Ba CP-1243-1 76
Ba CP-1243-1 76
Ba CP-1243-1 76
Preface
___________________
Application and functions 1
___________________
LEDs and connectors 2
SIMATIC NET
Installation, connecting up,
___________________
commissioning 3
S7-1200 - TeleControl
CP 1243-1 4
___________________
Configuration
5
___________________
Program blocks
Operating Instructions
___________________
Diagnostics and upkeep 6
7
___________________
Technical data
A
___________________
Approvals
___________________
Dimension drawings B
___________________
Documentation references C
02/2018
C79000-G8976-C365-04
Legal information
Warning notice system
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
Qualified Personnel
The product/system described in this documentation may be operated only by personnel qualified for the specific
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Proper use of Siemens products
Note the following:
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
Disclaimer of Liability
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
Figure 1 CP 1243-1
Behind the top hinged cover of the module housing, you will see the hardware product
version to the right of the article number printed as a placeholder "X". If the printed text is, for
example, "X 2 3 4", "X" would be the placeholder for hardware product version 1.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 3
Preface
You will find the firmware version of the CP as supplied behind the top hinged cover of the
housing to the left below the LED field.
You will find the MAC address under the lower hinged cover of the housing.
CP 1243-1
4 Operating Instructions, 02/2018, C79000-G8976-C365-04
Preface
Required experience
To install, commission and operate the CP, you require experience in the following areas:
● Automation engineering
● Setting up the SIMATIC S7-1200
● SIMATIC STEP 7 Basic / Professional
Cross references
In this manual there are often cross references to other sections.
To be able to return to the initial page after jumping to a cross reference, some PDF readers
support the command <Alt>+<Left arrow>.
License conditions
Note
Open source software
The product contains open source software. Read the license conditions for open source
software carefully before using the product.
You will find license conditions in the following document on the supplied data medium:
● OSS-CP1243-1_86.pdf
Firmware
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.
Security information
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, systems, machines and networks.
In order to protect plants, systems, machines and networks against cyber threats, it is
necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial
security concept. Siemens’ products and solutions constitute one element of such a concept.
Customers are responsible for preventing unauthorized access to their plants, systems,
machines and networks. Such systems, machines and components should only be
connected to an enterprise network or the internet if and to the extent such a connection is
necessary and only when appropriate security measures (e.g. firewalls and/or network
segmentation) are in place.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 5
Preface
CP 1243-1
6 Operating Instructions, 02/2018, C79000-G8976-C365-04
Table of contents
Preface ................................................................................................................................................... 3
1 Application and functions ...................................................................................................................... 11
1.1 Properties of the CP................................................................................................................11
1.2 Communications services .......................................................................................................11
1.3 Connection to SINEMA RC .....................................................................................................12
1.4 Other services and properties .................................................................................................14
1.5 Security functions ....................................................................................................................15
1.6 Configuration limits and performance data .............................................................................17
1.7 Configuration examples ..........................................................................................................19
1.7.1 Sending e-mails ......................................................................................................................19
1.7.2 TeleControl Basic ....................................................................................................................20
1.7.3 DNP3 / IEC .............................................................................................................................21
1.7.3.1 Configuration with 1 subnet ....................................................................................................21
1.7.3.2 Configuration with connections over the Internet ...................................................................22
1.7.3.3 Configuration with a redundant control center ........................................................................23
1.7.4 Remote maintenance with SINEMA RC .................................................................................25
1.8 Requirements for use..............................................................................................................26
1.8.1 Hardware requirements ..........................................................................................................26
1.8.2 Software requirements ............................................................................................................26
2 LEDs and connectors ............................................................................................................................ 27
2.1 Opening the covers of the housing .........................................................................................27
2.2 LEDs .......................................................................................................................................28
2.3 Electrical connectors ...............................................................................................................32
2.3.1 Power supply ..........................................................................................................................32
2.3.2 Ethernet interface X1P1 ..........................................................................................................32
3 Installation, connecting up, commissioning ............................................................................................ 33
3.1 Important notes on using the device .......................................................................................33
3.1.1 Notices on use in hazardous areas ........................................................................................33
3.1.2 Notices on use in hazardous areas according to IECEx / ATEX ............................................34
3.1.3 Notices regarding use in hazardous areas according to UL HazLoc .....................................35
3.1.4 Notices on use in hazardous areas according to FM .............................................................35
3.2 Installing, connecting up and commissioning .........................................................................36
3.3 Note on operation ...................................................................................................................38
4 Configuration ........................................................................................................................................ 39
4.1 Security recommendations .....................................................................................................39
4.2 Configuration in STEP 7 .........................................................................................................42
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 7
Table of contents
CP 1243-1
8 Operating Instructions, 02/2018, C79000-G8976-C365-04
Table of contents
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 9
Table of contents
CP 1243-1
10 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions 1
1.1 Properties of the CP
Application
The CP is intended for operation in an S7-1200 automation system. The CP allows
connection of the S7-1200 to Industrial Ethernet or via the Internet to the following control
center systems:
● Telecontrol server (OPC server application TCSB V3)
● DNP3 master station
● IEC master station
With the combination of different security functions such as firewall and protocols for data
encryption, the CP protects the station and even entire automation cells from unauthorized
access and protects the communication between the remote S7 station and the master
station (TCSB) from espionage and manipulation.
Telecontrol communication
The following applications are supported:
● Communication with a control center
The CP is a communications processor of the SIMATIC S7-1200 for system attachment
to the control center systems named above. The CP can communicate with redundant
control systems.
For each control center system the relevant telecontrol protocol is activated on the CP
("Type of communication"). The protocols allow IP-based data transmission for telecontrol
applications.
You will find the usable security functions in the section Security functions (Page 15).
● Inter-station communication between S7-1200 stations with the "Telecontrol Basic"
protocol
In this application, the CP sends the data to the target station via the telecontrol server.
● Messages / e-mail
With special events, the CP can send messages as e-mails.
The function is configured in telecontrol communication in STEP 7. The use of program
blocks is not necessary.
You will find the requirements and functions in the section E-mail configuration (Page 73).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 11
Application and functions
1.3 Connection to SINEMA RC
CP 1243-1
12 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.3 Connection to SINEMA RC
Parameter groups
You configure communication via SINEMA RC and telecontrol communication via SINEMA
RC in two parameter groups:
● Communication via SINEMA RC:
> "Security > VPN"
● Telecontrol communication via SINEMA RC:
> "Communication types"
For information on the supported protocols and configuration, see section Communication
types (Page 48).
Applications
The following application options of the CP result from the combination of the parameters for
telecontrol communication and SINEMA RC:
● (1) No telecontrol and no SINEMA RC (CP for network separation only)
● (2) CP only for remote maintenance via SINEMA RC
● (3) CP for telecontrol communication only
● (4) CP uses telecontrol communication, but SINEMA RC only for remote maintenance.
● (5) CP uses SINEMA RC for telecontrol communication and remote maintenance.
The table provides an overview of the applications with the respective parameter settings.
● "On" means that the parameter is activated.
● "Off" means that the parameter is deactivated.
Parameter settings
Use case (Parameters abbreviated) *
SRC TC TC-SRC
(1) Off Off Off
(2) On Off Off
(3) Off On Off
(4) On On Off
(5) On On On
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 13
Application and functions
1.4 Other services and properties
CP 1243-1
14 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.5 Security functions
● SNMP
As an SNMP agent, the CP supports data queries using SNMP (Simple Network
Management Protocol).
For more detailed information, refer to section SNMP (Page 135).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 15
Application and functions
1.5 Security functions
CP 1243-1
16 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.6 Configuration limits and performance data
Note
Plants with security requirements - recommendation
Use the following options:
• If you have systems with high security requirements, use the secure protocols
NTP (secure), HTTPS and SNMPv3.
• If you connect to public networks, you should use the firewall. Think about the services
you want to allow access to the station via public networks. By using the "bandwidth
limitation" of the firewall, you can restrict the possibility of flooding and DoS attacks.
See also section Security recommendations (Page 39).
For configuring the security functions refer to the section Security (Page 67).
You will find further information on the functionality and configuration of the security functions
in the information system of STEP 7 and in the manual /4/ (Page 152).
Connection resources
● Telecontrol connections
With the various telecontrol protocols the CP can establish connections to the following
master station types:
– To non-redundant or redundant telecontrol servers (TCSB).
– To up to four non-redundant or redundant DNP3 masters
– To up to four non-redundant or redundant IEC masters
With the Telecontrol Basic protocol, in addition to this, inter-station communication with
up to 15 S7 stations with a CP 1243-1 can be operated via the telecontrol server.
● S7 connections and TCP / UDP / ISO-on-TCP connections
Max. 14 connection resources, can be distributed as required for:
– S7 connections (PUT/GET)
– Connections via program blocks (OUC) to S7 stations
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 17
Application and functions
1.6 Configuration limits and performance data
● Online functions
1 connection resource is reserved for online functions.
● PG/OP connections
– 1 connection resource for PG connections
– 3 connection resources for OP connections
User data
The data to be transferred by the CP is assigned to various data points in the STEP 7
configuration.
The size of the user data per data point depends on the data type of the relevant data point.
You will find details in the section Datapoint types (Page 96).
Messages (e-mail)
● Sending of up to 10 messages (e-mails) can be configured with the message editor.
● Sending e-mails via the TMAIL_C program block
Firewall rules
The maximum number of firewall rules in advanced firewall mode is limited to 256.
CP 1243-1
18 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.7 Configuration examples
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 19
Application and functions
1.7 Configuration examples
In the telecontrol applications of the example shown, SIMATIC S7 stations communicate with
a non-redundant telecontrol server (TCSB) in the master station.
● Telecontrol communication between stations and master station
The communication is via the following paths and communication modules:
– Communication via the Internet: S7-1200 with CP 1243-1
– Communication via the GSM network and the Internet: S7-1200 with CP 1242-7 or
S7-200 with MODEM MD720
The establishment of terminal connections with encryption is initiated automatically by the
telecontrol protocol used by the various communication modules.
The creation of VPN connections between the CP 1243-1 and telecontrol server is
optional.
The telecontrol server monitors the connections established by the remote stations.
● Inter-station communication
Stations of the same type, for example S7-1200 with CP 1243-1, can communicate with
each other by sending the frames via the telecontrol server.
CP 1243-1
20 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.7 Configuration examples
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 21
Application and functions
1.7 Configuration examples
Figure 1-4 Configuration example with a non-redundant control center and stations in one IP subnet
The S7-1200 stations are connected to the Internet via the CP and connected to the control
center.
When using the DNP3 protocol, for example, SIMATIC PCS 7 TeleControl or the system of a
third-party provider can be used as the control center. If you use SIMATIC PCS 7
TeleControl as the DPN3 master in the control center, you require the necessary DPN3
driver.
CP 1243-1
22 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.7 Configuration examples
As an alternative to the router SCALANCE 812, you can also use a standard DSL modem
and establish the VPN connection with a security module SCALANCE S.
Addressing
Refer to the information in the section DNP3 / IEC (Page 44).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 23
Application and functions
1.7 Configuration examples
CP 1243-1
24 Operating Instructions, 02/2018, C79000-G8976-C365-04
Application and functions
1.7 Configuration examples
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 25
Application and functions
1.8 Requirements for use
CP 1243-1
26 Operating Instructions, 02/2018, C79000-G8976-C365-04
LEDs and connectors 2
2.1 Opening the covers of the housing
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 27
LEDs and connectors
2.2 LEDs
2.2 LEDs
(red / green)
(green)
CONNECT Status of the connections to the communications partner
(green)
VPN Status of the VPN or SINEMA Remote Connect configuration
(green)
SERVICE Status of a connection for online functions
(green)
Symbol -
CP 1243-1
28 Operating Instructions, 02/2018, C79000-G8976-C365-04
LEDs and connectors
2.2 LEDs
Note
LED colors when the module starts up
When the module starts up, all its LEDs are lit for a short time. Multicolored LEDs display a
color mixture. At this point in time, the color of the LEDs is not clear.
DIAG Meaning
(red / green) (if more than one point listed: alternative meaning)
Basic statuses of the CP
• Power OFF
• Incorrect startup
Running (RUN) without serious error
green
• Partner not connected
• Starting up
flashing red-green
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 29
LEDs and connectors
2.2 LEDs
Startup - phase 1
red
- Startup - phase 2
flashing red
- - - - Running (RUN) without serious error
green
Incorrect startup
red
- - - Missing STEP 7 project data
flashing red
- - Backplane bus error
flashing red
Connection to Industrial Ethernet
- - - - Connection to Industrial Ethernet exists
green
- - Partner not reachable
flashing
green
CP 1243-1
30 Operating Instructions, 02/2018, C79000-G8976-C365-04
LEDs and connectors
2.2 LEDs
green
- - Attempt to establish connection for online
functions
green
- - - No connection to engineering station
green
VPN/SINEMA Remote Connect connection
- - VPN/SINEMA Remote Connect connection
established
green
- - Attempting to establish a configured
VPN/SINEMA Remote Connect connection
flashing flashing
green green
- - - - VPN/SINEMA Remote Connect connection
not configured or currently not established
on the CP
Loading firmware
Loading firmware. The DIAG LED flashes
alternating red and green.
Firmware was successfully loaded.
flashing
green
Error loading firmware
flashing red
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 31
LEDs and connectors
2.3 Electrical connectors
Power supply
The CM is supplied with power from the backplane bus. It does not require a separate power
supply.
Ethernet interface
The Ethernet connector is located behind the lower hinged cover of the module. The
interface is an RJ-45 jack according to IEEE 802.3.
The pin assignment and other data relating to the Ethernet interface can be found in the
section Technical data (Page 143).
CP 1243-1
32 Operating Instructions, 02/2018, C79000-G8976-C365-04
Installation, connecting up, commissioning 3
3.1 Important notes on using the device
Overvoltage protection
NOTICE
Protection of the external power supply
If power is supplied to the module or station over longer power cables or networks, the
coupling in of strong electromagnetic pulses onto the power supply cables is possible. This
can be caused, for example by lightning strikes or switching of higher loads.
The connector of the external power supply is not protected from strong electromagnetic
pulses. To protect it, an external overvoltage protection module is necessary. The
requirements of EN61000-4-5, surge immunity tests on power supply lines, are met only
when a suitable protective element is used. A suitable device is, for example, the Dehn
Blitzductor BVT AVD 24, article number 918 422 or a comparable protective element.
Manufacturer:
DEHN+SOEHNE GmbH+Co.KG Hans Dehn Str.1 Postfach 1640 D-92306 Neumarkt,
Germany
WARNING
EXPLOSION HAZARD
DO NOT OPEN WHEN ENERGIZED.
WARNING
The device may only be operated in an environment with pollution degree 1 or 2 (see IEC
60664-1).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 33
Installation, connecting up, commissioning
3.1 Important notes on using the device
WARNING
The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a
Limited Power Source (LPS).
This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 / VDE 0805-1
must be connected to the power supply terminals. The power supply unit for the equipment
power supply must comply with NEC Class 2, as described by the National Electrical Code
(r) (ANSI / NFPA 70).
If the equipment is connected to a redundant power supply (two separate power supplies),
both must meet these requirements.
WARNING
EXPLOSION HAZARD
DO NOT CONNECT OR DISCONNECT EQUIPMENT WHEN A FLAMMABLE OR
COMBUSTIBLE ATMOSPHERE IS PRESENT.
WARNING
EXPLOSION HAZARD
SUBSTITUTION OF COMPONENTS MAY IMPAIR SUITABILITY FOR CLASS I, DIVISION
2 OR ZONE 2.
WARNING
WARNING
Requirements for the cabinet/enclosure
To comply with EU Directive 94/9 (ATEX95), the enclosure or cabinet must meet the
requirements of at least IP54 in compliance with EN 60529.
WARNING
If the cable or conduit entry point exceeds 70 °C or the branching point of conductors
exceeds 80 °C, special precautions must be taken. If the equipment is operated in an air
ambient in excess of 50 °C, only use cables with admitted maximum operating temperature
of at least 80 °C.
CP 1243-1
34 Operating Instructions, 02/2018, C79000-G8976-C365-04
Installation, connecting up, commissioning
3.1 Important notes on using the device
WARNING
Take measures to prevent transient voltage surges of more than 40% of the rated voltage.
This is the case if you only operate devices with SELV (safety extra-low voltage).
WARNING
EXPLOSION HAZARD
DO NOT DISCONNECT WHILE CIRCUIT IS LIVE UNLESS AREA IS KNOWN TO BE
NON-HAZARDOUS.
This equipment is suitable for use in Class I, Division 2, Groups A, B, C and D or non-
hazardous locations only.
This equipment is suitable for use in Class I, Zone 2, Group IIC or non-hazardous locations
only.
WARNING
EXPLOSION HAZARD
You may only connect or disconnect cables carrying electricity when the power supply is
switched off or when the device is in an area without inflammable gas concentrations.
This equipment is suitable for use in Class I, Division 2, Groups A, B, C and D or non-
hazardous locations only.
This equipment is suitable for use in Class I, Zone 2, Group IIC or non-hazardous locations
only.
WARNING
EXPLOSION HAZARD
The equipment is intended to be installed within an ultimate enclosure. The inner service
temperature of the enclosure corresponds to the ambient temperature of the module. Use
installation wiring connections with admitted maximum operating temperature of at least
30 ºC higher than maximum ambient temperature.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 35
Installation, connecting up, commissioning
3.2 Installing, connecting up and commissioning
CAUTION
Read the system manual "S7-1200 Programmable Controller"
Prior to installation, connecting up and commissioning, read the relevant sections in the
system manual "S7-1200 Programmable Controller", refer to the documentation in the
Appendix.
When installing and connecting up, keep to the procedures described in the system manual
"S7-1200 Programmable Controller".
NOTICE
Turning off the station when plugging/pulling the module
Before pulling or plugging the module, always turn off the power supply to the station.
CP 1243-1
36 Operating Instructions, 02/2018, C79000-G8976-C365-04
Installation, connecting up, commissioning
3.2 Installing, connecting up and commissioning
* Width B: The distance between the edge of the housing and the center of the hole in the DIN rail mounting clip
You will find detailed dimensions of the module in the section Dimension drawings
(Page 149).
Installation location
NOTICE
Installation location
The module must be installed so that its upper and lower ventilation slits are not covered,
allowing adequate ventilation. Above and below the device, there must be a clearance of 25
mm to allow air to circulate and prevent overheating.
Remember that the permitted temperature ranges depend on the position of the installed
device. You will find the permitted temperature ranges in the section Technical
specifications of the CP 1243-1 (Page 143).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 37
Installation, connecting up, commissioning
3.3 Note on operation
Note
Connection with power off
Only wire up the S7-1200 with the power turned off.
Note
Time synchronization for telecontrol via SINEMA RC
When using SINEMA Remote Connect for telecontrol communication, set the CPU time
manually during commissioning; see note in section Telecontrol via SINEMA RC (Page 48).
NOTICE
Closing the front panels
To ensure interference-free operation, keep the front panels of the module closed during
operation.
CP 1243-1
38 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration 4
4.1 Security recommendations
Observe the following security recommendations to prevent unauthorized access to the
system.
General
● You should make regular checks to make sure that the device meets these
recommendations and other internal security guidelines if applicable.
● Evaluate your plant as a whole in terms of security. Use a cell protection concept with
suitable products.
● Do not connect the device directly to the Internet. Operate the device within a protected
network area.
● Keep the firmware up to date. Check regularly for security updates of the firmware and
use them.
● Check regularly for new features on the Siemens Internet pages.
– You can find information on Industrial Security here:
Link: (http://www.siemens.com/industrialsecurity)
– You can find information on security in industrial communication here:
Link: (http://w3.siemens.com/mcms/industrial-communication/en/ie/industrial-ethernet-
security/Seiten/industrial-security.aspx)
– You can find a publication on the topic of network security (6ZB5530-1AP02-0BA5)
here:
Link:
(http://w3app.siemens.com/mcms/infocenter/content/en/Pages/order_form.aspx?node
Key=key_518693&infotype=brochures)
Enter the following filter: 6ZB5530
Physical access
Restrict physical access to the device to qualified personnel.
Network attachment
Do not connect the PC directly to the Internet. If a connection from the CP to the Internet is
required, arrange for suitable protection before the CP, for example a SCALANCE S with
firewall or use the CP 1543SP-1.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 39
Configuration
4.1 Security recommendations
Passwords
● Define rules for the use of devices and assignment of passwords.
● Regularly update the passwords to increase security.
● Only use passwords with a high password strength. Avoid weak passwords for example
"password1", "123456789" or similar.
● Make sure that all passwords are protected and inaccessible to unauthorized personnel.
See also the preceding section for information on this.
● Do not use one password for different users and systems.
Protocols
CP 1243-1
40 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.1 Security recommendations
Protocol / function Port number (pro- Default of the port Port status Authentication
tocol)
DNP3 20000 (TCP) Closed Open after configuration Yes, when secure
authentication is ena-
bled.
IEC 2404 (TCP) Closed Open after configuration No
S7 and online 102 (TCP) Open Open after configuration * No
connections
Online security 8448 (TCP) Closed Open after configuration No
diagnostics
Communication 8448 (TCP) Closed Open after configuration Yes
via SINEMA RC
HTTP 80 (TCP) Closed Open after configuration No
HTTPS 443 (TCP) Closed Open after configuration Yes
SNMP 161 (UDP) Open Open after configuration Yes (with SNMPv3)
* For information on avoiding opening the port during diagnostics, see section Online
security diagnostics via port 8448 (Page 133).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 41
Configuration
4.2 Configuration in STEP 7
Configuration in STEP 7
You configure the modules and networks in SIMATIC STEP 7. You will find the required
version in the section Software requirements (Page 26).
CP 1243-1
42 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.3 Addressing and authentication
IP address of the CP
Since the CP always establishes the connection with TCSB, a dynamic IP address can be
assigned to the CP by the Internet service provider.
To change the IP address during operation, refer also to the section Changing the IP
address during runtime (Page 129).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 43
Configuration
4.3 Addressing and authentication
CP 1243-1
44 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.4 Time-of-day synchronization
Note
Time-of-day synchronization of the CP
With applications that require time-of-day synchronization (e.g. telecontrol), you need to
synchronize the time of day of the CP regularly. If you do not synchronize the time of day of
the CP regularly, there may be deviations of several seconds per day in the time information
of the CP.
With security functions enabled, you need to enable time-of-day synchronization.
Note
Recommendation for setting the time
Synchronization with a external clock at intervals of approximately 10 seconds is
recommended. This achieves as small a deviation as possible between the internal time and
the UTC time.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 45
Configuration
4.4 Time-of-day synchronization
Note
Recommendation: Time-of-day synchronization only by 1 module
Only have the time of day of the station from an external time source synchronized by a
single module so that a consistent time of day is maintained within the station.
When the CPU takes the time from the CP, disable time-of-day synchronization of the CPU.
CP 1243-1
46 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.5 Communication types
Note
Forwarding the time to the CPU
Depending on the firmware version of the modules involved, the time-of-day of the CP is
forwarded to the CPU in different ways:
• Optional forwarding of the CP time to the CPU using a PLC tag
• Obligatory forwarding of the CP time to the CPU via the backplane bus
The forwarding of the CP time to the CPU depends on the firmware version of the CP and
the CPU. Note the following behaviour.
● CP firmware ≤ V2.1.6x
With this firmware version the CP can make the time-of-day available to the CPU as an
option via a PLC tag. When this PLC tag is read cyclically by the CPU, the CPU adopts
the CP time.
In the parameter group "Communication with the CPU", you can set whether or not the
current time of day of the CP will be made available to the CPU via a PLC tag. For TLC
tags, see parameter group "Communication with the CPU" of the CP.
● CP firmware ≥ V2.1.77 and CPU firmware ≥ V4.2
If both modules in the station have the named firmware versions, the time of day of the
CP is automatically forwarded to the CPU.
Since the CPU automatically adopts the CP time, you no longer require the forwarding
option using the PLC tag.
If for the CPU the option "CPU synchronizes the modules of the device" is enabled in
"PROFINET interface > Time synchronization", all smart modules of the station are
synchronized with the CPU time.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 47
Configuration
4.5 Communication types
Requirements
Configure the SINEMA Remote Connect - Server before configuring the CP (not in STEP 7).
The CP and the communication partner of the CP must be configured in the SINEMA RC
Server.
CP 1243-1
48 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.6 Telecontrol via SINEMA RC
See also
Communications services (Page 11)
Communication types (Page 48)
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 49
Configuration
4.7 Ethernet interface
Note
Time synchronization for telecontrol via SINEMA RC
When using SINEMA Remote Connect for telecontrol communication, the communication
module needs the current time for authentication on the SINEMA RC Server. The module
receives the time from the CPU or from an NTP server before the connection is established
for the first time.
Recommendation:
During commissioning, set the time of the CPU manually at least once using the STEP 7
online functions. This is necessary especially if you have configured the "Time from partner"
option for the time synchronization. In this way, you ensure that the CPU has a valid time of
day when the station starts up and that the CP can exchange the required certificates with
the SINEMA RC Server.
4.7.1 CP identification
The parameter group is available only when telecontrol communication is enabled.
CP addressing
The parameter group is used for addressing and identification of the CP in the network.
● TeleControl Basic
You will find the parameters for the TeleControl Basic protocol in "Security", refer to the
section CP iIdentifcation with the TeleControl Basic protocol (Page 69).
● DNP3
The station address is the DNP address.
Entry of the station address (digits only). Permitted range of values: 1...65519.
● IEC
The station address is the “common address of the ASDU" or the address of the
information object.
Entry of the station address (digits only). Permitted range of values: 1...65534.
CP 1243-1
50 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.7 Ethernet interface
Time-of-day synchronization
For the configuration of the time-of-day synchronization read the section Time-of-day
synchronization (Page 45).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 51
Configuration
4.7 Ethernet interface
Note
If the partner cannot be reached, connection establishment via the mobile wireless
network can take several minutes. This may depend on the particular network and current
network load.
Depending on your contract, costs may result from each connection establishment
attempt.
CP 1243-1
52 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.7 Ethernet interface
The value configured in TCSB is transferred by the telecontrol server to the CP the first
time the connection is established.
Each time the CP transfers data to TCSB and receives the acknowledgment from the
telecontrol server, the CP starts the watchdog cycle. When the watchdog cycle has
expired the CP sends a watchdog frame to the telecontrol server.
After sending a watchdog frame, the CP starts the watchdog monitoring time within which
the CP expects a reply from the telecontrol server. If the CP does not receive a reply from
the Telecontrol server within the monitoring time, it terminates and re-establishes the
connection.
Default setting: 30 s. Permitted range: 0...65535 s. If you enter 0 (zero), the function is
disabled.
● Key exchange interval
Here, you enter the interval in hours after which the key is exchanged again between the
CP and the telecontrol server. The key is a security function of the telecontrol protocol
used by the CP and TCSB V3.
Default setting: 8 s. Permitted range: 0...65535 s. If you enter 0 (zero), the function is
disabled.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 53
Configuration
4.7 Ethernet interface
CP 1243-1
54 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.7 Ethernet interface
You will find details of how the image buffer and send buffer work as well as the options for
transferring data in the section Process image, type of transmission, event classes
(Page 104).
Note
Settings on the master
When configuring the monitoring times t1 and t2 make sure that you make the
corresponding settings on the master so that there are no unwanted error messages or
connection aborts.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 55
Configuration
4.7 Ethernet interface
CP 1243-1
56 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.8 SNMP
4.8 SNMP
SNMP
The CP supports the following SNMP versions:
● SNMPv1
Available with security functions disabled.
Note that with this read and write access to the module is possible. In this case, other
settings are not possible.
The configuration of the community strings is only possible if the security functions are
enabled.
The CP uses the following community strings to authenticate access to its SNMP agent
via SNMPv1:
Access to the SNMP agent in the CP Community string for authentication in SNMPv1
*)
Note
Security of the access
For security reasons, change the preset and generally known strings "public" and
"private".
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 57
Configuration
4.9 Partner stations
● SNMPv3
Available only when security functions are enabled
For information on configuring SNMPv3, refer to the section SNMP (Page 75).
Configuration
● "Enable SNMP"
If the option is enabled, communication via SNMPv1 is enabled on the CP.
If the option is disabled, queries from SNMP clients are not replied to by the CP either via
SNMPv1 or via SNMPv3.
Listener port
CP 1243-1
58 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.9 Partner stations
Connection to partner
● Partner IP address
IP address or host name (FQDN) of the partner. This can, for example, also be the FQDN
of a DynDNS service.
– Note on TeleControl Basic
If the CP is connected to a TCSB redundancy group (TCSB V3), here configure the
public IP address of the DSL router via which the telecontrol server can be reached
from the Internet. Set the port forwarding on the DSL router so that the public IP
address (external network) is led to the virtual IP address of the TCSB server PCs
(internal network). The station does not therefore receive any information telling it
which of the two computers of the redundancy group it is connected to.
See also section Addressing in the redundant TCSB system (Page 61).
● Connection monitoring
Only for TeleControl Basic and DNP3
When the function is enabled, the connection to the communications partner is monitored
by sending keepalive frames.
The TCP connection monitoring time is set for all TCP connections of the CP in the
parameter group of the Ethernet interface. The setting applies to all TCP connections of
the CP.
Here in the parameter group "Partner stations", the globally set TCP connection
monitoring time can be set separately for the partner. The value set here for the partner
overwrites the global value that was set in the "Ethernet interface (X1) > Advanced
options > TCP connection monitoring" parameter group.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 59
Configuration
4.9 Partner stations
CP 1243-1
60 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.9 Partner stations
● Protocol type
Only for DNP3
Selection of the protocol type on the transport layer: TCP / UDP
● Partner port
Only with TeleControl Basic
Number of the listener port of the telecontrol server.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 61
Configuration
4.9 Partner stations
– Bits 2-3 indicate the status of the send buffer (frame memory).
The following values are possible:
- 0: Send buffer OK
- 1: Send buffer threatening to overflow (more than 80 % full).
- 3: Send buffer has overflowed (fill level 100 % reached).
As soon as the fill level drops below 50 %, bits 2 and 3 are reset to 0.
Bits 4 to 15 of the PLC tags are not used and do not need to be evaluated in the program.
Inter-station communication
In this table, you specify the S7 stations with which the current station will use inter-station
communication. Connections for inter-station communication run via the telecontrol server.
Partner
The partner number is assigned by the system. It is required during data point configuration
to assign data points to their communications partners.
For inter-station communication, the partner is addressed with the parameters "Project",
"Station" and "Slot".
Project
Here, enter the project number of the CP in the partner station. (Parameter group "Security >
CP identification" on the partner)
Station
Here, enter the station number of the CP in the partner station. (Parameter group "Security >
CP identification" on the partner)
Slot
Here, enter the slot number of the CP in the partner station via which the connection will be
established.
Frame memory
Activate the option for enabling inter-station communication.
The frames are stored in the send buffer (frame memory) of the CP if the connection is
disturbed. Note that the capacity of the frame memory is shared by all communications
partners.
CP 1243-1
62 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.9 Partner stations
Access ID
The access ID displayed here is formed from the hexadecimal values of project number,
station number and slot. The parameter of the type DWORD is allocated as follows:
● Bits 0 - 7: Slot
● Bits 8 - 20: Station number
● Bits 21 - 31: Project number
Advanced settings
● Partner monitoring time
If the CP does not receive a sign of life from the communications partner within the
configured time, the CP interprets this as a fault/error on the partner. The CP aborts the
connection and attempts to re-establish it.
If you enter 0, the function is deactivated.
● DNP3 conformity level
Only for DNP3
Indicates the DNP3 implementation level supported by the CP
In the DNP3 specification, various levels of protocol conformity are and they describe the
supported range of functions (subset) of a master or a station. These DNP3
implementation levels (implementation levels) are referred to as "DNP3 Application Layer
protocol Level" and abbreviated with DNP3-L1 to DNP3-L4.
For the communication between the CP and the master, the DNP3 level supported by the
master must be known.
The selection of the level used by the DNP3 CP which must correspond to that of the
connected master is set separately in STEP 7 for each individual communications partner
(DNP3 master).
The CP supports the following DNP3 implementation levels:
– Level 1
– Level 2
– Level 3
– Level 4
– Level 4+
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 63
Configuration
4.10 Communication with the CPU
The DNP3 implementation level known here as Level 4+ that is not specified in the
standard contains the range of functions of Level 4 and in addition support of the
following DNP3 data types / variations:
– 64-bit analog value as floating-point number without time of day
– 64-bit analog value as floating-point number with time of day
– Counter event with time of day in 16-bit format
– Counter event with time of day in 32-bit format
● Event transmission mode
Only for DNP3
Mode with which DNP events are transferred to this communications partner:
– Chronological transfer of individual frames
or
– Transfer of collected frames per data point as a block.
● Report partner status
If the "Report partner status" function is enabled, the CP signals the status of the
communication to the remote partner.
– Bit 0 of "PLC tag for partner status" (data type WORD) is set to 1 if the partner can be
reached.
– Bit 1 is set to 1 if all the paths to the remote partner are OK (useful with redundant
paths).
– Bit 2 indicates the status of the send buffer (frame memory).
The following values are possible:
- 0: Send buffer OK
- 1: Send buffer threatening to overflow (more than 80 % full).
- 3: Send buffer has overflowed (fill level 100 % reached).
As soon as the fill level drops below 50 %, bit 3 is reset to 0.
Bits 3 to 15 of the PLC tags are not used and do not need to be evaluated in the program.
CP 1243-1
64 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.10 Communication with the CPU
The fourth parameter "Frame memory size" decides the size of the send buffer on the CP for
frames of data points that are configured as an event.
● Cycle pause time
Wait time between two scan cycles of the CPU memory area
● Max. number of write jobs
Maximum number of write jobs to the CPU memory area within a CPU scan cycle
● Max. number of read jobs
Maximum number of low-priority read jobs from the CPU memory area within a CPU scan
cycle.
● Frame memory size
Here, you set the size of the frame memory for events (send buffer).
The size of the frame memory is divided equally among all configured communications
partners. You will find the size of the frame memory in the section Configuration limits
and performance data (Page 17).
You will find details of how the send buffer works (storing and sending events) as well as
the options for transferring data in the section Process image, type of transmission, event
classes (Page 104).
Watchdog bit
● CP monitoring
Via the watchdog bit the CPU can be informed of the status of the telecontrol
communication of the CP.
CP time of day
● CP time to CPU
Using this function, the CP can make its time of day available to the CPU.
You will find details in the STEP 7 information system.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 65
Configuration
4.10 Communication with the CPU
CP diagnostics
With the parameter group, you have the option of reading out advanced diagnostics data
from the CP using PLC tags.
● Enable advanced CP diagnostics
Enable the option to be able to use advanced CP diagnostics.
If the option is enabled, at least the "Diagnostics trigger tag" must be configured.
The following PLC tags for the individual items of diagnostics data can be enabled
selectively.
● Diagnostics trigger tag
If the PLC tag (BOOL) from the user program of the CPU is set to 1, the CP updates the
values of the PLC tags that can then be configured for the advanced diagnostics.
After writing the current values to the following PLC tags, the CP sets the "Diagnostics
trigger tag" to 0 signaling the CPU that the updated values can be read from the PLC
tags.
Note
Fast setting of the diagnostics trigger variable
Triggers must not be set faster than a minimum interval of 500 milliseconds.
CP 1243-1
66 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
● TeleService status
Only for TeleControl Basic / ST7
The PLC tag (BOOL) indicates whether a TeleService session is active:
– 0 = No TeleService session active
– 1 = TeleService session active
● VPN IPsec status
The PLC tag (BOOL) indicates whether a VPN IPsec tunnel is established:
– 0 = No tunnel established
– 1 = Tunnel established
● Connection to SINEMA Remote Connect
The PLC tag (BOOL) indicates whether there is a connection to the SINEMA RC server:
– 0 = No connection established
– 1 = Connection established
4.11 Security
The configurability of the individual options depends on the telecontrol protocol being used.
You will find an overview of the range and use of the security functions in section Security
functions (Page 15).
For the configuration limits of the security functions refer to the section Configuration limits
and performance data (Page 17).
To be able to configure the security functions, you need to create a security user; see
section Security user (Page 67).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 67
Configuration
4.11 Security
Parameter groups
If the security functions of the CP are enabled, you will find the following parameter groups
for configuring the CP:
● CP identification
Only with the TeleControl Basic protocol
Here, you configure parameters for authenticating the CP with the telecontrol server. You
will find detailed information about the parameters below.
● DNP3 security options
Only with the DNP3 protocol
Here, you configure protocol-specific security functions. You will find detailed information
about the parameters below.
● Firewall
See section Firewall (Page 72).
● Time synchronization
For the configuration of the time-of-day synchronization read the section Time-of-day
synchronization (Page 45).
● E-mail configuration
See section E-mail configuration (Page 73).
● Log settings
Here you make the settings for logging events relevant for security.
See section Log settings - Filtering of the system events (Page 74).
● SNMP
Here you make the settings for the SNMP agent on the CP.
See section SNMP (Page 75).
● Certificate manager
See section Certificate manager (Page 76).
In the global security settings of STEP 7 among other things you will find the following
parameter groups:
● VPN groups
Here you configure the VPN communication, refer to the section VPN (Page 79).
● User management
Here you configure the users, roles and rights for the TeleService access, refer to the
section Configuration of the TeleService access (Page 87).
CP 1243-1
68 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
Partner'X'
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 69
Configuration
4.11 Security
Parameters
● Enable DNP3 security options
Enable the option if you want to use the security mechanisms.
● IKE mode
Selection of the mode for key exchange. Range of values:
– Aggressive Mode
The Aggressive Mode is somewhat faster but transfers the identity unencrypted.
– Main Mode
The Main Mode is the standard mode.
Default setting: Aggressive Mode
● Security statistics
Specifies whether the statistics of security events are sent to the master. Security events
are authentication requests to the CP. If the option is enabled, all authentication requests
with date, time and result are saved on the CP and sent to the master for further
evaluation.
Range of values:
– Do not send security statistics
– Send security statistics
Default setting: Do not send security statistics
● SHA-1 interlock
Setting to select whether the CP may use the secure hash algorithm SHA-1 if "SHA-256"
was configured as the Secure hash algorithm and the master does not support SHA-256.
Range of values:
– SHA-1 mode not allowed
The CP may not use SHA-1. If the master does not support SHA-256, no connection
will be established.
– SHA-1 mode allowed
The CP can use SHA-1 if the master does not support SHA-256.
Default setting: SHA-1 mode not allowed
● Secure hash algorithm (SHA)
Selection of the Secure Hash Algorithm (SHA)
Range of values:
– SHA-1
– SHA-256
Default setting: 256
CP 1243-1
70 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 71
Configuration
4.11 Security
● Pre-shared key
The pre-shared key can be configured in two ways:
– Manual configuration
Enter the pre-shared key in STEP 7 manually as a hexadecimal value.
– Import as file
Import the pre-shared key from the file system of the engineering station if the pre-
shared key was generated by the master or another system.
The pre-shared key of the CP must be identical to the pre-shared key of the master.
4.11.5 Firewall
4.11.5.3 Firewall settings for configured connection connections via a VPN tunnel
CP 1243-1
72 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
4.11.5.4 Settings for online security diagnostics and downloading to station with the firewall
activated
Requirements
The following requirements must be met in the configuration for sending e-mails:
● The security functions are enabled.
● The time of the CP is synchronized.
● In the "E-mail configuration" entry, the protocol to be used and the data for access to the
e-mail server are configured.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 73
Configuration
4.11 Security
E-mail configuration
With the default setting of the SMTP port 25, the module transfers unencrypted e-mails.
If your e-mail service provider only supports encrypted transfer, use one of the following
options:
● Port no. 587
By using STARTTLS, the module sends encrypted e-mails to the SMTP server of your e-
mail service provider.
Recommendation: If your e-mail provider offers both options (STARTTLS / SSL/TLS), you
should use STARTTLS with port 587.
● Port no. 465
By using SSL/TLS (SMTPS), the module sends encrypted e-mails to the SMTP server of
your e-mail service provider.
Ask your e.mail service provider which option is supported.
Communications problems if the value for system events is set too high
If the value for filtering the system events is set too high, you may not be able to achieve the
maximum performance for the communication. The high number of output error messages
can delay or prevent the processing of the communications connections.
In "Security > Log settings > Configure system events", set the "Level:" parameter to the
value "3 (Error)" to ensure the reliable establishment of the communications connections.
CP 1243-1
74 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
4.11.8 SNMP
SNMP
The range of functions of the CP for SNMP can be found in the section SNMP (Page 135).
If the security functions are enabled, you have the following selection and setting options.
SNMP
● "Enable SNMP"
If the option is enabled, communication via SNMP is released on the device. As default,
SNMPv1 is enabled.
If the option is disabled, queries from SNMP clients are not replied to either via SNMPv1
or via SNMPv3.
● "Use SNMPv1"
Enables the use of SNMPv1 for the CP. For information on the configuration of the
required community strings see below (SNMPv1).
● "Use SNMPv3"
Enables the use of SNMPv3 for the CP. For information on the configuration of the
required algorithms see below (SNMPv3).
SNMPv1
The community strings need to be sent along with queries to the CP via SNMPv1.
● "Reading community string"
The string is required for read access.
Leave the preset string "public" or configure a string.
● "Allow write access"
If the option is enabled write access to the CP is released and the corresponding
community string can be edited.
● "Writing community string"
The string is required for write access and can also be used for read access.
Leave the preset string "private" or configure a string.
Note the use of lowercase letters with the preset community strings!
Note
Security of the access
For security reasons, change the generally known strings "public" and "private".
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 75
Configuration
4.11 Security
SNMPv3
The algorithms need to be configured for encrypted access to the CP via SNMPv3.
● "Authentication algorithm"
Select the authentication method to be used from the drop-down list.
● "Encryption algorithm"
Select the encryption method to be used from the drop-down list.
Note the information on security of the possible algorithms in the online help of the SCT.
User management
In the user management that you will find in the global security settings, assign the various
users their role.
Below the properties of the roles you can see the rights list of the particular role, for example
the various types of access using SNMP. For new roles, you can freely configure individual
rights.
You will find information on users, roles and the password policy in the information system of
STEP 7.
Assignment of certificates
If you use communication with authentication for the module, for example SSL/TLS for
secure transfer of e-mails, certificates are required. You need to import certificates of non-
Siemens communications partners into the STEP 7 project and download them to the
module with the configuration data:
1. Import the certificates of the communications partners using the certificate manager in the
global security settings.
2. Then assign the imported certificates to the module in the table below the local security
settings of the module.
For a description of the procedure, refer to the section Handling certificates (Page 76).
You will find further information in the STEP 7 information system.
CP 1243-1
76 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
All nodes of a STEP 7 project with enabled security functions are supplied with certificates.
The STEP 7 project is the certification authority.
Note
No certificate with security functions disabled.
If the security functions of the CP are disabled in the STEP 7 project, no certificate will be
generated for the CP.
For the secure transfer of e-mails via SSL/TLS and SSL certificate is created for the CP. It is
visible in STEP 7 in "Global security settings > Certificate manager > Device certificates".
The table "Device certificates" shows the issuer, validity, use of a certificate
(service/application) and the use of a key. You can call up further information about a
certificate by selecting the certificate in the table and selecting the shortcut menu "Show".
The table also shows all other certificates generated by STEP 7 and all imported certificates.
So that the CP can communicate with non-Siemens partners when the security functions are
enabled, the relevant certificates of the partners must be exchanged during communication.
To supply the CP with third-party certificates, follow the steps below:
1. Importing third-party certificates from communications partners
⇒ Global security settings of the project (certificate manager)
2. Assigning certificates locally
⇒ Local security settings of the CP ("Certificate manager" table)
These two steps are described in the next two sections.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 77
Configuration
4.11 Security
3. In the table, double-click on the cell with the entry "<Add new>".
The "Certificate manager" table of the Global security settings is displayed.
4. In the table. select the required third-party certificate and to adopt it click the green check
mark below the table.
The selected certificate is displayed in the local table of the CP.
Only now will the third-party certificate be used for the CP.
CP 1243-1
78 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
4.11.11 VPN
VPN - IPsec
Virtual Private Network (VPN) is a technology for secure transportation of confidential data in
public IP networks, for example the Internet. With VPN, a secure connection (IPsec tunnel) is
set up and operated between two secure IT systems or networks via a non-secure network.
The IPsec tunnel forwards all data even from protocols of higher layers (HTTP, FTP, etc.).
The data traffic between two network components is transported unrestricted through
another network. This allows entire networks to be connected together via a neighboring or
intermediate network.
Properties
● VPN forms a logical subnet that is embedded in a neighboring (assigned) network. VPN
uses the usual addressing mechanisms of the assigned network, however in terms of the
data, it transports its own frames and therefore operates independent of the rest of this
network.
● VPN allows communication of the VPN partners with the assigned network.
● VPN is based on tunnel technology and can be individually configured.
● Communication between the VPN partners is protected from eavesdropping or
manipulation by using passwords, public keys or a digital certificate (authentication).
Areas of application
● Local area networks can be connected together securely via the Internet ("site-to-site"
connection).
● Secure access to a company network ("end-to-site" connection)
● Secure access to a server ("end-to-end" connection)
● Communication between two servers without being accessible to third parties (end-to-end
or host-to-host connection)
● Ensuring information security in networked automation systems
● Securing the computer systems including the associated data communication within an
automation network or secure remote access via the Internet
● Secure remote access from a PC/programming device to automation devices or networks
protected by security modules via public networks.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 79
Configuration
4.11 Security
Requirements
To allow a VPN tunnel to be created for S7 communication between two S7 stations or
between an S7 station and an engineering station with a security CP (for example CP 1628),
the following requirements must be met:
● The two stations have been configured.
● The CPs in both stations must support the security functions.
● The Ethernet interfaces of the two stations are located in the same subnet.
Note
Communication also possible via an IP router
Communication between the two stations is also possible via an IP router. To use this
communications path, however, you need to make further settings.
Procedure
To create a VPN tunnel, you need to work through the following steps:
1. Creating a security user
If the security user has already been created: Log on as this user.
2. Enable the "Activate security features" option
3. Creating the VPN group and assigning security modules
4. Configure the properties of the VPN group
5. Configure local VPN properties of the two CPs
You will find a detailed description of the individual steps in the following paragraphs of this
section.
CP 1243-1
80 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
Note
Current date and current time on the CP for VPN connections
Normally, to establish a VPN connection and the associated recognition of the certificates to
be exchanged, the current date and the current time are required on both stations.
The establishment of a VPN connection to an engineering station that is also the telecontrol
server at the same time (TCSB installed), runs as follows along with the time of day
synchronization of the CP:
On the engineering station (with TCSB), you want the CP to establish a VPN connection.
The VPN connection is established even if the CP does not yet have the current time.
Otherwise the certificates used are evaluated as valid and the secure communication will
work.
Following connection establishment, the CP synchronizes its time of day with the PC
because the telecontrol server is the time master if telecontrol communication is enabled.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 81
Configuration
4.11 Security
Note
Specifying the VPN properties of the CPs
You specify the VPN properties of the CPs in the "Security" > "Firewall" > "VPN" parameter
group of the relevant module.
Result
You have created a VPN tunnel. The firewalls of the CPs are activated automatically: The
"Activate firewall" check box is selected as default when you create a VPN group. You
cannot deselect the check box.
Download the configuration to all modules that belong to the VPN group.
CP 1243-1
82 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 83
Configuration
4.11 Security
Configure the permission for VPN connection establishment for the CP as a passive
subscriber as follows:
1. In STEP 7, go to the devices and network view.
2. Select the CP.
3. Open the parameter group "VPN“ in the local security settings.
4. For each VPN connection with the CP as a passive VPN subscriber, change the default
setting "Initiator/Responder" to the setting "Responder".
4.11.11.7 SYSLOG
Preparatory steps
Execute the following steps before start configuring the SINEMA RC connection of the
module in STEP 7. They are the prerequisite for a consistent STEP 7 project.
● Configuration of SINEMA Remote Connect - Server
Configure SINEMA RC - Server as necessary (not in STEP 7). The communication
module and its communication partners must be configured in the SINEMA RC Server.
● Exporting the CA certificate (optional)
If you want to use the server certificate as authentication method of the communication
module during connection establishment, export the CA certificate from SINEMA RC -
Server. Then import the CA certificate from SINEMA RC - Server to the engineering
station.
Alternatively, you can use the fingerprint of the server certificate as authentication method
of the communication module.
CP 1243-1
84 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
Note
Recommended authentication method:
The recommended authentication method is the one using the CA certificate. The certificate
is valid for 10 years.
The fingerprint, on the other hand, is derived from the server certificate. Its validity may be
significantly shorter.
Server Verification
Here you select the authentication method of the communication module during connection
establishment.
● CA Certificate
Under "CA certificate" select the CA certificate from SINEMA RC - Server that was
previously imported and activated in the local certificate manager.
The module generally checks the CA certificate of the server and its validity period. The
two options cannot be changed.
● Fingerprint
When you select this authentication method, you enter the fingerprint of the server
certificate of SINEMA RC - Server.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 85
Configuration
4.11 Security
Authentication
● Device ID
Enter the device ID generated for the module in SINEMA RC.
● Device password
Enter the device password of the module configured in SINEMA RC.
Max. number of characters: 127
Optional settings
The connection establishment is configured in the "Security > VPN > Optional settings"
parameter group with the parameter "Connection type".
● Update interval
With this parameter you set the interval at which the CP queries the configuration on the
SINEMA RC Server.
Note that with the setting 0 (zero) changes to the configuration of the SINEMA RC Server
may result in the CP no longer being capable of establishing a connection to the
SINEMA RC Server.
● "Connection type"
The two options of the parameter have the following effect on the connection
establishment:
– Auto
The module establishes a connection to the SINEMA RCServer. The OpenVPN
connection is retained until the connection parameters are changed by the SINEMA
Remote Connect Server. If the connection is interrupted, the CP automatically re-
establishes the connection.
If the connection parameters are changed by the SINEMA Remote Connect Server,
the CP requests the new connection data after the update interval configured above
has elapsed.
– PLC trigger
The option is intended for sporadic communication of the module via the SINEMA RC
Server.
You can use this option when you want to establish temporary connections between
the module and a PC. The temporary connections are established via a PLC tag and
can be used in servicing situations, for example.
● PLC tag for connection establishment
If the option "PLC trigger" is selected, the module establishes a connection when the PLC
tag (Bool) changes to the value 1. During operation the PLC tag can be set when
necessary, for example using an HMI panel.
When the PLC tag is reset to 0, the connection is terminated again.
CP 1243-1
86 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.11 Security
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 87
Configuration
4.12 Data points
3. In the "User" tab create a user that will later be allowed to execute the TeleService
functions for the CP.
Configure the following parameters:
– User name
Assign the name of the user that will have TeleService rights.
You require the user name at the start of a TeleService session.
– Authentication method
Select the authentication method "Password" for this user.
– Password
Assign the password.
You require the password at the start of a TeleService session.
Note:
You specify the password properties of the security functions in the "Password
policies" tab.
You enter the password on the engineering station when starting a TeleService
session.
– Maximum time of the session
The time that can be configured here is only required for access to SCALANCE S
modules. If the user is set up only for TeleService sessions, you can leave the default
value unchanged.
4. Click on the "Roles" tab.
5. Select the CP in the lower list "Rights of the role" under the "Module rights" group.
6. The available rights are displayed in the "List of rights" table.
The right "Use TeleService" is displayed.
7. Enable the "Use TeleService" right for the module.
8. Following this, set the S7 protocol to "allow" in Firewall.
CP 1243-1
88 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
The data areas in the memory of the CPU intended for communication with the
communications partner are configured data point-related on the module. Each data point is
linked to a PLC tag or the tag of a data block.
Note
Number of PLC tags
Remember the maximum possible number of PLC tags the can be used for data point
configuration in the section Configuration limits and performance data (Page 17).
The formats and S7 data types of the PLC tags that are compatible with the protocol-specific
data point types of the module can be found in the section Datapoint types (Page 96).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 89
Configuration
4.12 Data points
After opening the editor window using the two entries to the right above the table, you can
switch over between the data point and message editor.
Creating obects
With the data point or message editor open, create a new object (data point / message) by
double clicking "<Add object>" in the first table row with the grayed out entry.
A preset name is written in the cell. You can change the name to suit your purposes but it
must be unique within the module.
You configure the remaining properties of every object using the drop-down lists of the other
table columns and using the parameter boxes shown at the bottom of the screen.
CP 1243-1
90 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Note
Assignment of parameter values to PLC tags
The mechanisms described here also apply when you need to assign the value of a
parameter to a PLC tag. The input boxes fro the PLC tag (e.g.: PLC tag for partner status
support the functions described here for selecting the PLC tag.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 91
Configuration
4.12 Data points
When it does, click immediately on the column header. The column width adapts itself
to the broadest entry in this column.
● Showing / hiding columns
You call this function using the shortcut menu that opens when you click on a column
header with the right mouse key.
● Copying, pasting, cutting and deleting objects
If you click in a parameter box of an object in the table with the right mouse key, you can
use the functions named with the shortcut menu (copy, paste, cut, delete).
You can paste cut or copied objects within the table or in the first free row below the
table.
When it is exported the data point information of a module is written to a CSV file.
Export
When you call the export function, the export dialog opens. Here, you select the module or
modules of the project whose data point information needs to be exported. When necessary,
you can export the data points of all modules of the project together.
CP 1243-1
92 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
In the export dialog, you can select the storage location in the file directory. When you export
the data of a module you can also change the preset file name.
When you export from several modules, the files are formed with preset names made up of
the station name and module name.
The file itself contains the following information in addition to the data point information:
● Module name
● Module type
● CPU name
● CPU type
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 93
Configuration
4.12 Data points
CP 1243-1
94 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Note:
Modules with the same telecontrol protocol are compatible with each other:
● TeleControl Basic
All SIMATIC NET modules with the TeleControl Basic protocol:
CP 1243-1, CP 1242-7 GPRS V2, CP 1243-7 LTE, CP 1542SP-1 IRC
● ST7
CP 1243-8 IRC, CP 1542SP-1 IRC, ST7 TIM
● DNP3
CP 1243-1, CP 1243-8 IRC, TIM modules capable of DNP3
● IEC
CP 1243-1, CP 1243-8 IRC
Data points can be imported and exported between compatible modules.
Assignment repair
If you have named the PLC tags in a station into which you want to import differently from
the station from which the CSV file was exported, the assignment between data point and
PLC tag is lost when you import.
You then have the option to either rename the existing PLC tags appropriately or add
missing PLC tags. You can then repair the assignment between unassigned data points and
PLC tags. This function is available either via the shortcut menu of the module (see above)
or with the following icon to the upper left in the data point editor:
If a PLC tag with a matching name is found for a data point by the repair function, the
assignment is restored. However the data type of the tag is not checked.
After the assignment repair make sure that you check whether the newly assigned PLC tags
are correct.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 95
Configuration
4.12 Data points
Note
Effect of the change of arrays for data points
If an array is modified later, the data point must be recreated.
Format (memory requirements) Data point type Direction S7 data types Operand area
Bit Digital input in Bool I, Q, M, DB
Digital output in Bool Q, M, DB
Byte Digital input in Byte, Char, USInt I, Q, M, DB
Digital output out Byte, Char, USInt Q, M, DB
Integer with sign (16 bits) Analog input in Int I, Q, M, DB
Analog output out Int Q, M, DB
Counter (16 bits) Counter input in Word, UInt I, Q, M, DB
Integer with sign (32 bits) Analog input in DInt Q, M, DB
Analog output out DInt Q, M, DB
Counter (32 bits) Counter input in UDInt, DWord I, Q, M, DB
Floating-point number with sign (32 Analog input in Real Q, M, DB
bits) Analog output out Real Q, M, DB
Floating-point number with sign (64 Analog input out LReal Q, M, DB
bits) Analog output out LReal Q, M, DB
Data block (1 .. 64 bytes) Data in / out ARRAY 1) DB
Data in / out ARRAY 1) DB
1) For the possible formats of the ARRAY data type, refer to the following section.
CP 1243-1
96 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Format (memory require- Data point type CP DNP3 object Direction S7 data types Operand area
ments) [Data point type TIM] group
[variations]
Bit Binary Input 1 [1, 2] in Bool I, Q, M, DB
Binary Input Event 2 [1, 2] in Bool I, Q, M, DB
Binary Output 1) 10 [2] out Bool Q, M, DB
Binary Output Event 1) 11 [1, 2] out Bool Q, M, DB
Binary Command 12 [1] out Bool Q, M, DB
Integer (16 bits) Counter Static 20 [2] in UInt, Word I, Q, M, DB
Frozen Counter 2) 21 [2, 6] in UInt, Word I, Q, M, DB
Counter Event 22 [2, 6] in UInt, Word I, Q, M, DB
Frozen Counter 23 [2, 6] in UInt, Word I, Q, M, DB
Event 3)
Analog Input 30 [2] in Int I, Q, M, DB
Analog Input Event 32 [2] in Int I, Q, M, DB
Analog Output Sta- 40 [2] out Int Q, M, DB
tus 4)
Analog Output 41 [2] out Int Q, M, DB
Analog Output 42 [2, 4] out Int Q, M, DB
Event 4)
Integer (32 bits) Counter Static 20 [1] in DWord I, Q, M, DB
Frozen Counter 2) 21 [1, 5] in DWord I, Q, M, DB
Counter Event 22 [1, 5] in DWord I, Q, M, DB
Frozen Counter 23 [1, 5] in DWord I, Q, M, DB
Event 3)
Analog Input 30 [1] in DInt Q, M, DB
Analog Input Event 32 [1] in DInt Q, M, DB
Analog Output Sta- 40 [1, 3] out DInt Q, M, DB
tus 4)
Analog Output 41 [1] out DInt Q, M, DB
Analog Output 42 [1] out DInt Q, M, DB
Event 4)
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 97
Configuration
4.12 Data points
Format (memory require- Data point type CP DNP3 object Direction S7 data types Operand area
ments) [Data point type TIM] group
[variations]
Floating-point number (32 Analog Input 30 [5] in Real Q, M, DB
bits) Analog Input Event 32 [5, 7] in Real Q, M, DB
Analog Output Sta- 40 [3] out Real Q, M, DB
tus 4)
Analog Output 41 [3] out Real Q, M, DB
Analog Output 42 [5, 7] out Real Q, M, DB
Event 4)
Floating-point number (64 Analog Input 30 [6] in LReal Q, M, DB
bits) Analog Input Event 32 [6, 8] in LReal Q, M, DB
Analog Output 41 [4] out LReal Q, M, DB
Analog Output 42 [6, 8] out LReal Q, M, DB
Event 4)
Data block (1...64 Octet String / Oc- 110 [ - ] in, out 5) DB
bytes) 5) tet String Output
Octet String Event 5) 111 [ - ] in, out 5) DB
1) This object group can be configured in the Data point editor of STEP 7 using the substitute object group 12.
2) This object group can be configured in the Data point editor of STEP 7 using the substitute object group 20.
3) This object group can be configured in the Data point editor of STEP 7 using the substitute object group 22.
4) This object group can be configured in the Data point editor of STEP 7 using the substitute object group 41.
5) With these data point types, contiguous memory areas up to a size of 64 bytes can be transferred. All S7 data types with
a size between 1 and 64 bytes are compatible.
Substitute object groups (of the table footnotes 1), 2), 3), 4))
The initial data point types of the following object groups can be configured using the
substitute object groups listed above:
● 10 [2]
● 11 [1, 2]
● 21 [1, 2, 5, 6]
● 23 [1, 2, 5, 6]
● 40 [1, 2, 3]
● 42 [1, 2, 4, 5, 6, 7, 8]
To configure the DNP3 CP, use the specified substitute object group.
Assign each data point on the master using the configurable data point index in STEP 7. The
data point of the DNP3 CP is then assigned to the corresponding data point on the master.
Example of configuring the data point Binary Output (10 [2])
The data point is configured as follows:
On the DNP3 CP as Binary Command (12 [1])
On the master as Binary Output (10 [2])
With the data point types Binary Output Event (11) and Analog Output Event (42), you also
need to enable mirroring; refer to the next section.
CP 1243-1
98 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Configuration of the mirroring back for output events (object groups 11 and 42)
You first create the data point types Binary Output Event (object group 11) and Analog
Output Event (object group 42) as described above as data points of the object groups 12 or
41.
The local values of these two object groups can be monitored for change and the changes
transferred to the master (). Changing a local value can, for example, be caused by manual
operator input on site.
To allow the value resulting from local events or interventions to be transferred to the master,
the data point in question requires a channel for mirroring back. You configure this mirroring
back function is configured using the "Value monitoring" option in data point configuration,
General tab.
Remember that to use the mirror back function, you need to interconnect the local values in
the controller with the relevant PLC tag of the data point.
Format of the time stamp
Time stamps are transferred in UTC format (48 bits) and contain milliseconds.
Format (memory Data point type IEC type Direction S7 data types Operand area
requirements)
Bit Single-point information <1> in Bool I, Q, M, DB
Single-point information with time tag <30> in Bool I, Q, M, DB
CP56Time2a 1)
Single command <45> out Bool Q, M, DB
Single command with time tag <58> out Bool Q, M, DB
CP56Time2a 1)
Double command with time tag <59> out Bool DB
CP56Time2a 1)
Byte Step position information <5> in Byte, USInt I, Q, M, DB
Step position information with time <32> in Byte, USInt I, Q, M, DB
tag CP56Time2a 1)
Regulating step command with time <60> out Byte, USInt DB
tag CP56Time2a 1)
Integer (16 bits) Measured value, normalized value <9> in Int I, Q, M, DB
Measured value, normalized value <34> in Int I, Q, M, DB
with time tag CP56Time2a 1)
Measured value, scaled value <11> in Int I, Q, M, DB
Measured value, scaled value with <35> in Int I, Q, M, DB
time tag CP56Time2a 1)
Set point command, normalised <48> out Int Q, M, DB
value
Set point command, scaled value <49> out Int Q, M, DB
Set point command, normalised <61> out Int Q, M, DB
value with time tag CP56Time2a 1)
Set point command, scaled value <62> out Int Q, M, DB
with time tag CP56Time2a 1)
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 99
Configuration
4.12 Data points
Format (memory Data point type IEC type Direction S7 data types Operand area
requirements)
Integer (32 bits) Bitstring of 32 bits <7> in UDInt, DWord I, Q, M, DB
Bitstring of 32 bits with time tag <33> in UDInt, DWord I, Q, M, DB
CP56Time2a 1)
Integrated totals <15> in UDInt, DWord I, Q, M, DB
Integrated totals with time tag <37> in UDInt, DWord I, Q, M, DB
CP56Time2a 1)
Bitstring of 32 bits <51> out UDInt, DWord Q, M, DB
Bitstring of 32 bits with time tag <64> out UDInt, DWord Q, M, DB
CP56Time2a - control direction 1)
Floating-point Measured value, short floating point <13> in Real Q, M, DB
number (32 bits) number
Measured value, short floating point <36> in Real Q, M, DB
number with time tag CP56Time2a 1)
Set point command, short floating <50> out Real Q, M, DB
point number
Set point command, short floating <63> out Real Q, M, DB
point with time tag CP56Time2a 1)
Data block Double-point information <3> in 2) DB
(1...2 Bit) 2) Double-point information with time <31> in 2) DB
tag CP56Time2a 1)
Double command <46> out 2) DB
Regulating step command <47> out 2) DB
Double command with time tag <59> out 2) DB
CP56Time2a 1)
Regulating step command with time <60> out 2) DB
tag CP56Time2a 1)
Data block Bitstring of 32 bits 3) <7> in 3) DB
(1...32 Bit) 3)
Bitstring of 32 bits with time tag <33> in 3) DB
CP56Time2a 1) 3)
Bitstring of 32 bits 3) <51> out 3) DB
Bitstring of 32 bits with time tag <64> out 3) DB
CP56Time2a - control direction 1) 3)
1) For the format of the time stamp, see the following section.
2) For these data point types, create a data block with an array of precisely 2 bool.
3) With these data point types, contiguous memory areas up to a size of 32 bits can be transferred. Only the S7 Bool data
type is compatible.
CP 1243-1
100 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
TeleControl Basic
Within a CP, the indexes of the data point classes must comply with the following rules:
● Input
The index of an input data point must be unique throughout all data point types (digital
inputs, analog inputs etc.).
● Output
The index of an output data point must be unique throughout all data point types (digital
inputs, analog inputs etc.).
Note
Index for data points with inter-station communication
Note that for inter-station communication with a CP in another S7 station, the indexes of the
two corresponding data points (data point pair) must be identical on the sending and
receiving CP.
For information on the configuration, refer to the section Partner configuration with
TeleControl Basic data points. (Page 122).
DNP3
On a CP, data point indexes must be unique within each of the following object groups:
● Binary Input / Binary Input Event
● Binary Output / Binary Command
● Counter / Counter Event
● Analog Input / Analog Input Event
● Analog Output
● Octet String / Octet String Event
Indexes of two data points in different object groups can be identical.
IEC
The data point indexes must be unique in a CP.
Data point indexes assigned twice are indicated as errors in the consistency check and
prevent the project being saved.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 101
Configuration
4.12 Data points
Status identifiers
The status identifiers of the data points listed in the following tables are transferred along
with the value in each frame to the communications partner. They can be evaluated by the
communications partner.
The entries in the table row "Significance" relate to the entry in the table row "Bit status".
Bit 7 6 5 4 3 2 1 0
Flag name - NON_ Substituted LOCAL_ CARRY OVER_ RESTART ONLINE
EXISTENT FORCED RANGE
Meaning - Data point Substitute Local opera- Counted Limit value Value not Value is
does not value tor control value over- of the ana- yet updated valid
exist or S7 flow before log prepro- after start
address reading the cessing
unreachable value overshot /
undershot
Bit status (always 1 1 1 1 1 1 1
0)
CP 1243-1
102 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Bit 7 6 5 4 3 2 1 0
Flag name - - - LOCAL_ DISCONTI OVER_ RESTART ONLINE
FORCED NUITY RANGE
Meaning - - - Local opera- Counted Limit value of Value not yet Value is valid
tor control value over- the analog updated after
flow before prepro- start
reading the cessing over-
value shot /
undershot
Bit status (always (always (always 1 1 1 1 1
0) 0) 0)
Bit 7 6 5 4 3 2 1 0
Flag name - - SB - CY OV NT IV
substituted carry overflow not topical invalid
Meaning - - Substitute - Counted Value range Value not Value is valid
value value over- exceeded, updated
flow before analog value
reading the
value
Bit status (always (always 1 (always 1 1 1 0
0) 0) 0)
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 103
Configuration
4.12 Data points
You can prioritize the data points in STEP 7 in the data point configuration in the "General"
tab with the "Read cycle" parameter. There you will find the two following options for input
data points:
● Fast cycle
● Normal cycle
The data points are read according to the method described below.
CP 1243-1
104 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 105
Configuration
4.12 Data points
Type of transmission
The following types of transmission are possible:
● Transfer after call (class 0)
The current value of the data point is entered as static value in the image memory of the
CP. New values of a data point overwrite the last stored value in the image memory.
After being called by the communications partner, the current value at the time is
transferred.
● Triggered (events)
The values of data points configured as an event are entered in the image memory and
also in the send buffer of the CP.
The values of events are saved in the following situations:
– The configured trigger conditions are fulfilled (data point configuration > "Trigger" tab,
see below)
– The value of a status bit of the status identifiers of the data point changes; see also
the section Status IDs of the data points (Page 102).
Example:
When the value of a data point configured as an event is updated during startup of the
station by reading the CPU data for the first time, the status "RESTART" of this data
point changes (bit status change 1 → 0). This leads to the generation of an event.
Events can be transmitted spontaneously; see below (Time of transmission).
CP 1243-1
106 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 107
Configuration
4.12 Data points
Trigger
Data points are configured as a static value or as an event using the "Type of transmission"
parameter:
Note
Fast setting of triggers
Triggers must not be set faster than a minimum interval of 500 milliseconds. This also
applies to hardware triggers (input area).
Note
Hardware trigger
You need to reset hardware triggers via the user program.
CP 1243-1
108 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Transmission mode
You determine whether TeleControl Basic values are sent immediately or following a delay
with the transmission mode of a data point:
● Spontaneous (unsolicited - direct transfer)
The value is transferred immediately.
● Buffered transfer - Conditional spontaneous
The value is transferred only when one of the following conditions is fulfilled:
– The communications partner queries the station.
– The value of another event with the transmission mode "Spontaneous" is transferred.
Note
Threshold value trigger: Calculation only after "Analog value preprocessing"
Note that the analog value preprocessing is performed before the check for a configured
threshold value and before calculating the threshold value.
This affects the value that is configured for the threshold value trigger.
Note
No Threshold value trigger if Mean value generation is configured
If mean value generation is configured, no threshold value trigger can be configured for the
analog value event involved.
For the time sequence of the analog value preprocessing refer to the section Analog value
preprocessing (Page 111).
Function
If the process value deviates by the amount of the threshold value, the process value is
saved.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 109
Configuration
4.12 Data points
Absolute method
For each binary value a check is made to determine whether the current (possibly smoothed)
value is outside the threshold value band. The current threshold value band results from the
last saved value and the amount of the configured threshold value:
● Upper limit of the threshold value band: Last saved value + threshold value
● Lower limit of the threshold value band: Last saved value - threshold value
As soon as the process value reaches the upper or lower limit of the threshold value band,
the value is saved. The newly saved value serves as the basis for calculating the new
threshold value band.
Integrative method
The integration threshold value calculation works with a cyclic comparison of the integrated
current value with the last stored value. The calculation cycle in which the two values are
compared is 500 milliseconds.
(Note: The calculation cycle must not be confused with the scan cycle of the CPU memory
areas).
The deviations of the current process value are totaled in each calculation cycle. The trigger
is set only when the totaled value reaches the configured value of the threshold value trigger
and a new process value is entered in the send buffer.
The method is explained based on the following example in which a threshold value of 2.0 is
configured.
Table 4- 7 Example of the integration calculation of a threshold value configured with 2.0
Time [s] Process value Current process Absolute deviation Integrated devia-
(calculation cycle) stored in the value from the stored tion
send buffer value
0 20.0 20.0 0 0
0.5 20.3 +0.3 0.3
1.0 19.8 -0.2 0.1
1.5 20.2 +0.2 0.3
2.0 20.5 +0.5 0.8
2.5 20.3 +0.3 1.1
3.0 20.4 +0.4 1.5
CP 1243-1
110 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Time [s] Process value Current process Absolute deviation Integrated devia-
(calculation cycle) stored in the value from the stored tion
send buffer value
3.5 20.5 20.5 +0.5 2.0
4.0 20.4 -0.1 -0.1
4.5 20.1 -0.4 -0.5
5.0 19.9 -0.6 -1.1
5.5 20.1 -0.4 -1.5
6.0 19.9 19.9 -0.6 -2.1
With the changes in the process value shown in the example, the threshold value trigger
configured with 2.0 fires twice:
● At the time 3.5 s: The value of the integrated deviation is at 2.0. The new process value
stored in the send buffer is 20.5.
● At the time 6.0 s: The value of the integrated deviation is at 2.1. The new process value
stored in the send buffer is 19.9.
In this example, if a deviation of the process value of approximately 0.5 should fire the
trigger, then with the behavior of the process value shown here a threshold value of
approximately 1.5 ... 2.5 would need to be configured.
Note
Restrictions due to configured triggers
The analog value preprocessing options "Error suppression time", "Limit value calculation"
and "Smoothing" are not performed if no threshold value trigger is configured for the relevant
data point. In these cases, the read process value of the data point is entered in the image
memory of the CP before the preprocessing cycle of the threshold value calculation (500 ms)
elapses.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 111
Configuration
4.12 Data points
CP 1243-1
112 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
The 500 millisecond cycle is started by the integrative threshold value calculation. In this
cycle, the values are saved even when the following preprocessing options are enabled:
● Unipolar transfer
● Fault suppression time
● Limit value calculation
● Smoothing
Note
Restricted preprocessing options if mean value generation is configured
If you configure mean value generation for an analog value event, the following
preprocessing options are not available:
• Unipolar transfer
• Fault suppression time
• Smoothing
Function
With this parameter, acquired analog values are transferred as mean values.
If mean value generation is active, it makes sense to configure a time trigger..
The current values of an analog data point are read in a 100 millisecond cycle and totaled.
The number of read values per time unit depends on the read cycle of the CPU and the CPU
scan cycle of the CP.
The mean value is calculated from the accumulated values as soon as the transfer is
triggered by a trigger. Following this, the accumulation starts again so that the next mean
value can be calculated.
The mean value can also be calculated if the transmission of the analog value message is
triggered by a request from the communications partner. The duration of the mean value
calculation period is then the time from the last transmission (for example triggered by the
trigger) to the time of the request. Once again, the accumulation restarts so that the next
mean value can be calculated.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 113
Configuration
4.12 Data points
The calculation of a new mean value is then started. If the analog value remains in the
overflow or underflow range, one of the two values named is again saved as an invalid mean
value and sent when the next message is triggered.
Note
Fault suppression time > 0 configured
If you have configured an error suppression time and then enable mean value generation,
the value of the error suppression time is grayed out but no longer used. If mean value
generation is enabled, the error suppression time is set to 0 (zero) internally.
Unipolar transfer
Restrictions
Unipolar transfer cannot be configured at the same time as mean value generation. Enabling
unipolar transfer has no effect when mean value generation is activated.
Function
With unipolar transfer, negative values are corrected to zero. This can be desirable if values
from the underrange should not be transferred as real measured values.
Exception: With process data from input modules, the value -32768 / 8000h for wire break of
a live zero input is transferred.
With a software input, on the other hand, all values lower than zero are corrected to zero.
Restrictions
The fault suppression time cannot be configured at the same time as mean value generation.
A configured value has no effect when mean value generation is activated.
Function
A typical use case for this parameter is the suppression of peak current values when starting
up powerful motors that would otherwise be signaled to the control center as a disruption.
The transmission of an analog value in the overflow (7FFFh) or underflow range (8000h) is
suppressed for the specified time. The value 7FFFH or 8000H is only sent after the fault
suppression time has elapsed, if it is still pending.
If the value returns to the measuring range before the fault suppression time elapses, the
current value is transferred.
CP 1243-1
114 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Input modules
The suppression is adjusted to analog values that are acquired directly by the S7 analog
input modules as raw values. These modules return the specified values for the overflow or
underflow range for all input ranges (also for live zero inputs).
An analog value in the overflow range (32767 / 7FFFh) or underflow range (-32768 / 8000h)
is not transferred for the duration of the fault suppression time. This also applies to live zero
inputs. The value in the overflow/underflow range is only sent after the fault suppression time
has elapsed, if it is still pending.
Smoothing factor
Restrictions
The smoothing factor cannot be configured at the same time as mean value generation. A
configured value has no effect when mean value generation is activated.
Function
Analog values that fluctuate quickly can be evened out using the smoothing function.
The smoothing factors are calculated according to the following formula as with S7 analog
input modules.
where
yn = smoothed value in the current cycle n
yn-1 = smoothed value in the previous cycle n-1
xn = acquired value in the current cycle n
k = smoothing factor
The following values can be configured for the module as the smoothing factor.
● 1 = No smoothing
● 4 = Weak smoothing
● 32 = Medium smoothing
● 64 = Strong smoothing
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 115
Configuration
4.12 Data points
Function
In these two input boxes, you can set a limit value in the direction of the start of the
measuring range or in the direction of the end of the measuring range. You can also
evaluate the limit values, for example as the start or end of the measuring range.
CP 1243-1
116 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
Range Raw value (16 bits) of the PLC tag Module output [mA] Measuring
Decimal Hexadecimal 0 .. 20 -20 .. +20 4 .. 20 range [%]
Note
Evaluation of the value even when the option is disabled
If you enable one or both options and configure a value and then disable the option later, the
grayed out value is nevertheless evaluated.
To disable the two options, delete the previously configured values limit values from the input
boxes and then disable the relevant option.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 117
Configuration
4.12 Data points
Protocol-dependent processing
IEC
● LATCH_ON/OFF
The function latches the value of a command as described above.
● PULSE_ON/OFF
The function is coded by the master via a "Qualifier of command". The following codings
are evaluated by the communication module in the station:
– QU (Type 1.1) <1> short pulse duration
Corresponding parameter for the module: "Short pulse duration"
– QU (Type 1.1) <2> long pulse duration
Corresponding parameter for the module: "Long pulse duration"
– S/E (Type 6) <0> execute
Corresponding parameter for the module: "Command execution mode"
– S/E (Type 6) <1> select
Corresponding parameter for the module: "Command execution mode"
For information on parameter assignment, see below.
CP 1243-1
118 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
DNP3
The two functions are encoded by the master via the control code of the object.
● LATCH_ON/OFF
The function latches the value of a command as described above.
● PULSE_ON/OFF
The function evaluates the number and duration of pulses.
The master sends a "Control Code" to the station using the "PULSE_ON" function with
information on the "Count", "On-time" and "Off-time". The data point of the
communication module in the station evaluates this information via the parameters "Max.
pulse duration", "Pulse duration replacement time" and "Max. number of pulses".
The following codes of the control code are evaluated by the data point:
Parameters
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 119
Configuration
4.12 Data points
CP 1243-1
120 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.12 Data points
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 121
Configuration
4.12 Data points
CP 1243-1
122 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.13 Messages
4.13 Messages
Configuring e-mails
If important events occur, the CP can send e-mails to a communications partner.
For the requirements for using e-mails, see section E-mail configuration (Page 73).
You configure the e-mail in STEP 7 in the editor for the data point and message
configuration. You can find this using the project tree:
Project > directory of the relevant station > Local modules > CP
For the view in STEP 7, refer to the section Data point configuration (Page 88).
General functions of the message editor such as copying or column settings correspond to
those of the data point editor.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 123
Configuration
4.13 Messages
"Message parameter"
Here you configure the recipient, the subject and the text of the message.
"Trigger"
In the "Trigger" parameter group you configure triggering for sending the message and other
parameters.
● E-mail trigger
Specifies the event for which the sending of the e-mail is triggered.
– Use PLC tag
For the trigger signal to send the e-mail, the edge change (0 → 1) of the trigger bit
"PLC tag for trigger" is evaluated that is set by the user program. When necessary, a
separate trigger bit can be configured for each e-mail. For information on the trigger
bit, see below.
– CPU changes to STOP
– CPU changes to RUN
– Connection to a partner interrupted
Triggers the sending of the e-mail when the connection to a partner is interrupted.
– Connection to a partner established
Triggers the sending of the e-mail when the connection returns.
Following triggers only with TeleControl Basic:
– Connection establishment to partner failed
Triggers the sending of the e-mail when the connection to a partner could not be
established.
– Teleservice session started
– Teleservice session ended
● PLC tag for trigger
PLC tag for the e-mail trigger "Use PLC tag"
If the memory area of the trigger bit is in the bit memory or in a data block, the trigger bit
is reset to zero when the e-mail is sent.
● Enable identifier for processing status
If the option is enabled, every attempt to send returns a status with information about the
processing status of the sent message.
The status is written to the "PLC tag for processing status". If there are problems
delivering messages, you can determine the status via the Web server of the CPU by
displaying the value of the PLC tag there.
For the significance of the status output in hexadecimal, refer to the section Processing
status of e-mails (Page 137).
CP 1243-1
124 Operating Instructions, 02/2018, C79000-G8976-C365-04
Configuration
4.14 Access to the Web server
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 125
Configuration
4.14 Access to the Web server
CP 1243-1
126 Operating Instructions, 02/2018, C79000-G8976-C365-04
Program blocks 5
5.1 Program blocks for OUC
Note
Different program block versions
Note that in STEP 7 you cannot use different versions of a program block in a station.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 127
Program blocks
5.1 Program blocks for OUC
CP 1243-1
128 Operating Instructions, 02/2018, C79000-G8976-C365-04
Program blocks
5.2 Changing the IP address during runtime
● TMail_V6_SEC
For secure transfer of e-mails addressing the e-mail server using an IPv6 address
● TMail_QDN_SEC
For secure transfer of e-mails addressing the e-mail server using the host name
You will find the description of the SDTs with their parameters in the STEP 7 information
system under the relevant name.
Note
Connection abort
If an existing connection is aborted by the communications partner or due to disturbances on
the network, the connection must also be terminated by calling TDISCON. Make sure that
you take this into account in your programming.
Note
Changing the IP parameters with a dynamic IP address
Note the effects of program-controlled changes to the IP parameters if the CP obtains a
dynamic IP address from the Internet service provider: In this case, the CP can no longer be
reached by communications partners.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 129
Program blocks
5.2 Changing the IP address during runtime
Note
No feedback from the CP
"T_CONFIG" does not support feedback from the CP to the CPU. Errors in the block call
or in setting the address parameter are not reported. The block outputs "BUSY" or
"DONE" regardless of whether the address parameter was set.
Requirements - CP programming
To be able to change the IP parameters program controlled the option "IP address is set
directly at the device" must be enabled in the configuration of the IP address of the Ethernet
interface of the CP.
CP 1243-1
130 Operating Instructions, 02/2018, C79000-G8976-C365-04
Diagnostics and upkeep 6
6.1 Diagnostics options
The following diagnostics options are available.
STEP 7 Basic: Diagnostics functions via the "Online > Online and diagnostics" menu
Using the online functions, you can read diagnostics information from the CP from an
engineering station on which the project with the CP is stored.
If you want to operate online diagnostics with the station via the CP, you need to select the
type of communication "Enable online functions"; see section Communication types
(Page 48).
"Diagnostics" group
The diagnostics pages are divided into the following groups:
● General
This group displays general information on the module.
● Diagnostic status
This group displays status information of the module from the view of the CPU.
– Device-specific events
Information on internal module events is displayed here.
● Ethernet interface
Address and statistical information
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 131
Diagnostics and upkeep
6.1 Diagnostics options
"Functions" group
● Firmware update
For a description, see section Downloading firmware (Page 139).
● Assign IP address
CP 1243-1
132 Operating Instructions, 02/2018, C79000-G8976-C365-04
Diagnostics and upkeep
6.2 Online security diagnostics via port 8448
Partner status
When using the TeleControl Basic, DNP3 and IEC protocols, the telecontrol CP can signal
the status of the connection to the communications partner to the CPU via a PLC tag. You
can display the status of the PLC tag via the Web server of the CPU.
For information on the configuration, see section Partner stations (Page 58).
CP diagnostics
The telecontrol CP can store extended diagnostic data in PLC tags. You can display the
states of the PLC tags via the Web server of the CPU.
For information on the configuration, see section Communication with the CPU (Page 64).
SNMP
For information on the functions, refer to the section SNMP (Page 135).
See also
Settings for online security diagnostics and downloading to station with the firewall activated
(Page 73)
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 133
Diagnostics and upkeep
6.3 Online functions and TeleService
Note
Transmission time with TeleService
Note that transferring larger amounts of data via WAN (Internet) can take a very long time.
If there are disruptions or interruptions of the transmission path this can lead to the data
transmission being aborted.
Procedure:
1. Connect the ES to the network.
2. Open the relevant STEP 7 project on the ES.
3. Select the CP or the CPU of the station whose CP you want to update with new firmware.
4. Enable the online functions using the "Connect online" icon.
5. In the "Connect online" dialog, go to the Choose the entry "TeleService via telecontrol" in
the "Type of PG/PC interface" drop-down list.
6. In the "PG/PC interface" drop-down list select the entry "TeleService board".
7. In the table select the CP if it is not already selected.
The path both via the CP or the CPU is possible.
CP 1243-1
134 Operating Instructions, 02/2018, C79000-G8976-C365-04
Diagnostics and upkeep
6.4 SNMP
6.4 SNMP
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 135
Diagnostics and upkeep
6.4 SNMP
CP 1243-1
136 Operating Instructions, 02/2018, C79000-G8976-C365-04
Diagnostics and upkeep
6.5 Processing status of e-mails
Configuration
For information on the configuration, refer to:
● With security functions disabled (SNMPv1): SNMP (Page 57)
● With security functions enabled (SNMPv1 / SNMPv3): SNMP (Page 75)
Status Meaning
0000 Transfer completed free of errors
82xx Other error message from the e-mail server
Apart from the leading "8", the message corresponds to the three-digit error number of the
SMTP protocol.
8401 No channel available. Possible cause: There is already an e-mail connection via the CP. A
second connection cannot be set up at the same time.
8403 No TCP/IP connection could be established to the SMTP server.
8405 The SMTP server has denied the login request.
8406 An internal SSL error or a problem with the structure of the certificate was detected by the
SMTP client.
8407 Request to use SSL was denied.
8408 The client could not obtain a socket for creating a TCP/IP connection to the mail server.
8409 It is not possible to write via the connection. Possible cause: The communications partner
reset the connection or the connection aborted.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 137
Diagnostics and upkeep
6.5 Processing status of e-mails
Status Meaning
8410 It is not possible to read via the connection. Possible cause: The communications partner
terminated the connection or the connection was aborted.
8411 Sending the e-mail failed. Cause: There was not enough memory space for sending.
8412 The configured DNS server could not resolve specified domain name.
8413 Due to an internal error in the DNS subsystem, the domain name could not be resolved.
8414 An empty character string was specified as the domain name.
8415 An internal error occurred in the cURL module. Execution was aborted.
8416 An internal error occurred in the SMTP module. Execution was aborted.
8417 Requests to SMTP on a channel already being used or invalid channel ID. Execution was
aborted.
8418 Sending the e-mail was aborted. Possible cause: Execution time exceeded.
8419 The channel was interrupted and cannot be used before the connection is terminated.
8420 Certificate chain from the server could not be verified with the root certificate of the CP.
8421 Internal error occurred. Execution was stopped.
8450 Action not executed: Mailbox not available / unreachable. Try again later.
84xx Other error message from the e-mail server
Apart from the leading "8", the message corresponds to the three-digit error number of the
SMTP protocol.
8500 Syntax error: Command unknown.
This also includes the error of having a command chain that is too long. The cause may be
that the e-mail server does not support the LOGIN authentication method.
Try sending e-mails without authentication (no user name).
8501 Syntax error. Check the following configuration data:
Alarm configuration > E-mail data (Content):
• Recipient address ("To" or "Cc").
8502 Syntax error. Check the following configuration data:
Alarm configuration > E-mail data (Content):
• Email address (sender)
8535 SMTP authentication incomplete. Check the "User name" and "Password" parameters in
the CP configuration.
8550 SMTP server cannot be reached. You have no access rights. Check the following configu-
ration data:
• CP configuration > E-mail configuration:
– User name
– Password
– Email address (sender)
• Alarm configuration > E-mail data (Content):
– Recipient address ("To" or "Cc").
8554 Transfer failed
85xx Other error message from the e-mail server
Apart from the leading "8", the message corresponds to the three-digit error number of the
SMTP protocol.
CP 1243-1
138 Operating Instructions, 02/2018, C79000-G8976-C365-04
Diagnostics and upkeep
6.6 Downloading firmware
Note
Effects on the retentive memory of the CPU
• If you use a SIMATIC memory card to install the firmware file, the retentive memory is
retained.
• If you use the Web server or the online functions to install the firmware file, retentive
memory is lost.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 139
Diagnostics and upkeep
6.6 Downloading firmware
4. In the parameter group "General", select the "Enable Web server for this interface"
option.
5. With a CPU version V4.0 or higher, create a user in the user administration with the
required rights.
You need to assign the right to perform firmware updates in the access level.
The procedure for establishing a connection to the Web server depends on whether you
have enabled or disabled the "Allow access only using HTTPS" option in the "General"
parameter group:
● Connection establishment with HTTP
Procedure if the "Allow access only using HTTPS" option is disabled
● Connection establishment with HTTPS
Procedure if the "Allow access only using HTTPS" option is enabled
These two variants are described in the following sections.
Requirement: The new firmware file is stored on your engineering station.
You will find the requirements for access to the Web server of the CPU (permitted Web
browser) and the description of the procedure in the STEP 7 information system under the
keyword "Information about the Web server".
CP 1243-1
140 Operating Instructions, 02/2018, C79000-G8976-C365-04
Diagnostics and upkeep
6.6 Downloading firmware
Loading firmware
1. Log in on the start page of the Web server as a user with the necessary rights.
Use the user data configured in the user administration of the Web server of the CPU.
2. After logging in, select the entry "Module status" in the navigation panel of the Web
server.
3. Select the CP in the module list.
4. Select the "Firmware" tab lower down in the window.
5. Browse for the firmware file on your PC using the "Browse..." button and download the file
to the station using the "Run update" button.
Note
Closing the Web server
If you close the Web server during the firmware update, you cannot change the operating
status of the CPU to RUN. In this case you need to turn the CPU off and on again to change
the CPU to the operating status RUN.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 141
Diagnostics and upkeep
6.7 Module replacement
Module replacement
CAUTION
Read the system manual "S7-1200 Programmable Controller"
Prior to installation, connecting up and commissioning, read the relevant sections in the
system manual "S7-1200 Programmable Controller" (refer to the documentation in the
Appendix).
When installing and connecting up, keep to the procedures described in the system manual
"S7-1200 Programmable Controller".
Make sure that the power supply is turned off when installing/uninstalling the devices.
The STEP -7 project data of the CP is stored on the local CPU. If there is a fault on the
device, this allows simple replacement of the CP without needing to download the project
data to the station again.
When the station starts up again, the new CP reads the project data from the CPU.
CP 1243-1
142 Operating Instructions, 02/2018, C79000-G8976-C365-04
Technical data 7
7.1 Technical specifications of the CP 1243-1
Technical specifications
Article number 6GK7 243-1BX30-0XE0
Attachment to Industrial Ethernet
Quantity 1
Design RJ-45 jack
Properties 100BASE-TX, IEEE 802.3-2005, half duplex/full duplex, autocrossover, autonego-
tiation, galvanically isolated
Transmission speed 10/100 Mbps
Permitted cable lengths (Ethernet) (Alternative combinations per length range) *
0 ... 55 m • Max. 55 m IE TP Torsion Cable with IE FC RJ45 Plug 180
• Max. 45 m IE TP Torsion Cable with IE FC RJ45 + 10 m TP Cord via
IE FC RJ45 Outlet
0 ... 85 m • Max. 85 m IE FC TP Marine/Trailing/Flexible/FRNC/Festoon/Food Cable with
IE FC RJ45 Plug 180
• Max. 75 m IE FC TP Marine/Trailing/Flexible/FRNC/Festoon/Food Cable +
10 m TP Cord via IE FC RJ45 Outlet
0 ... 100 m • Max. 100 m IE FC TP Standard Cable with IE FC RJ45 Plug 180
• Max. 90 m IE FC TP Standard Cable + 10 m TP Cord via IE FC RJ45 Outlet
Electrical data
Power supply From the S7-1200 backplane bus 5 VDC
Current consumption (typical) From the S7-1200 backplane bus 250 mA
Effective power loss (typical) From the S7-1200 backplane bus 1.25 W
Permitted ambient conditions
Ambient temperature During operation with the rack in- -20 °C to +70 °C
stalled horizontally
During operation with the rack in- -20 °C to +60 °C
stalled vertically
During storage -40 ℃ to +70 ℃
During transportation -40 ℃ to +70 ℃
Relative humidity During operation ≤ 95 % at 25 °C, no condensation
Design, dimensions and weight
Module format Compact module for S7-1200, single width
Degree of protection IP20
Weight 122 g
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 143
Technical data
7.2 Pinout of the Ethernet interface
Technical specifications
Dimensions (W x H x D) 30 x 110 x 75 mm
Installation options Standard DIN rail
Switch panel
Product functions **
CP 1243-1
144 Operating Instructions, 02/2018, C79000-G8976-C365-04
Approvals A
Approvals issued
Note
Issued approvals on the type plate of the device
The specified approvals apply only when the corresponding mark is printed on the product.
You can check which of the following approvals have been granted for your product by the
markings on the type plate.
The CP has the following approvals and meets the following standards:
EC declaration of conformity
The CP meets the requirements and safety objectives of the following EU directives and it
complies with the harmonized European standards (EN) for programmable logic controllers
which are published in the official documentation of the European Union.
● 2014/34/EU (ATEX explosion protection directive)
Directive of the European Parliament and the Council of 26 Febrary 2014 on the
approximation of the laws of the Member States concerning equipment and protective
systems intended for use in potentially explosive atmospheres, official journal of the EU
L96, 29/03/2014, pages. 309-356
● 2014/30/EU (EMC)
EMC directive of the European Parliament and of the Council of February 26, 2014 on the
approximation of the laws of the member states relating to electromagnetic compatibility.;
official journal of the EU L96, 29/03/2014, pages. 79-106
● 2011/65/EU (RoHS)
Directive of the European Parliament and of the Council of 8 June 2011 on the restriction
of the use of certain hazardous substances in electrical and electronic equipment
The EC Declaration of Conformity is available for all responsible authorities at:
Siemens Aktiengesellschaft
Division Process Industries and Drives
Process Automation
DE-76181 Karlsruhe
Germany
You will find the EC Declaration of Conformity for this product on the Internet at the following
address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15922/cert) > "EC Declaration of
Conformity"
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 145
Approvals
IECEx
The CP meets the requirements of explosion protection according to IECEx.
IECEx classification: Ex nA IIC T4 Gc
IECEx certificate: IECEx DEK 14.0088X
The CP meets the requirements of the following standards:
● EN 60079-0
Hazardous areas - Part 0: Equipment - General requirements
● EN 60079-15
Explosive atmospheres - Part 15: Equipment protection by type of protection 'n'
You can see the current versions of the standards in the IECEx certificate that you will find
on the Internet at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15922/cert)
The conditions must be met for the safe deployment of the CP according to the section
Notices on use in hazardous areas according to IECEx / ATEX (Page 34).
You should also note the information in the document "Use of subassemblies/modules in a
Zone 2 Hazardous Area" that you will find on the Internet at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/view/78381013)
ATEX
The product meets the requirements of the EC directive:2014/34/EC "Equipment and
Protective Devices for Use in Potentially Explosive Atmospheres".
ATEX approval: II 3 G Ex nA IIC T4 Gc
Type Examination Certificate: KEMA 10ATEX0166 X
Relevant standards:
● EN 60079-0:2006: Potentially explosive atmosphere - general requirements
● EN 60079-15:2005: Electrical apparatus for explosive gas atmospheres; type of
protection 'n'
The device is suitable for use in environments with pollution degree 2.
The device is suitable for use only in environments that meet the following conditions:
● Class I, Division 2, Group A, B, C, D and areas where there is no risk of explosion
● Class I, Zone 2, Group IIC and areas where there is no risk of explosion
WARNING
Installation guidelines
The product meets the requirements if you keep to the following during installation and
operation:
• The notes in the section Important notes on using the device (Page 33)
• The installation instructions in the document /1/ (Page 151)
CP 1243-1
146 Operating Instructions, 02/2018, C79000-G8976-C365-04
Approvals
Note the conditions for the safe deployment of the CP according to the section Link:
(https://support.industry.siemens.com/cs/ww/en/ps/15922/cert).
You should also note the information in the document "Use of subassemblies/modules in a
Zone 2 Hazardous Area" that you will find on the Internet at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/view/78381013)
c(UL)us
Applied standards:
● Underwriters Laboratories, Inc.: UL 61010-1 (Safety Requirements for Electrical
Equipment for Measurement, Control, and Laboratory Use - Part 1: General
Requirements)
● IEC/UL 61010-2-201 (Safety requirements for electrical equipment for measurement,
control and laboratory use. Particular requirements for control equipment)
● Canadian Standards Association: CSA C22.2 No. 142 (Process Control Equipment)
File Number: E223122
FM
Factory Mutual Approval Standard Class Number 3600, 3611, 3810, ANSI/ISA-61010-1
Equipment rating:
Class I, Division 2, Group A, B, C, D, Temperature Class T4A, Ta = 60 °C
Class I, Zone 2, Group IIC, Temperature Class T4, Ta = 60 °C
Report Number: 3049779, 3049925
Note the conditions for the safe deployment of the CP according to the section Notices on
use in hazardous areas according to FM (Page 35).
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 147
Approvals
Australia - RCM
The CP meets the requirements of the AS/NZS 2064 standards (Class A).
Current approvals
SIMATIC NET products are regularly submitted to the relevant authorities and approval
centers for approvals relating to specific markets and applications.
If you require a list of the current approvals for individual devices, consult your Siemens
contact or check the Internet pages of Siemens Industry Online Support:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15922/cert)
CP 1243-1
148 Operating Instructions, 02/2018, C79000-G8976-C365-04
Dimension drawings B
Note
All dimensions in the drawings of the CP are in millimeters.
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 149
Dimension drawings
CP 1243-1
150 Operating Instructions, 02/2018, C79000-G8976-C365-04
Documentation references C
Where to find Siemens documentation
● Article numbers
You will find the article numbers for the Siemens products of relevance here in the
following catalogs:
– SIMATIC NET - Industrial Communication / Industrial Identification, catalog IK PI
– SIMATIC - Products for Totally Integrated Automation and Micro Automation, catalog
ST 70
You can request the catalogs and additional information from your Siemens
representative. You will also find the product information in the Siemens Industry Mall at
the following address:
Link: (https://mall.industry.siemens.com)
● Manuals on the Internet
You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online
Support:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15247/man)
Go to the required product in the product tree and make the following settings:
Entry type “Manuals”
● Manuals on the data medium
You will find manuals of SIMATIC NET products on the data medium that ships with many
of the SIMATIC NET products.
/1/
SIMATIC
S7-1200 Automation System
system manual
Siemens AG
Link: (https://support.industry.siemens.com/cs/ww/en/ps/13683/man)
/2/
SIMATIC NET
CP 1243-1
Operating Instructions
Siemens AG
Link: (https://support.industry.siemens.com/cs/ww/en/view/103948898)
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 151
Documentation references
/3/
/3/
SIMATIC NET
TeleControl Server Basic (Version V3)
Operating Instructions
Siemens AG
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15918/man)
/4/
SIMATIC NET
Industrial Ethernet Security
Security basics and applications
Configuration manual
Siemens AG
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15326/man)
/5/
SIMATIC NET
Diagnostics and configuration with SNMP
Diagnostics manual
Siemens AG
Link: (https://support.industry.siemens.com/cs/ww/en/ps/15392/man)
CP 1243-1
152 Operating Instructions, 02/2018, C79000-G8976-C365-04
Index
A H
Abbreviations/acronyms, 4 Hardware product version, 3
Article number, 3
I
C IEC addressing, 44
Conditional spontaneous, 109 Image memory, 105
Connection resources, 17 Importing a certificate - e-mail, 74
CPU firmware, 26 Instructions (OUC), 127
Cross references (PDF), 5 Internet connections, 44
Inter-station communication, 101
IP address - program-controlled change, 129
D IP address (master), 44
IP configuration
Data buffering, 18
IPv4, IPv6, 14
Data point type, 96
IP_CONF_V4, 129
Data points - Configuration, 88
IPsec, 79
Dimensions, 37
Disposal, 6
DNP3 addressing, 44
L
DNP3 implementation level, 69
DNP3 master, addressing via the Internet, 23 Logging server, 78
DNS server, 44
DNS server - program-controlled change, 129
M
MAC address, 3
E
MIB, 136
E-mail Mirroring, 99
Configuration, 123
Programming (OUC), 127
Quantity, 18 N
Ethernet interface
NTP, 45
Assignment, 144
NTP (secure), 45
NTP server - program-controlled change, 129
IPsec tunnel,
F
Firewall, 16
Firmware version, 3 O
Frame memory, 18
Online diagnostics, 48, 131
Online functions, 14, 132
OPC quality code, 102
G
Operating statuses (LED displays), 30
Gateway, 83 OUC (Open User Communication), 127
Glossary, 6
CP 1243-1
Operating Instructions, 02/2018, C79000-G8976-C365-04 153
Index
OUC connections V
Resources, 17
Virtual IP address, 61
VPN, 18, 44, 79
P
Passive VPN connection establishment, 83 W
PG/OP connections, 18
Web server, 125
Port 8448, 133
Product name, 4
Program blocks, 12
PUT/GET, 17
R
Recycling, 6
Redundant master, addressing, 24
Replacing a module, 142
S
S7 connections
Enable, 48
Resources, 17
Safety notices, 33
Security, 15
Security diagnostics without port 102, 133
Send buffer, 18, 105
Service & Support, 6
SIMATIC NET glossary, 6
SMS
Programming (OUC), 127
SMTPS, 74
SNMP, 15, 57, 135
SNMPv3, 16, 75
Spontaneous, 109
SSL/TLS, 74
STARTTLS, 74
STEP 7 - version, 26
SYSLOG, 84
T
T_CONFIG, 129
TC_CONFIG, 129
TeleService, 14
Time stamp, 97
Time-of-day synchronization, 14
Training, 6
Transmission mode, 109
Trigger tag - resetting, 108
CP 1243-1
154 Operating Instructions, 02/2018, C79000-G8976-C365-04