Snmp; Vpn - Siemens SIMATIC ET 200AL System Manual

13.4

SNMP

Functionality
Like the CPU, the CP 1543-1 supports the transfer of management information using the
Simple Network Management Protocol (SNMP). To achieve this, an "SNMP agent" is
installed on the CP/CPU that receives and responds to the SNMP queries. Information about
the properties of devices capable of SNMP is contained in so-called MIB files (Management
Information Base) for which the user needs to have the appropriate rights.
With SNMPv1, the "community string" is also sent. The "community string" is like a password
that is sent along with the SNMP query. The requested information is sent when the
"community string" is correct. The request is discarded when the string is incorrect.
With SNMPv3, data can be transferred encrypted. To do this, select either an authentication
method or an authentication and encryption method.
Possible selection:
● Authentication algorithm: none, MD5, SHA-1
● Encryption algorithm: none, AES-128, DES
You can deactivate the use of SNMP for the CP/CPU. Deactivate SNMP if the security
guidelines in your network do not permit SNMP or if you use your own SNMP solution.
To find out how to deactivate SNMP for the CPU, refer to section Disabling SNMP
(Page 58).
13.5

VPN

Functionality
For security modules that protect the internal network, VPN (Virtual Private Network) tunnels
provide a secure data connection through the non-secure external network.
The module uses the IPsec protocol (tunnel mode of IPsec) for tunneling.
In STEP 7 you can assign VPN groups to security modules. VPN tunnels are automatically
established between all modules of a VPN group. A module in one project can belong to
several different VPN groups at the same time in the process.
Communication
Function Manual, 12/2017, A5E03735815-AF
Industrial Ethernet Security with CP 1543-1
13.4 SNMP
245