1515SP PC (F) of the SIMATIC PC station, the CPU 1515SP PC (F) can be used as a router for S7 connections. If you use the CP interface for "None, or a different Windows setting", you cannot use the Open Controller as a router for routed S7 connections.
Page 122: Point-To-Point Link
Point-to-point link Functionality A point-to-point connection for S7-1500, ET 200MP and ET 200SP is established via communications modules (CMs) with serial interfaces (RS232, RS422 or RS485): ● S7-1500/ET 200MP: – CM PtP RS232 BA – CM PtP RS422/485 BA – CM PtP RS232 HF –...
Page 123 Point-to-point link Properties of procedure 3964 (R) ● When the data is sent, control characters are added (start, end and block check characters). Make sure that these control characters are not included as data in the frame. ● Connection establishment and termination makes use of control characters. ●...
Page 124 Point-to-point link Instructions for Freeport communication There are 3 instructions available for the dynamic configuration in the user program for Freeport communication. The following applies to all 3 instructions: the previously valid configuration data is overwritten but not stored permanently in the target system. ●...
Page 125 Point-to-point link Procedure for setting up USS communication 1. Configure an S7-1500 configuration with CPU and CM in the device view of the hardware and network editor of STEP 7. 2. In the Project tree, select the "Program blocks" folder and open OB1 in the folder by double-clicking on it.
Page 126 CM PtP communication module - Configurations for point-to-point connections (http://support.automation.siemens.com/WW/view/en/59057093). ● You can find a description of how to use the instructions for point-to-point connections in the user program in the STEP 7 online help.
Page 127: Opc Ua Communication
OPC UA communication What you need to know about OPC UA 9.1.1 OPC UA and Industrie 4.0 Uniform standard for information and data exchange Industry 4.0 stands for the intensive utilization, evaluation and analysis of the large volumes of data from production in IT systems at the enterprise level. With Industry 4.0, data exchange between the production and enterprise levels is rapidly increasing.
Page 128 OPC UA communication 9.1 What you need to know about OPC UA Independence of a specific transport layer OPC UA currently supports the following transport mechanisms and protocols: ● The transfer of messages as a binary stream directly via TCP/IP ●...
Page 129 OPC UA communication 9.1 What you need to know about OPC UA Scalability OPC UA can be used for devices of different performance classes: ● Sensors ● Embedded systems ● Controllers ● PC systems ● Smartphones ● Servers running MES or ERP applications. The performance class of the devices is differentiated by profiles.
Page 130 OPC UA communication 9.1 What you need to know about OPC UA Standard and global discovery profiles The "OPC UA Specification Part 7" defines additional profiles: ● The "Standard 2017 UA Server Profile", which is suitable for PC-based OPC UA servers ●...
Page 131: Opc Ua For S7-1200/S7-1500 Cpus
OPC UA communication 9.1 What you need to know about OPC UA 9.1.3 OPC UA for S7-1200/S7-1500 CPUs In OPC UA, one system operates as a server and provides data the existing information to other systems (clients). OPC UA clients, for example, have read and write access to data on an OPC UA server. OPC UA clients call methods on the OPC UA server.
Page 132: Access To Opc Ua Applications
The application example shows how to establish connections between servers and clients, for example. It also demonstrates the reading and writing of PLC tags. Link to download: OPC UA .NET client for the SIMATIC S7-1500 OPC UA Server (http://support.automation.siemens.com/WW/view/en/109737901) 9.1.4...
Page 133 OPC UA communication 9.1 What you need to know about OPC UA Principle: Interface for access via communication module For a CPU application, such as OPC UA, to be accessed via CP interface, you must configure a virtual interface (W1). IP-based applications can then be accessed via the IP address parameters of this virtual interface.
Page 134 OPC UA communication 9.1 What you need to know about OPC UA Example: Access of OPC UA clients to the OPC UA server of the CPU For access of an OPC UA client to the OPC UA server of the CPU, the following interfaces of the S7-1500 station are available: ●...
Page 135 OPC UA communication 9.1 What you need to know about OPC UA Example: Access of OPC UA clients to OPC UA servers via S7-1500 CPU with activated IP Forwarding OPC UA client and OPC UA server can also be connected to one another via an S7-1500 CPU, in which case the S7-1500 CPU operates as an IP Forwarder.
Page 136: Addressing Nodes
It is therefore necessary for an OPC UA client to request the current index of the namespace (e.g. "http://www.siemens.com/simatic-s7-opcua") from the server before reading or writing its values.
Page 137 OPC UA communication 9.1 What you need to know about OPC UA Identifier The Identifier corresponds to the name of the PLC tag in quotation marks. The quotation mark is the only sign that is not permitted as part of a name in STEP 7. Quotation marks avoid naming conflicts.
Page 138 OPC UA communication 9.1 What you need to know about OPC UA PLC tags in the address space of the OPC UA server The figure below shows where the PLC tags in the example are located in the address space of the OPC UA server (excerpt from UA client): The "MyDB"...
Page 139 OPC UA communication 9.1 What you need to know about OPC UA Methods in the address space of the OPC UA server If you implement a method via your user program, it takes the following form in the address space of the OPC UA Server (see Providing methods on the OPC UA server (Page 227)): Figure 9-5 Methods in the address space of the OPC UA server...
Page 140: What You Need To Know About Opc Ua Clients
OPC UA communication 9.1 What you need to know about OPC UA 9.1.6 What you need to know about OPC UA clients Basics of OPC UA clients OPC UA clients are programs that do the following: ● Access the information from an OPC UA server (for example an S7-1500 CPU): read/browse access, write access, subscriptions ●...
Page 141 OPC UA communication 9.1 What you need to know about OPC UA Reading data from the server and writing to the server You now know the namespace, identifier and data type of PLC tags. This means that you can now specifically read individual PLC tags and DB components as well as complete arrays and structures.
Page 142 OPC UA communication 9.1 What you need to know about OPC UA In accordance with the same scheme, the "RegisteredRead" function can also be used, which is particularly useful for recurring data readouts. Take into account, however, that depending on the application it may be advisable to use a Subscription instead. Recommendation: It is best to place registrations in the startup program of the OPC UA client, since the registration takes up time.
Page 143: Mapping Of Data Types
OPC UA communication 9.1 What you need to know about OPC UA Monitoring of PLC tags When the Subscription has been created, you inform the server which tags are to be monitored with it. In the following example, the "Voltage" tag was added to the subscription. The "Voltage"...
Page 144 OPC UA communication 9.1 What you need to know about OPC UA Example A tag has the SIMATIC data type "COUNTER". You read COUNTER → UInt16 in the table. You now know that you do not need to convert; the COUNTER value is sent over the line as a UInt16 data type.
Page 145 OPC UA communication 9.1 What you need to know about OPC UA SIMATIC data type OPC UA data type mapped as structure Special note: You can only describe the structure com- pletely with an OPC UA client. You have read-only access individual elements of this structure (e.g.
Page 146 More details on mapping of basic data types, arrays and structures can be found in the OPC UA Specification Part 6, "Mappings" (see OPC UA BINARY there). What must be considered with arrays and data types DTL and LDT in the OPC UA server of a SIMATIC S7-1500? FAQ (https://support.industry.siemens.com/cs/ww/en/view/109766726) Communication Function Manual, 11/2019, A5E03735815-AH...
Page 147: Security At Opc Ua
OPC UA communication 9.2 Security at OPC UA Security at OPC UA 9.2.1 Security settings Addressing risks OPC UA allows the exchange of data between different systems, both within the process and production levels and to systems at the control and enterprise level. This possibility also entails security risks.
Page 148: Certificates Pursuant To Itu X.509
OPC UA communication 9.2 Security at OPC UA Additional security rules ● Only use the end point "None" in exceptional cases. ● Only use the "guest authentication" of the user in exceptional cases. ● Only allow access to PLC tags and DB components via OPC UA if it is genuinely necessary.
Page 149 OPC UA communication 9.2 Security at OPC UA X.509 certificates An X.509 certificate includes the following information: ● Version number of the certificate ● Serial number of the certificate ● Information on the algorithm used by the certificate authority to sign the certificate. ●...
Page 150 OPC UA communication 9.2 Security at OPC UA Signing and encryption To allow you to check whether a certificate has been manipulated, certificates are signed. There are various possible procedures here: ● Within the TIA Portal you have the possibility to generate and sign certificates. If you have protected your project and are logged in as a user with the function right to make security settings, you can use the global security settings.
Page 151 This symmetric process (a shared key) is much faster than asymmetric processes (private and public key). See also Creating self-signed certificates (Page 152) Certificates with OPC UA (Page 151) Secure Communication (Page 34) Using certificates with TIA Portal (https://support.industry.siemens.com/cs/ww/en/view/109769068) Communication Function Manual, 11/2019, A5E03735815-AH...
Page 152: Certificates With Opc Ua
OPC UA communication 9.2 Security at OPC UA 9.2.3 Certificates with OPC UA Usage of X509 certificates with OPC UA OPC UA uses various types of X.509 certificates for establishing a connection from client to server: ● OPC UA application certificates Such X.509 certificates identify the software instance, the installation of client or server software.
Page 153: Creating Self-Signed Certificates
OPC UA client application. Example client from the online support The OPC UA .NET client for the SIMATIC S7-1500 OPC UA server (https://support.industry.siemens.com/cs/ww/en/view/109737901) creates a self-signed software certificate of the client application in the Windows Certificate Store during the first program start.
Page 154: Generating Pki Key Pairs And Certificates Yourself
OPC UA communication 9.2 Security at OPC UA 9.2.5 Generating PKI key pairs and certificates yourself This section is only relevant if you want to use an OPC UA client that cannot itself create a PKI key pair and a client certificate. In this case, you generate a private and a public key using OpenSSL, generate an X.509 certificate, and sign the certificate yourself.
Page 155 OPC UA communication 9.2 Security at OPC UA 7. Generate a private key. Save the key to the "myKey.key" file. The key in this example is 1024 bits long; for greater RSA security, use 2048 bits in practice. Enter the following command: "genrsa -out myKey.key 2048"...
Page 156 OPC UA communication 9.2 Security at OPC UA Using the CSR There are two ways to use a CSR: ● You send the CSR to a certificate authority (CA): Read the information of the respective certification authority. The certificate authority (CA) checks your information and identity (authentication) and signs the certificate with the private key of the certificate authority.
Page 157: Secure Transfer Of Messages
OPC UA communication 9.2 Security at OPC UA 9.2.6 Secure transfer of messages Establishing secure connections with OPC UA OPC UA uses secure connections between client and server. OPC UA checks the identity of the communication partners. OPC UA uses certificates in accordance with X.509-V3 from the ITU (International Telecommunication Union) for client and server authentication.
Page 158 OPC UA communication 9.2 Security at OPC UA Layers required The figure below shows the three layers that are always required for establishing a connection: the transport layer, the secure channel and the session. Figure 9-6 Necessary layers: transport layer, secure channel and session ●...
Page 159 OPC UA communication 9.2 Security at OPC UA Establishing the secure channel The secure channel is established as follows: 1. The server starts establishing the secure channel when it receives a request to this effect from the client. This request is signed or signed and encrypted, or the message is sent in plain text (security mode of the selected server end point).
Page 160: Using The S7-1500 As An Opc Ua Server
The S7-1500 CPUs as of firmware V2.0 are equipped with an OPC UA server. Apart from the Standard-S7-1500 CPUs this applies to the variants S7-1500F, S7-1500T, S7-1500C, S7-1500pro CPUs, ET 200SP CPUs, SIMATIC S7-1500 SW controllers and PLCSIM Advanced. Convention: "S7-1500 CPUs" also includes the above-mentioned CPU variants.
Page 161 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Node classes OPC UA servers provide information in the form of nodes. A node can be, for example, an object, a tag, a method or a property. The example below shows the address space of the OPC UA server of an S7-1500 CPU (extract from the OPC UA client "UaExpert"...
Page 162: End Points Of The Opc Ua Server
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.1.2 End points of the OPC UA server The end points of the OPC UA server define the security level for a connection. Depending on the purpose of use or desired security level, you have to carry out the corresponding settings for the connection at the end point.
Page 163 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Figure 9-8 "UA Sample Client" program of the OPC Foundation A connection to a server end point is only established if the OPC UA client complies with the security policies of that end point.
Page 164: Runtime Behavior Of The Opc Ua Server
OPC UA. This requires .NET Framework 4.0; see TIA Portal Openness, Automating SIMATIC projects with scripts (https://support.industry.siemens.com/cs/ww/en/view/109477163). ● If you already know the syntax and the PLC program, you can access the OPC UA server without first researching the information.
Page 165 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Download to the CPU may affect OPC UA server If you load a CPU with running OPC UA server, you may need to stop and restart the server depending on the loaded objects.
Page 166: Configuring Access To Plc Tags
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Reading CPU operating mode over OPC UA server The OPC UA server allows you to read out the CPU mode, see figure below: Figure 9-9 Reading CPU operating mode over OPC UA server In addition to the operating mode of the CPU you can, for example, read out information in the manual (DeviceManual) or firmware version (HardwareRevision).
Page 167 Visible in HMI engineering The option "Visible in HMI Engineering" applies to Siemens engineering tools. If you disable the option "Visible in HMI Engineering" (check mark not set), you can no longer configure the tag in WinCC (TIA Portal).
Page 168: Managing Write And Read Rights For A Complete Db
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Rules ● Only allow read access to PLC tags and tags of data blocks in STEP 7 if this is necessary for communication with other systems (controllers, embedded systems or MES). You should not enable other PLC tags.
Page 169 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 3. Select the "Attributes" area. 4. Select/clear the "DB accessible from OPC UA" checkbox as required. Figure 9-11 Hiding DBs or DB contents for OPC UA clients Note Effect on settings in the DB editor If you hide a DB using the DB attribute described here, the settings for the components in the DB editor are no longer relevant;...
Page 170: Coordinating Write And Read Rights For Cpu Tags
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.2.3 Coordinating write and read rights for CPU tags Definition of write and read rights in the information model (OPC UA XML) In the OPC UA information model, the attribute "AccessLevel" regulates access to tags. AccessLevel is defined bit by bit: Bit 0 = CurrentRead and Bit 1 = CurrentWrite.
Page 171 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Rules If write rights are required: ● AccessLevel = 2 oder 3 ● "Writable from HMI/OPC UA" enabled If read rights are required: ● AccessLevel = 1 (AccessLevel 3 is also possible, but misleading. The settings suggests that an OPC UA client has write and read rights) ●...
Page 172: Consistency Of Cpu Tags
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.2.4 Consistency of CPU tags "AccessLevelEx" attribute extends access properties As of firmware version V2.6, the OPC UA server of the S7-1500 CPU supports not only the attribute "AccessLevel" (see Coordinating write and read rights for CPU tags (Page 169)) but also the attribute "AccessLevelEx"...
Page 173 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Handling of the attribute in the server The "AccessLevelEx" attribute is only available in the OPC UA server. The attribute is not present in a node set file (XML export file). However, the attribute "AccessLevel", which is exported, includes the information from "AccessLevelEx", see next section.
Page 174: Accessing Opc Ua Server Data
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.2.5 Accessing OPC UA server data High performance in line with application OPC UA is designed for the transfer of a high volume of data within a short period of time. You can increase the performance significantly if you do not access individual PLC tags, but rather read and write arrays and structures as a whole.
Page 175: Minimumsamplinginterval Attribute
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.2.6 MinimumSamplingInterval attribute MinimumSamplingInterval attribute of tags In addition to "Value", "DataType" and "AccessLevel", you can also set the "MinimumSamplingInterval" attribute for a tag in the XML file that represents the server address space.
Page 176: Configuring The Opc Ua Server
The following FAQ contains a converter with which you can convert the export file into CSV format. You then obtain a list of the tags of the CPU that can be accessed by OPC UA. You can find the FAQ on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109742903). 9.3.3 Configuring the OPC UA server 9.3.3.1...
Page 177 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Settings remain stored If you have already enabled the server and made settings, those settings are not lost if the server is disabled. The settings are saved as before and are available when you enable the server again.
Page 178: Access To The Opc Ua Server
Direct access to the OPC UA server of the CPU over the backplane bus of the automation system is not possible via CMs. With SIMATIC S7-1500 SW controllers, access to the OPC UA server is possible via PROFINET interfaces that are assigned to the software PLC.
Page 179 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server The URLs are structured as follows: ● Protocol identifier "opc.tcp://" ● IP address – 192.168.178.151 The IP address at which the OPC UA server can be accessed from the Ethernet subnet 192.168.178.
Page 180: General Settings Of The Opc Ua Server
If the "Enable standard SIMATIC server interface" option is selected, the OPC UA server of the CPU provides the enabled PLC tags and server methods to the clients, as was specified by SIEMENS in the self-defined namespace. This option is selected in the default setting.
Page 181 Details on which ports are used by the various services for data transfer via TCP and UDP, and what are the points to note when using routers and firewalls can be found in the FAQ (https://support.industry.siemens.com/cs/ww/en/view/8970169). Communication Function Manual, 11/2019, A5E03735815-AH...
Page 182: Settings Of The Server For Subscriptions
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Backward compatible data type definitions according to OPC UA specification ≤ V1.03 The OPC UA specification (<= V1.03) defines mechanisms in order to read out data type definitions, for example for user-defined structures (UDTs), from a server by means of the TypeDictionaries.
Page 183 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server How frequently does the server send notifications? When a Subscription is set up, the OPC UA client specifies the intervals at which it wants to be sent the new values in the event of changes. To limit the communication load through OPC UA, set a minimum interval for the messages.
Page 184: Handling Client And Server Certificates
For information on causes and remedies for status codes of OPC UA client that appear, see the list of error codes in the online help of STEP 7 (TIA Portal) or in the following FAQ (https://support.industry.siemens.com/cs/ww/en/view/109755860). See also Rules for subscriptions (Page 284) Subscription diagnostics (Page 240) 9.3.3.5...
Page 185 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Certificate of the OPC UA server When you have activated the OPC UA server and have confirmed the security prompts, STEP 7 automatically generates the certificate for the server and saves it in the local certificate directory of the CPU.
Page 186 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server The client user decides whether the server certificate is to be trusted. The user at the client side now has to decide whether the server certificate is to be trusted. If the user trusts the server certificate, the client stores the server certificate in its directory containing the trusted server certificates.
Page 187 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 8. Right-click this line and select the "Export certificate" entry from the shortcut menu. 9. Select a directory where you will store the client certificate. Clients of other manufacturers When you use UA clients from manufacturers or the OPC Foundation, a client certificate is generated automatically during installation or upon the first program call.
Page 188 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9. Click the "General" tab in the properties of the CPU that is acting as server. 10. Click "OPC UA > Server > Security > Secure Channel". 11. Scroll down in the "Secure Channel" dialog to the section "Trusted clients". 12.
Page 189 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Configuring security settings of the server The figure below shows the available server security settings for signing and encrypting messages. Figure 9-21 Configuring security settings of the server By default, a server certificate is created that uses SHA256 signing.
Page 190 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server ● Basic128Rsa15 -Sign & Encrypt Secure endpoint, supports a series of algorithms that use the hash algorithm RSA15 and 128-bit encryption. This endpoint protects the integrity and confidentiality of the data through signing and encrypting.
Page 191: Generating Server Certificates With Step 7
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.3.6 Generating server certificates with STEP 7 The description below shows the procedure for generating new certificates with STEP 7 and applies in principle to various uses of the certificates. STEP 7 sets the appropriate purpose - in this case "OPC UA Client &...
Page 192 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 3. The dialog for generating new certificates is displayed (figure below). The values for an example are already entered: Figure 9-22 Customizing server certificates 4. Use other parameters if this is necessary in accordance with the security specifications in your company or your customer.
Page 193 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Explanation of fields for certificate generation ● CA Select whether the certificate is to be self-signed or signed by one of the CA certificates of the TIA Portal. The certificates are described under "Certificates with OPC UA". If you want to generate a certificate that is to be signed by one of the CA certificates of the TIA-Portal, the project must be protected and you must be logged in as a user with all the required function rights.
Page 194: User Authentication
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server ● Usage The default is "OPC UA client & server". Keep this default for the OPC UA server. The "Create a new certificate" dialog can be called from several points in STEP 7. If, for example, you call this dialog for the Web server of the CPU, "Web server"...
Page 195: Users And Roles With Opc Ua Function Rights
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server ● User name and password authentication The user has to prove their authorization (no anonymous access). The OPC UA server checks whether the client user is authorized to access the server. Authorization is given by the user name and the correct password.
Page 196 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Requirement Before you can edit the security settings, the project must be protected and you must be logged on with sufficient rights, for example as administrator. Settings in the project tree > "Security settings" You access the central user settings and roles in the protected project in the project tree under "Security settings".
Page 197 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 3. You will find the following function rights in the "Function rights" section: – OPC UA server access This function right apples on the OPC UA server of the S7-1500 CPU. Only when this option is selected does a user of the CPU PLC_2 server who has been assigned the role "PLC-opcua-role-all-inclusive"...
Page 198: Diagnostic Settings Of The Server
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.3.9 Diagnostic settings of the server Diagnostics You can specify the scope of the diagnostics of the OPC UA server in the CPU settings. To change the diagnostics scope, navigate to the "OPC UA > Server > Diagnostics" area. Figure 9-25 Diagnostic settings of OPC UA server Default setting...
Page 199: License For Opc Ua
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.3.10 License for OPC UA Runtime licenses A license is required to run the OPC UA server of the S7-1500 CPU. The type of license required depends on the performance of the respective CPU. The following license types are differentiated: ●...
Page 200: Opc Ua Server Interface Configuration
Additional information on companion specifications is available here (Page 218). Additional information on SiOME is available here (https://support.industry.siemens.com/cs/ww/en/view/109755133). ● User-defined server interface: For this type of server interface you combine OPC UA nodes of an OPC UA server into a unit.
Page 201 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Injection molding machine as an example for companion specification In this example, a server interface contains the following elements: ● OPC UA nodes which you can write with an OPC UA client to receive information about this injection molding machine (in readable PLC tags) ●...
Page 202: Creating A User-Defined Server Interface
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.4.2 Creating a user-defined server interface Introduction The description is based on the following example: A protective fence surrounds the production cell "Cell_1". The fence is equipped with the gate "Gate_1".
Page 203 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 6. Click on the triangle in front of "Program blocks" in the area "OPC UA elements" to open the "Program blocks" folder. STEP 7 displays the following table for editing: Figure 9-28 Editing the server interface The editor is divided into two areas.
Page 204 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server STEP 7 (TIA Portal) displays the dialog as follows: Figure 9-29 Adding OPC UA elements to the server interface Limiting the view to OPC UA servers By selecting the OPC UA elements, you limit the view to the OPC UA server and the options of the OPC UA clients.
Page 205 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Once a server interface has been defined, you can drag it to another CPU in the project tree. Figure 9-31 Disabling the visibility of the server interface Information on the server interface The "OPC UA Server Interface"...
Page 206 ● Node type Type of the OPC UA node, for example BOOL, BYTE, INT. These node types were defined by Siemens, not by the OPC Foundation. For example, the OPC Foundation uses the Boolean node type for BOOL. BOOL is directly derived from Boolean.
Page 207: Using Opc Ua Companion Specifications
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.4.3 Using OPC UA companion specifications Introduction OPC UA is universally applicable: The standard itself does not, for example, specify how PLC tags are to be named. It is also up to the individual user (application developer) to program and name server methods that can be called over OPC UA.
Page 208 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Using companion specifications: Overview Euromap 77 is described in the OPC UA XML file "Opc_Ua.EUROMAP77.NodeSet2.xml". Note Euromap 77, Euromap 83 and OPC UA for Devices (DI) With Release Candidate 2, some of the Euromap definitions have been transferred from Euromap 77 to Euromap 83.
Page 209 9.3 Using the S7-1500 as an OPC UA server Step 1: Create instances in SiOME The following section describes how to use the free program "SiOME", the "Siemens OPC UA Modeling Editor". With SiOME, you can create an OPC UA XML file, which describes the server interface (an information model).
Page 210 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 6. Now import the namespace "http://www.euromap.org/euromap83/" To do so, click the "Import XML" button again in the "Information model" area. Select the file "Opc_Ua.EUROMAP83.NodeSet2.xml". Result: SiOME imports the XML file and shows the namespace "http://www.euromap.org/euromap83/"...
Page 211 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 12. Click "OK". SiOME shows the new instance "IMM_Manufacturer_01234" in the "Information model" area under "DeviceSet": Figure 9-36 Display information model 13. Create an instance of the data type "InjectionUnitType". To do this, right-click on the "InjectionUnits"...
Page 212 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 16. Save the XML file. To do so, click the "Quick save" button in the "Information model" area: Figure 9-37 "Quick save" button in SiOME 17. Export the XML file. To do so, click the "Export XML"...
Page 213 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Step 2: Creating PLC tags for the Euromap 77 instance in STEP 7. For Euromap 77, you must provide PLC tags and server methods in your user program and assign the instance of the "IMM_MES_InterfaceType"...
Page 214: Rules For Opc Ua Xml Files
OPC UA XML export of an S7-1500. Note Import blocked for namespace "http://www.siemens.com/simatic-s7-opcua" You cannot import server interfaces with the namespace "http://www.siemens.com/simatic- s7-opcua" to an S7-1500 CPU because this namespace is reserved for S7-1500 CPUs (standard SIMATIC server interface) and is not available for imports.
Page 215: Data Types For Companion Specifications
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.4.5 Data types for companion specifications Mapping of data types The table below shows the compatible SIMATIC data type for each OPC UA data type. Assign the data types as shown below (SIMATIC data type - OPC UA data type). Other assignments are not permitted.
Page 216 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server User-defined data type for UNION required The figure below shows the tag "MyVariable", which has the "Union_MyDatatype" data type. This SIMATIC data type corresponds to an OPC UA tag with the data type UNION. The figure shows an example of the declaration: When Selector = 1, Union takes a ByteArray;...
Page 217 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server System data type "OPC_UA_NodeId" For the OPC UA basic data type "OpcUa_NodeId", please refer to the following table for the meaning of the parameters. Use OPC_UA_NodeId for the identification of a node in the OPC UA server.
Page 218 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server UDT "LocalizedText" For the basic data type "LocalizedText", create the following PLC data type: Figure 9-41 "LocalizedText" UDT The EncodingByte indicates which fields (Locale or Text) are available: EncodingByte Meaning The fields Locale and Text are empty...
Page 219: Creating A Server Interface For Companion Specification
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server UDT "XmlElement" An XmlElement is a serialized XML fragment (UTF-8 string). For the basic data type "XmlElement", create the following PLC data type: Figure 9-43 "XmlElement" UDT Example: Structure of EUInformation with UDT "LocalizedText" Figure 9-44 Example: Structure of EUInformation with UDT "LocalizedText"...
Page 220 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Creating a server interface for a companion specification To create a server interface for a companion specification with STEP 7 (TIA Portal), proceed as follows: 1. Select the CPU that you want to use as an OPC UA server. 2.
Page 221 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 6. In the "Import XML file" field, select an XML file that describes an information model. The "Using OPC UA companion specifications (Page 206)" section describes how to create such an XML file with the SiOME tool.
Page 222 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 7. Click "OK". STEP 7 (TIA Portal) imports the information model described in the selected XML file. An error occurs when type definitions are used in the imported XML file that are not yet present in STEP 7 (TIA Portal) and that are also not contained in the imported XML file.
Page 223 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server The figure below shows a section from the assignment of the local data (PLC tags) to the OPC UA nodes of the Euromap 77: Information on the server interface The editor for configuring the OPC UA server interface is structured as a table and provides the following information: ●...
Page 224: Creating A Server Interface For Reference Namespace
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server ● Local data STEP 7 displays the data block which is assigned to the OPC UA node: The CPU reads the value of the OPC UA node from this data block. If a data block is highlighted in color (e.g.
Page 225 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Example Euromap 77 You have added a server interface for the companion specification Euromap 77 . The server interface uses object types defined in OPC UA DI as well as in Euromap 83 and Euromap 77 in their corresponding namespaces.
Page 226 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 5. For "Import XML file", select an XML file that contains the definitions of the namespace "http://opcfoundation.org/UA/DI/". Select the file "Opc.Ua.Di.NodeSet2.xml" in the example. You can download this file here: (https://opcfoundation.org/UA/schemas/DI/) The figure below shows the dialog with the entries: 6.
Page 227: Notes On Configuration Limits When Using Server Interfaces
The table below sets out the configuration limits for S7-1500 CPUs; these must also be taken into account when you compile and load a configuration (up-to-date technical specifications of the CPUs can be found on the Internet (https://support.industry.siemens.com/cs/ww/en/ps/td)). A violation of configuration limits results in an error message. Table 9- 4...
Page 228: Providing Methods On The Opc Ua Server
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.5 Providing methods on the OPC UA server 9.3.5.1 Useful information about server methods Providing user program for server methods On the OPC UA server of an S7-1500 CPU (as of firmware V2.5), you have the option of providing methods via your user program.
Page 229 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Implementing a server method A program (function block) for implementing a server method is structured as follows: 1. Querying the server method call with OPC_UA_ServerMethodPre You first call the "OPC_UA_ServerMethodPre" instruction in your user program (i.e. in your server method).
Page 230 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Integrating the server method The diagram below shows how an OPC UA client (A) calls the server method "Cool": The CPU executes the instance "Cool1" of the server method "Cool" in the cyclic user ⑥...
Page 231 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server The CPU resumes the cyclic user program after "Cool1". Call of the server method and management of the "Done" information (method complete) ① Asynchronous call of the server method ②...
Page 232: Boundary Conditions For Using Server Methods
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.5.2 Boundary conditions for using server methods Permitted data types If you provide server methods, observe the following rule: ● Assign the data types as shown below (SIMATIC data type - OPC UA data type). Other assignments are not permitted.
Page 233 If you implement server methods via your user program, the number of usable methods is limited depending on the CPU type, see the following table (up-to-date technical data of the CPUs can be found in the Internet (https://support.industry.siemens.com/cs/ww/en/ps/td)). Technical specification value...
Page 234: Using Diagnostics Options
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.6 Using diagnostics options 9.3.6.1 Diagnostics of the OPC UA server Online diagnostics of the OPC UA server The S7-1500 CPU OPC UA server can be diagnosed online with standard OPC UA clients, such as UaExpert.
Page 235 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Figure 9-46 Server diagnostics The SessionsDiagnosticsSummary node also shows the properties of the client application accessing the server within the session. Figure 9-47 Sessions diagnostics with the properties of the client application Diagnostics of the connection between client and server To diagnose the status of the connection during program runtime in the client, use the following instruction:...
Page 236: Server State Transition Diagnostics
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server 9.3.6.2 Server state transition diagnostics Information on the server state S7-1500 CPUs as of firmware version V2.8 are able to create an entry in the diagnostic buffer upon state changes of the OPC UA server. The diagnostic buffer displays the new state.
Page 237: Session State Transition Diagnostics
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Server states and state transitions ① ④ POWER ON or Load in RUN, if OPC UA relevant data could be affected. ② Loading the hardware configuration with deactivated OPC UA server. The server remains shut down.
Page 238: Check For Security Events
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Requirement The "Change of session states" option (OPC UA > Server > Diagnostics) is selected in the OPC UA properties of the CPU. Example A client transmits incorrect authentication data (for example, incorrect password) when a connection is established.
Page 239: Request Of A Remote Client Failed
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Security events detected in diagnostics S7-1500 CPUs perform diagnostics on the following OPC UA relevant security events: ● Client-certificate is invalid (for example, syntactically or semantically incorrect, incorrect signature, current date is not in the validity period) ●...
Page 240 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Possible entries for the service that is causing the error Depending on the client application used, requests to the server can be triggered differently from the user's viewpoint, for example, by an online tool with a graphical user interface or by instructions in a client's program.
Page 241: Subscription Diagnostics
OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Monitored Item Service Set CreateMonitoredItems ModifyMonitoredItems DeleteMonitoredItems SetMonitoringMode SetTriggering Subscription Service Set CreateSubscription ModifySubscription DeleteSubscriptions Publish Republish SetPublishingMode 9.3.6.6 Subscription diagnostics Information about a subscription S7-1500 CPUs as of firmware version V2.8 are able to create an entry in the diagnostic buffer at state changes of a subscription.
Page 242 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server Subscription states and state transitions ① Subscription is generated and is then active. ② Status change is not entered in the diagnostic buffer because too many entries may be made in the diagnostic buffer depending on the amount of data.
Page 243 "GoodOverload" when using subscriptions, if an overload of the CPU occurs when sampling the items. As of firmware V2.8 of the SIMATIC S7-1500 CPU, the OPC UA server can also enter this event into the diagnostic buffer. Requirement In the OPC UA properties of the CPU, the option "Subscriptions: Sampling time errors"...
Page 244: Summarizing Diagnostics
See also FAQ 109763090. See also Settings of the server for subscriptions (Page 181) Meaning of the "GoodOverload" status (https://support.industry.siemens.com/cs/ww/en/view/109763090) 9.3.6.7 Summarizing diagnostics To prevent the diagnostics buffer being "swamped" by large numbers of identical OPC UA diagnostics, as of STEP 7 V16 service pack 1, you can set parameters so that these diagnostics are entered in the diagnostics buffer as group alarm.
Page 245 OPC UA communication 9.3 Using the S7-1500 as an OPC UA server OPC UA diagnostics that can be summarized The diagnostics listed below each form their own groups (type). Diagnostic events from the same group are combined using the setting "Summarize diagnostics in case of high message volume": ●...
Page 246: Using The S7-1500 Cpu As An Opc Ua Client
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Using the S7-1500 CPU as an OPC UA client 9.4.1 Overview and requirements With STEP 7 (TIA Portal) Version V15.1 and higher, you can assign parameters and program an OPC UA client that can read PLC tags in an OPC UA server.
Page 247: Useful Information About The Client Instructions
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Overview To use the editor and the connection parameter assignment, follow these steps: 1. First, specify a client interface. Add to this the PLC tags and PLC methods interface that you want to access ("First step (Page 251)").
Page 248 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client ① Instructions for preparation of method calls ② Method calls ③ Instructions for "clean-up" after completed method calls Figure 9-55 Run sequence for a method call in the OPC UA server Optional instructions (reading out the status of a connection / reading out node IDs of nodes with known hierarchy of the address space) ●...
Page 249: Number Of Client Instructions That Can Be Used Simultaneously
> OPC UA > OPC UA client. Application example in Online Support This application example (https://support.industry.siemens.com/cs/ww/en/view/109762770) provides you with an S7 user block "OpcUaClient" that summarizes the most important functions of the OPC UA instructions, accelerates the implementation for you and simplifies the programming.
Page 250: Example Configuration For Opc Ua
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client OPC UA instruction Maximum number for Maximum number for Maximum number CPU 1510SP (F) CPU 1505 (S/SP/SP F/SP T/SP TF) CPU 1507S (F) CPU 1511 (C/F/T/TF) CPU 1515 (F/T/TF) CPU 1517 (F/T/TF) CPU 1512C CPU 1515 SP PC (F/T/TF)
Page 251 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Connection parameter assignment using an example: The plant produces blanks in a production line. The following controllers are used: 1. An S7-1511 CPU serves as the controller of the production line. The controller is named "Productionline"...
Page 252: Creating Client Interfaces
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client The following figure shows the example in the network view of the TIA Portal: Figure 9-57 Example of assigning connection parameters in the network view 9.4.5 Creating client interfaces As of Version 15.1, the TIA Portal has an editor for client interfaces.
Page 253 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 4. Double-click "Add new client interface". STEP 7 creates a new client interface and display in the editor. Figure 9-58 Adding OPC UA client interface STEP 7 names the new interface "Client interface_1". If a "Client interface_1" already exists, the new interface receives the designation "Client interface_2"...
Page 254 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 7. STEP 7 displays a dialog with which you can select an XML file. This XML file describes a address space of an OPC UA server. The address space of an OPC UA server contains all PLC tags and server methods published by an OPC UA server.
Page 255 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 8. Create a read list in this client interface. To do this, follow these steps: – Click "Add new read list" in the left section of the editor. STEP 7 adds a new list named "ReadList_1".
Page 256 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Note Read and write lists do not support all node types. The OPC UA client of the S7-1500 CPU does not support all OPC UA data types (node types) that can be made available via an OPC UA server interface.
Page 257 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 10. If you want to call a method of this OPC UA server, generate a new method list. To do this, follow these steps: – In the left section of the editor, click "Add new method list". STEP 7 adds a new list with the name "Method list_1".
Page 258 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Note Renaming nod names (DisplayNames) In read lists, write lists and method lists you can rename the name of a node by means of the shortcut menu. This is the "DisplayName" in the OPC UA language usage. If you rename the name of a method list node and the node is already used in a programmed block for the method call "OPC_UA_MethodCall", the compilation of the project leads to consistency errors: During the compilation the UDTs of the method are generated with the...
Page 259 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Data blocks of client interface The following data blocks belong to the "Productionline" client interface: ● Productionline_Configuration A data block for the configuration. In the example, this data block is called "Productionline_Configuration". The data block already contains all system data types that are needed for the instructions of the OPC UA client.
Page 260 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Reading and writing PLC tags of the client interface Example: Reading the "ProductNumber" value For example, you write in an SCL program: #MyLocalVariable := "Productionline_Data".ReadListProduct.Variable.ProductNumber; You use this, for example, to assign the number of the blank that was just produced in the production line to the local tag "#MyLocalVariable".
Page 261: Determine Server Interface Online
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Consistency check Finally, check the consistency of the read/write list or method list. 1. Select the list that you want to check. 2. Click the "Consistency check" button above the "OPC UA client interface" area. A green check mark indicates an error-free assignment of the tags or methods to the corresponding elements of the server interface.
Page 262 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 3. Double-click the selected client interface. The editor for client interfaces is displayed. Figure 9-64 Editor for client interface 4. In the left section of the editor, click "Add new read list", "Add new write list", or "Add new method list".
Page 263 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 6. Click the "Online Access" button. STEP 7 displays the "Connect to OPC UA server" dialog. Figure 9-65 "Connect to OPC UA server" dialog Tip: When establishing an online connection to an OPC UA server for the first time, use the "Online access"...
Page 264 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 9. Do you want to use a secure connection? – If you have selected a secure end point, then select the entry "TIA Portal" for the "Certificate location". And under "Certificate (Client)", select a client certificate for your PC on which STEP 7 (TIA Portal) is currently running.
Page 265: Using Multilingual Texts
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 12. Click on the small black triangle next to "Objects". STEP 7 now also displays the level below Objects. 13. Click on the small black triangle next to "Productionline". STEP 7 now also displays the level below Productionline.
Page 266 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Example for multilingual texts in an OPC UA XML file In the XML file below, the display name and the description, for example, are entered with a "default"...
Page 267: Rules For The Access To Structures
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client When you change the editing language, the multilingual text in the imported interface will also change according to the rules explained above. You can then apply the nodes in the corresponding lists (read list, write list, method list) with drag and drop.
Page 268 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Example of an error-free assignment of the structure elements In the imported node set file (XML export), the structure is defined as follows: The structure mapped in the read list matches, both in the order and in the assigned data types, the corresponding nodes of the node set file.
Page 269: Using Connection Parameter Assignment
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 9.4.9 Using connection parameter assignment 9.4.9.1 Creating and configuring connections With the instructions for OPC UA clients, you create a user program that exchanges data with an OPC UA server. A series of system data types are required for this. To simplify your work with these system data types, a connection parameter assignment for OPC UA clients is available starting in STEP 7 (TIA Portal) Version 15.1.
Page 270 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 3. Enter a path within the OPC UA server to restrict access to this path. The information is optional. However, some servers only establish a connection if a server path is specified. When you specify a path, it is automatically entered at the "ServerEndpointUrl"...
Page 271 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Setting the security parameters 1. Click the "Security" area in the "Configuration" tab. This area contains all security settings for the connection to the OPC UA server. The following settings are possible: "General"...
Page 272 Additional information What causes the connection to an OPC UA server to fail? FAQ (https://support.industry.siemens.com/cs/ww/en/view/109766709) See also Handling of the client certificates of the S7-1500 CPU (Page 272) Communication...
Page 273: Handling Of The Client Certificates Of The S7-1500 Cpu
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 9.4.9.2 Handling of the client certificates of the S7-1500 CPU Where does the client certificate come from? If you are using the OPC UA client of an S7-1500 CPU (OPC UA client enabled), you can create certificates for these clients with STEP 7 V15.1 and higher as described in the following sections.
Page 274 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Creating an OPC UA Client certificate The easiest way to generate a client certificate for an S7-1500 CPU is to configure a client interface. The configuration of the client interface provides for the selection or generation of a client certificate, see Creating and configuring connections (Page 268).
Page 275 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 2. Announcing the client certificate to the server You have to make the client certificate available to the server to allow a secure connection to be established. To do this, follow these steps: 1.
Page 276: User Authentication
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 9.4.9.3 User authentication In the OPC UA client interface of the S7-1500, you can set what authentication is required for a user of the OPC UA client wishing to access the server. To do so, you must select the corresponding client interface in the project tree of the requested S7-1500 CPU under "OPC UA communication >...
Page 277: Using A Configured Connection
OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client "No Security" security policy and authentication via user name and password You can set the following combination: Security policy = "No Security" and authentication via user name and password. ●...
Page 278 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Order of the OPC UA instructions The following figure shows the order in which the OPC UA instructions are called in a user program in order to use these instructions to read or write PLC tags: ①...
Page 279 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 3. Select a call option for the instruction The example uses a multi-instance. STEP 7 displays the instruction in the program editor. The editor for the Function Block Diagram (FBD) programming language uses the following display: The editor for the Ladder Logic (LAD) programming language displays the instruction similarly.
Page 280 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 5. For "Client interface" select the client interface that you want to use for the instruction. We select the "ProductionLine" client interface in the example. STEP 7 now interconnects the "ProductionLine" client interface with the parameters of the OPC_UA_Connect instruction: "ProductionLine"...
Page 281 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 7. Using drag-and-drop, move the "UA_NodeGetHandleList" instruction into the program editor. Select the "Multi-instance" call option. Click the toolbox symbol (LAD and FBD) or the small green box below the instance name (STL and SCL) if the editor is not already open.
Page 282 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client If you want to write data to an OPC UA server, select the write list you want to use under "Data access > Read/Writelist" (the "ProductionStatus" write list in the example). Communication Function Manual, 11/2019, A5E03735815-AH...
Page 283 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client 8. Using drag-and-drop, move the "UA_ReadList" instruction into the program editor. Select the "Multi-instance" call option. Click the toolbox symbol (LAD and FBD) or the small green box below the instance name (STL and SCL) if the editor is not already open.
Page 284 OPC UA communication 9.4 Using the S7-1500 CPU as an OPC UA client Supported instructions For the following instructions, STEP 7 automatically supplies the parameters if you are using a client interface and a configured connection to an OPC UA server: ●...
Page 285: Tips And Recommendations
/ publishing interval of 1 second. You can find additional information in the FAQ 109755846 (https://support.industry.siemens.com/cs/us/en/view/109755846). ● Select the same sampling and publishing intervals for the OPC UA client and for the OPC UA server.
Page 286: Rules For The User Program
OPC UA communication 9.5 Tips and recommendations 9.5.2 Rules for the user program User programs for OPC UA The following rules apply to user programs: ● If your application allows it and the communication load is high, you should set a minimum time for cycle OBs.
Page 287: Master Copies For Opc Ua Communication
OPC UA communication 9.5 Tips and recommendations 3. Switch to the "Details" tab in the selection window. 4. In the "DB accessible from OPC UA" column, disable the accessibility from OPC UA for individual objects. Figure 9-72 Calling detailed object display in the TIA Portal 9.5.3 Master copies for OPC UA communication Master copies for the OPC UA interfaces...
Page 288 OPC UA communication 9.5 Tips and recommendations Creating a master copy from selection You select multiple elements and create a single master copy from them that contains all selected elements. 1. Copy to the clipboard the elements that you want to create as master copies. 2.
Page 289: Routing
Routing 10.1 Overview of the routing mechanisms of S7-1500 CPUs The following table gives an overview of the routing mechanisms of the S7-1500 CPU. Routing mechanism Description Applications Section S7 routing S7 routing is the transfer of Download user programs S7 routing (Page 289) data beyond S7 subnet bound- Load hardware configuration...
Page 290: S7 Routing
A firewall does not recognize the IP address of the sender during S7 routing when the sender is located outside the S7 subnet adjacent to the firewall. An overview of the devices that support the "S7 routing" function is provided in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/584459). Communication Function Manual, 11/2019, A5E03735815-AH...
Page 291 Routing 10.2 S7 routing S7 routing for online connections With the PG/PC, you can reach devices beyond S7 subnets, for example to do the following: ● Download user programs ● Download a hardware configuration ● Execute test and diagnostics functions In the following figure, CPU 1 is the S7 router between S7 subnet 1 and S7 subnet 2.
Page 292 Routing 10.2 S7 routing The following figure shows the access from a PG via PROFINET to PROFIBUS. CPU 1 is the S7 router between S7 subnet 1 and S7 subnet 2; CPU 2 is the S7 router between S7 subnet 2 and S7 subnet 3. Figure 10-2 S7 routing: PROFINET - PROFIBUS S7 routing for HMI connections...
Page 293 Routing 10.2 S7 routing S7 routing for CPU-CPU communication You have the option of setting up an S7 connection from a CPU to another CPU via different subnets (PROFIBUS and PROFINET or Industrial Ethernet). The procedure is described based on examples in the section S7 communication (Page 112). Figure 10-4 S7 routing via CPU-CPU communication Using S7 routing...
Page 294 ● You can find more information on S7 routing and TeleService adapters when you search the Internet using the following links: – Device manual Industrial Software Engineering Tools TS Adapter IE Basic (http://support.automation.siemens.com/WW/view/en/51311100) – Downloads for the TS Adapter (http://support.automation.siemens.com/WW/view/en/10805406/133100)
Page 295: Ip Forwarding
Routing 10.3 IP forwarding 10.3 IP forwarding Forwarding of IP packets with IP forwarding IP forwarding is a function of devices to forward IP packets between two connected IP subnets. Enable/disable the IP forwarding function in STEP 7. When IP forwarding is enabled, the S7-1500 CPU forwards received IP packets not addressed to the CPU to locally connected IP subnets or to a configured router.
Page 296 Routing 10.3 IP forwarding Requirements for using IP forwarding ● S7-1500 CPU as of firmware version V2.8 ● Number of Ethernet interfaces: – The CPU has at least two Ethernet interfaces. – Or the CPU has one Ethernet interface, and a CP 1543-1 as of firmware version V2.2 provides the other Ethernet interface.
Page 297 Routing 10.3 IP forwarding ● For the PC, the IP router, the IO device and the HMI device, the IP addresses of a standard gateway or the corresponding routes are also entered. Figure 10-8 Sample configuration This example configuration results in the following IP routing table for the CPU. Table 10- 1 IP route table of the CPU Network destination...
Page 298 Routing 10.3 IP forwarding In a Windows computer, for example, you set up an additional IP route from the command prompt using the command "route add mask ". However, you need certain access rights for this. For this example, enter the following prompt: ●...
Page 299 Routing 10.3 IP forwarding Restrictions You cannot configure any additional IP routes other than the router ("Standard Gateway") for an S7-1500 CPU. The network destination is either a connected IP subnet, or the network destination can be reached via exactly one configurable router. Because the S7-1500 CPU does not support additional IP routes, you cannot build bi-directional IP router cascades.
Page 300 Routing 10.3 IP forwarding IP forwarding via the interface of a CP IP forwarding also works via the interface of a CP. For this you have to activate the "Access to PLC via communication module" function for this CP in the CPU. How you enable the "Access to PLC via communication module"...
Page 301 Separate the CPU-related IP subnets from the remote IP subnets with a firewall. For example, use the SCALANCE S security modules with integrated firewall. This application example (https://support.industry.siemens.com/cs/ww/en/view/22376747) describes how to protect an automation cell with a firewall using the SCALANCE S602 V3 and SCALANCE S623 security modules.
Page 302: Data Record Routing
Routing 10.4 Data record routing Enabling/disablng IP forwarding To enable IP forwarding, proceed as follows: 1. Select the CPU in the network view of STEP 7 (TIA Portal). 2. In the properties of the CPU of the Inspector window, navigate to "General" > "Advanced Configuration"...
Page 303 Additional information ● The differences that exist between "normal" routing and data record routing are described in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/7000978). ● Whether or not the CPU, CP or CM you are using supports data record routing can be found in the relevant manuals.
Page 304: Virtual Interface For Ip-Based Applications
Routing 10.5 Virtual interface for IP-based applications 10.5 Virtual interface for IP-based applications As of firmware version 2.8, the S7-1500 CPU offers the option of reaching its IP-based applications, such as OPC UA, not only via its local (PN) interfaces, but also via the interfaces of communication processors in the same station.
Page 305 Routing 10.5 Virtual interface for IP-based applications Compared to conventional interfaces, the virtual interface has the following restrictions: ● No access to the web server over the virtual interface. ● Online backup is not possible via a connected programming device with the TIA Portal. ●...
Page 306 Routing 10.5 Virtual interface for IP-based applications Once the IP address is entered, it is shown in the properties dialog of the OPC UA server in the list of server addresses. These settings provide the CPU with the new virtual interface W1 via which CPU services like the OPC UA server can be accessed via a communication module.
Page 307 Routing 10.5 Virtual interface for IP-based applications Settings in the communication module The settings of the internal CP firewall do not have an effect on communication over the virtual interface. This means the security functions of the communication module cannot protect the data traffic via the virtual interface.
Page 308: Connection Resources
Connection resources 11.1 Connection resources of a station Introduction Some communications services require connections. Connections occupy resources in the automation system (station). The connection resources are made available to the station by the CPUs, communications processors (CPs) and communications modules (CMs). Connection resources of a station The connection resources available depend on the CPUs, CPs and CMs being used and must not exceed a maximum number per station.
Page 309 Connection resources 11.1 Connection resources of a station The figure below shows an example of how individual components make connection resources available to an S7-1500 station. ① Available connection resources of the station, of which Reserved connection resources of the station A + B Connection resources of CPU 1518 Connection resources of communications module CM 1542-1...
Page 310 Connection resources 11.1 Connection resources of a station Number of connection resources of a station Table 11- 1 Maximum number of connection resources supported for some CPU types Connection resources of a 1511 1512C 1515 1516 1517 1518 station 1511C 1513 Maximum connection re- sources of the station...
Page 311 Connection resources 11.1 Connection resources of a station Reserved connection resources 10 connection resources are reserved for stations with S7-1500 CPU, ET 200SP CPU and ET 200pro CPU based on S7-1500: ● 4 for PG communication required by STEP 7, for example, for test and diagnostics functions or downloading to the CPU ●...
Page 312: Allocation Of Connection Resources
Connection resources 11.2 Allocation of connection resources 11.2 Allocation of connection resources Overview - occupation of connection resources The following figure shows how different connections occupy the resources of the S7-1500. ① HMI communication: See below. ② Open User Communication: Connections of Open User Communication occupy a connection resource in every end point.
Page 313 Connection resources 11.2 Allocation of connection resources Connection resources for HMI communication With HMI communication, the occupation of connection resources in the station depends on the HMI device being used. Table 11- 2 Maximum occupied connection resources for different HMI devices HMI device Maximum occupied connection resources of the station per HMI connection...
Page 314 Connection resources 11.2 Allocation of connection resources Connection resources for routing To transfer data beyond S7 subnets ("S7 routing"), an S7 connection is established between two CPUs. The S7 subnets are connected via gateways known as S7 routers. CPUs, CMs and CPs in S7-1500 are S7 routers.
Page 315 Connection resources 11.2 Allocation of connection resources When are connection resources occupied? The time for the occupation of connection resources depends on how the connection is set up (see section Setting up a connection (Page 27)). ● Programmed setup of a connection: As soon as an instruction to establish a connection is called in the user program (TSEND_C/TRCV_C or TCON), a connection resource is occupied.
Page 316 CPU acknowledges the instruction to establish the connection with an error. S7-1500 and S7-300 comparison You will find a comparison of how the communication resources of the S7-1500 and S7-300 are managed in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/109747092). Communication Function Manual, 11/2019, A5E03735815-AH...
Page 317: Display Of The Connection Resources
Connection resources 11.3 Display of the connection resources 11.3 Display of the connection resources Display of the connection resources in STEP 7 (offline view) You can display the connection resources of an automation system in the hardware configuration. You will find the connection resources in the Inspector window in the properties of the CPU.
Page 318 Connection resources 11.3 Display of the connection resources The warning triangle in the column of the dynamic station resources is displayed because the sum of the maximum available connection resources of CPU, CP and CM (= 310 connection resources) exceeds the station limit of 256. Note Available connection resources exceeded STEP 7 signals the exceeding of the station-specific connection resources with a warning.
Page 319 Connection resources 11.3 Display of the connection resources Display of the connection resources in STEP 7 (online view) If you are connected to the CPU online, you can also see how many resources are currently being used under "Connection information". Figure 11-5 Connection resources - online The online view of the "Connection resources"...
Page 320 You can display the connection resources not only in STEP 7, but also with a browser that displays the relevant page of the Web server. You will find information on displaying connection resources in the Web server in the Web Server (http://support.automation.siemens.com/WW/view/en/59193560)function manual. Communication Function Manual, 11/2019, A5E03735815-AH...
Page 321: Diagnostics And Fault Correction
Diagnostics and fault correction 12.1 Connection diagnostics Connections table in the online view After selecting a CPU in the Devices & networks editor of STEP 7, you will see the status of your connections displayed in the online view of the connections table. Figure 12-1 Online view of the connections table After selecting the connection in the connections table, you obtain detailed diagnostic...
Page 322 Diagnostics and fault correction 12.1 Connection diagnostics "Connection information" tab: Connection details Figure 12-2 Diagnostics of connections - connection details Communication Function Manual, 11/2019, A5E03735815-AH...
Page 323 Diagnostics and fault correction 12.1 Connection diagnostics "Connection information" tab: Address details Figure 12-3 Diagnostics of connections - address details Diagnostics via web server You can evaluate diagnostic information from the CPU using a web browser via the integrated web server of a CPU. On the "Communication"...
Page 324: Emergency Address
CPU using the user program. Additional information You will find the description of the web server functionality in the function manual Web server (http://support.automation.siemens.com/WW/view/en/59193560). 12.2 Emergency address If you cannot reach the CPU via the IP address, you can set a temporary emergency address (emergency IP) for the CPU.
Page 325: Communication With The Redundant System S7-1500R/H
Communication with the redundant system S7-1500R/H Introduction Communication with the S7-1500R/H redundant system basically functions as with the S7-1500 standard system. This chapter describes the special features and restrictions for communication with the S7-1500R/H redundant system. Communication options for the S7-1500R/H redundant system ●...
Page 326: System Ip Addresses
Communication with the redundant system S7-1500R/H 13.1 System IP addresses 13.1 System IP addresses The system IP address of the S7-1500R/H redundant system In addition to the device IP addresses of the CPUs, the S7-1500R/H redundant system supports system IP addresses: ●...
Page 327 Communication with the redundant system S7-1500R/H 13.1 System IP addresses Requirements ● The interface of the communication partner and the PROFINET interfaces of the two CPUs are located in the same subnet. ● The interface of the communication partner is connected to both CPUs, each via the same interface (e.g.
Page 328 Communication with the redundant system S7-1500R/H 13.1 System IP addresses Communication via the system IP address X1 The following diagram shows a configuration where the communication partners are connected with a switch to the PROFINET ring of the S7-1500R/H redundant system. The PROFINET ring connects the communication partners with the respective PROFINET interfaces X1 of the two CPUs.
Page 329 Communication with the redundant system S7-1500R/H 13.1 System IP addresses Communication via the system IP addresses X1 and X2 If the CPUs of the redundant system S7-1500R/H have two PROFINET interfaces (X1 and X2), you can use the a system IP address for each PROFINET interface. PROFINET devices which are connected to the interfaces X1 of the CPUs communicate via the system IP address X1.
Page 330 Communication with the redundant system S7-1500R/H 13.1 System IP addresses IP forwarding via the system IP address If you use the system IP addresses as the gateway/default route for IP routes through the S7-1500R/H redundant system, IP packets are forwarded even if one CPU fails. In the following figure, the PC is connected to the two X2 interfaces of the S7-1500R CPUs.
Page 331 Communication with the redundant system S7-1500R/H 13.1 System IP addresses Enable system IP addresses Requirements: ● STEP 7 V15.1 or higher ● redundant system S7-1500R/H with two CPUs, e.g. two CPUs 1513R-1PN If the CPUs of the S7-1500R/H redundant system have two PROFINET interfaces (X1 and X2), then you can use a system IP address for both PROFINET interfaces.
Page 332: Response To Snycup
Communication with the redundant system S7-1500R/H 13.2 Response to Snycup 13.2 Response to Snycup Response of communication connections via the system IP address in the system state SYNCUP ● HMI, PG- and S7-connections are temporarily closed. For a short time during the SYNCUP it is not possible to establish connections to the S7-1500R/H redundant system.
Page 333: Connection Resources Of The Redundant System S7-1500R/H
Communication with the redundant system S7-1500R/H 13.4 Connection resources of the redundant system S7-1500R/H 13.4 Connection resources of the redundant system S7-1500R/H Maximum number of connection resources of the S7-1500R/H redundant system The S7-1500R/H redundant system supports a maximum number of connection resources. The CPU used determines the maximum number of resources for the redundant system: ●...
Page 334 Communication with the redundant system S7-1500R/H 13.4 Connection resources of the redundant system S7-1500R/H Display of the occupied connection resources in STEP 7 Requirements: Online connection to the redundant system S7-1500R/H You will find the online display of the connection resources in the inspector window under "Diagnostics"...
Page 335: Hmi Communication With The Redundant System S7-1500R/H
Communication with the redundant system S7-1500R/H 13.5 HMI communication with the redundant system S7-1500R/H 13.5 HMI communication with the redundant system S7-1500R/H 13.5.1 HMI connection via the system IP address Requirements ● A redundant S7-1500R/H system, e.g. CPU 1513R-1PN ● System IP address is enabled ●...
Page 336 Communication with the redundant system S7-1500R/H 13.5 HMI communication with the redundant system S7-1500R/H Changing the HMI connection over to the device IP address To permanently change the HMI connection over to the selected CPU, clear the check box "Use the system IP address for switched communication" in the properties of the HMI connection.
Page 337: Open User Communication With The Redundant System S7-1500R/H
Communication with the redundant system S7-1500R/H 13.6 Open User Communication with the redundant system S7-1500R/H 13.6 Open User Communication with the redundant system S7-1500R/H The following table shows which protocols of the Open User Communication you can use for the S7-1500R/H redundant system and the matching system data types and instructions. Table 13- 1 Protocols, system data types and usable instructions for Open User Communication with the redundant system S7-1500R/H...
Page 338 Communication with the redundant system S7-1500R/H 13.6 Open User Communication with the redundant system S7-1500R/H Open User Communication via a device IP address of the redundant system S7 1500R/H In redundant mode, the redundant system can establish or terminate connections and send or receive data via every device IP address.
Page 339 Communication with the redundant system S7-1500R/H 13.6 Open User Communication with the redundant system S7-1500R/H TSEND_C instruction in the user program of the S7-1500R/H redundant system To set up a TCP-connection to a different CPU, follow these steps: 1. Create a "TSEND_C" instruction in the user program. Figure 13-11 S7-1500R/H: "TSEND_C"...
Page 340 Communication with the redundant system S7-1500R/H 13.6 Open User Communication with the redundant system S7-1500R/H 3. In the Inspector window, go to "Properties" > "Configuration" > "Connection parameters". On the left-hand side you can see the S7-1500R/H redundant system as a local end point of the connection: –...
Page 341 Communication with the redundant system S7-1500R/H 13.6 Open User Communication with the redundant system S7-1500R/H TRCV_C instruction in the user program of the CPU 1516 3PN/DP Create a TRCV_C instruction in the user program of the CPU 1516-3PN/DP and assign parameters as below: Figure 13-13 S7-1500-3PN/DP: Assigning parameters to the TRCV_C instruction in STEP 7 Communication...
Page 342 ● Select a suitable PROFINET interface of the S7-1500R/H redundant system. ● Deselect the "Use address of H-system" check box. Figure 13-14 OUC-connection via a device IP address Reference You can find additional information on system states in the S7-1500R/H (https://support.industry.siemens.com/cs/ww/en/view/109754833) system manual. See also PROFINET FUNCTION MANUAL (https://support.industry.siemens.com/cs/ww/en/view/49948856) Communication...
Page 343: Industrial Ethernet Security With Cp 1543-1
Industrial Ethernet Security with CP 1543-1 All-round protection - the task of Industrial Ethernet Security With Industrial Ethernet Security, individual devices, automation cells or network segments of an Ethernet network can be protected. Data transfer can also be protected by a combination of different security measures: ●...
Page 344: Firewall
The firewall and VPN groups protective functions can be applied to the operation of single devices, multiple devices, or entire network segments. Additional information An overview with links to the most important contributions on Industrial Security is available in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/92651441). 14.1 Firewall Tasks of the firewall The purpose of the firewall functionality is to protect networks and stations from outside influences and disturbances.
Page 345: Logging
Industrial Ethernet Security with CP 1543-1 14.2 Logging 14.2 Logging Functionality For test and monitoring purposes, the security module has diagnostics and logging functions. ● Diagnostics functions These include various system and status functions that you can use in online mode. ●...
Page 346: Ntp Client
Industrial Ethernet Security with CP 1543-1 14.3 NTP client 14.3 NTP client Functionality To check the time validity of a certificate and the time stamp of log entries, the date and time are maintained on the CP 1543-1 as on the CPU. This time can be synchronized with NTP. The CP 1543-1 forwards the synchronized time to the CPU via the backplane bus of the automation system.
Page 347: Vpn
Industrial Ethernet Security with CP 1543-1 14.5 VPN 14.5 Functionality For security modules that protect the internal network, VPN (Virtual Private Network) tunnels provide a secure data connection through the non-secure external network. The module uses the IPsec protocol (tunnel mode of IPsec) for tunneling. In STEP 7 you can assign VPN groups to security modules.
Page 348: Glossary
Glossary Automation system Programmable logic controller for the open-loop and closed-loop control of process chains of the process engineering industry and manufacturing technology. The automation system consists of different components and integrated system functions according to the automation task. Backup CPU If the R/H system is in RUN-Redundant system state, the primary CPU controls the process.
Page 349 Glossary Communications processor → Central Processing Unit - Central module of the S7 automation system with a control and arithmetic unit, memory, operating system and interface for programming device. Device Generic term for: ● Automation systems (PLC, PC, for example) ●...
Page 350 Glossary Duplex Data transmission system; a distinction is made between full and half duplex. Half duplex: One channel is available for alternate data exchange (sending or receiving alternately but not at the same time). Full duplex: Two channels are available for simultaneous data exchange in both directions (simultaneous sending and receiving in both directions).
Page 351 Glossary Industrial Ethernet → Interface module → Industrial Ethernet Guideline for setting up an Ethernet network in an industrial environment. The essential difference compared with standard Ethernet is the mechanical ruggedness and immunity to noise of the individual components. Instruction The smallest self-contained unit of a user program characterized by its structure, function or purpose as a separate part of the user program.
Page 352 Glossary IO device, PROFINET IO device Device in the distributed I/O of a PROFINET system that is monitored and controlled by an IO controller (for example distributed inputs/outputs, valve islands, frequency converters, switches). IP address Binary number that is used as a unique address in computer networks in conjunction with the Internet Protocol (IP).
Page 353 Glossary Modbus RTU Remote Terminal Unit; Open communications protocol for serial interfaces based on a master/slave architecture. Modbus TCP Transmission Control Protocol; Open communications protocol for Ethernet based on a master/slave architecture. The data are transmitted as TCP/IP packets. Network A network consists of one or more interconnected subnets with any number of devices.
Page 354 Glossary Point-to-point connection Bidirectional data exchange via communications modules with a serial interface between two communications partners (and two only). Port Physical connector to connect devices to PROFINET. PROFINET interfaces have one or more ports. Primary CPU If the R/H system is in RUN-Redundant system state, the primary CPU controls the process. The backup CPU processes the user program synchronously and can take over process control if the primary CPU fails.
Page 355 Glossary PROFINET Open component-based industrial communications system based on Ethernet for distributed automation systems. Communications technology promoted by the PROFIBUS user organization. PROFINET device Device that always has a PROFINET interface (electrical, optical, wireless). PROFINET interface Interface of a module capable of communication (for example CPU, CP) with one or more ports.
Page 356 Glossary Redundant systems Redundant systems have multiple (redundant) instances of key automation components. Process control is maintained if a redundant component fails. Ring topology All devices of a network are connected together in a ring. Root CA certificates See also root certificate →...
Page 357 Glossary SDA service Send Data with Acknowledge. SDA is an elementary service with which an initiator (for example DP master) can send a message to other devices and then receives acknowledgment of receipt immediately afterwards. SDN service Send Data with No Acknowledge. This service is used primarily to send data to multiple stations and the service therefore remains unacknowledged.
Page 358 Glossary SNMP Simple Network Management Protocol, uses the wireless UDP transport protocol. SNMP works in much the same way as the client/server model. The SNMP manager monitors the network nodes. The SNMP agents collect the various network-specific information in the individual network nodes and makes this information available in a structured form in the MIB (Management Information Base).
Page 359 Glossary Time-of-day synchronization Capability of transferring a standard system time from a single source to all devices in the system so that their clocks can be set according to the standard time. Tree topology Network topology characterized by a branched structure: Two or more bus nodes are connected to each bus node.
Page 360: Index
Index Overview, 27, 307 S7 routing, 313 Station specific, 316 Consistency of data, 31 Advanced Encryption Algorithm, 37 CP, 14 AES, 37 Applicant, 40 Asymmetric encryption, 38 Data consistency, 31 Data record routing, 301 Digital certificates, 40 BRCV, 113 BSEND, 113 E-mail, 19, 67, 87 End-entity certificate, 43 Certificate authorities, 40...
Page 361 Index IP address, emergency address (temporary), 323 Customizing the server certificate, 190 IP forwarding, 294 Generating a server certificate, 184 ISO, 19, 66 Performance, 173 ISO-on-TCP, 66, 75 Performance increase, 173 Publishing interval, 182 Runtime licenses, 197, 198 Sampling interval, 183 Security settings, 188 Logging, 344 Subscription, 180...
Page 362 Index NTP, 345 SNMP, 345 Self-signed certificates, 40 Server certificate, 190 Setting up a connection, 27 By configuring, 80 ISO connection with CP 1543-1, 81 Signature, 41 SNMP, 19, 345 SSL, 39 Symmetric encryption, 37 Syslog, 344 System data type, 69 TCON, 68 TCP, 19, 66, 75 TDISCON, 68...

This manual is also suitable for:

Simatic et 200mp Simatic et 200al Simatic et 200pro Simatic et 200sp

Siemens SIMATIC S7-1500 Function Manual

1 Function Manuals Documentation Guide

2 Product Overview

3 Communications Services

4 PG Communication

5 HMI Communication

6 Open User Communication

7 S7 Communication

8 Point-To-Point Link

9 OPC UA Communication

10 Routing

11 Connection Resources

12 Diagnostics and Fault Correction

13 Communication with the Redundant System S7-1500R/H

14 Industrial Ethernet Security with CP 1543-1

Quick Links

Related Manuals for Siemens SIMATIC S7-1500

Summary of Contents for Siemens SIMATIC S7-1500

This manual is also suitable for:

Table of Contents