Download Print this page

Siemens SIMATIC ET 200clean System Manual

Hide thumbs Also See for SIMATIC ET 200clean:

Manual (14 pages)

Table Of Contents

page of 1461

/ 1461
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

Edition

02/2025

MANUAL COLLECTION

SIMATIC

ET 200clean

Distributed I/O system ET 200clean

support.industry.siemens.com

This document contains a compilation

of all manuals for the ET 200clean

system family.

Use the bookmarks on the left edge

of the screen to navigate.

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the SIMATIC ET 200clean and is the answer not in the manual?

Questions and answers

Summary of Contents for Siemens SIMATIC ET 200clean

Page 1 Edition 02/2025 MANUAL COLLECTION SIMATIC ET 200clean This document contains a compilation Distributed I/O system ET 200clean of all manuals for the ET 200clean system family. support.industry.siemens.com Use the bookmarks on the left edge of the screen to navigate.
Page 2 Introduction Safety information SIMATIC System overview ET 200clean Distributed I/O system Mounting System Manual Connecting Configuring Commissioning Maintenance Technical specifications Industrial cybersecurity Safety-related shutdown Dimension drawing Accessories/spare parts 02/2025 A5E53268649-AA...
Page 3: Legal Information
Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.
Page 4 Table of contents Introduction............................SiePortal........................... Guide ET 200clean......................1.2.1 ET200clean information classes..................1.2.2 Basic tools........................1.2.3 S7 Port Configuration Tool (S7-PCT).................. 11 1.2.4 MultiFieldbus Configuration Tool (MFCT)................1.2.5 SIMATIC Technical Documentation..................13 Safety information..........................15 Warnings in this document....................Safety-relevant symbols for ET 200clean................Intended use........................
Page 5 Table of contents Operation on grounded/non-grounded infeed..............32 Electrical configuration of the ET 200clean................ 36 Connecting ET 200clean to functional grounding.............. 38 Connecting cables for ET 200clean..................39 Wiring..........................Factory markings......................46 Configuring............................47 MultiFieldbus engineering....................Detect active fieldbus......................47 PROFINET IO........................
Page 6 Hardening measures......................85 10.7.2 Secure configuration......................85 10.7.3 Handling of sensitive data....................86 10.7.4 Regular firmware updates....................86 10.7.5 Notifications about security vulnerabilities (Siemens Security Advisories)......87 10.7.6 Data backup........................10.7.7 Security checks......................... 88 10.7.8 Secure decommissioning....................88 10.7.8.1 Securely removing data....................
Page 7: Validity Of The Documentation
Introduction Purpose of the documentation This documentation provides you with important information on configuring, installing, wiring and commissioning the SIMATIC ET 200clean distributed I/O devices. Basic knowledge required This manual requires general knowledge of automation engineering. This manual contains a description of the components that were valid at the time the manual was published.
Page 8 • Information about Technical Support is available in section SiePortal (Page 7). • The range of technical documentation for the individual SIMATIC products and systems can be found on the Internet (https://support.industry.siemens.com/cs/ww/en/ps). • Information about the online catalog and online order system is available in section SiePortal (Page 7).
Page 9: Basic Information
For answers and solutions concerning automation technology. • mySiePortal Your personal work area in the SiePortal for notifications, support requests, and configurable documents. This information is provided by SiePortal on the Internet (https://sieportal.siemens.com/). Guide ET 200clean 1.2.1 ET200clean information classes The documentation for the SIMATIC ET 200clean distributed I/O system is arranged into three...
Page 10: General Information
With the TIA Selection Tool , you can generate a complete order list from your product selection or product configuration. You can find the TIA Selection Tool on the Internet. (https://support.industry.siemens.com/cs/ww/en/view/109767888) SIMATIC Automation Tool You can use the SIMATIC Automation Tool to perform commissioning and maintenance activities on various SIMATIC S7 stations as bulk operations independent of TIA Portal.
Page 11 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 12 1.2 Guide ET 200clean SINETPLAN SINETPLAN, the Siemens Network Planner, supports you in planning automation systems and networks based on PROFINET. The tool facilitates professional and predictive dimensioning of your PROFINET installation as early as in the planning stage. In addition, SINETPLAN supports you during network optimization and helps you to exploit network resources optimally and to plan reserves.
Page 13 MultiFieldbus- and DALI-devices. In addition, the MFCT offers convenient options for mass firmware updates of ET 200 devices with MultiFieldbus- support and reading service data for many other Siemens devices. Functional scope of the MFCT • MultiFieldbus configuration:...
Page 14 Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 15: Application Examples
Manuals, characteristics, operating manuals, certificates • Product master data You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 16: Safety Information
Safety information Warnings in this document You can find explanations of the warnings used in this document in the "Legal information" section. Safety-relevant symbols for ET 200clean The following table explains the symbols located on the I/O device with the degree of protection IP65/IP67 and IP69K, on its packaging or in the accompanying documentation.
Page 17: Intended Use
Safety information 2.5 Target group and personnel qualifications Intended use The system is used to control machines and plants. Intended use also includes observance of this documentation, in particular the safety instructions and conditions of use. See section Technical specifications (Page 68). Changes to the device and spare parts Modifications to the module may affect the safety and the function of the module: •...
Page 18 Safety information 2.6 Working on electrical parts Working on electrical parts Only work on electrical parts if you are a qualified specialist (see section Target group and personnel qualifications (Page 16)). • Always observe the country-specific safety rules. • Notify all those who will be affected by the procedure. •...
Page 19: Residual Risks
Safety information 2.7 Residual risks Residual risks 2.7.1 Residual risks Despite all the technical and procedural risk reductions that have been carried out, not all dangers can be avoided. The following sections describe these residual risks and measures to avoid them. 2.7.2 Live parts Operation...
Page 20: Installation And Connection
Safety information 2.7 Residual risks 2.7.3 Conductive pollution Malfunctions may occur if electrical energy is transmitted via conductive soiling. Seal unused connections with a suitable and approved sealing cap. 2.7.4 Overheating Smoke development and fire due to overheating of module and cables may result in burns and life-threatening injuries (death).
Page 21: Material Damage
Safety information 2.9 Material damage Behavior in case of emergency The safety of any plant or system incorporating the equipment is the responsibility of the assembler of the plant or system. If an emergency occurs in the plant or the system, follow the instructions of the assembler and operator.
Page 22: System Overview
System overview Distributed I/O devices SIMATIC ET 200clean SIMATIC ET 200clean The SIMATIC ET 200clean distributed I/O devices are part of a scalable and highly flexible, distributed I/O system for connecting the process signals to a higher-level controller via MultiFieldbus. Customer benefits of the system Figure 1-2 ET 200clean benefits Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 23 System overview 3.1 Distributed I/O devices SIMATIC ET 200clean Area of application The areas of application of the ET 200clean I/O devices result from their special properties. • Easy to clean device shape • Hygienic design • Resistance against variety of industrial cleaning agents and disinfectants •...
Page 24 System overview 3.1 Distributed I/O devices SIMATIC ET 200clean Configuration example The figure below shows an example configuration with the ET 200clean distributed I/O devices in a PROFINET IO network. Figure 1-3 Configuration example of the ET 200clean Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 25 System overview 3.2 Components Components Components of the ET 200clean distributed I/O system The following table shows and explains the function of the most important components of the ET 200clean distributed I/O system. Table 1-1 Overview of components Component Function Figure I/O device •...
Page 26 System overview 3.2 Components Component Function Figure Hygienic M12 seal • Caps for unused connections ing cap with pro • The protective mounting sleeve pro tective mounting tects the sealing cap from damage sleeve during mounting/disassembly Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 27 Mounting Basics Introduction All ET 200clean distributed I/O devices are designed for IP65/IP67 and IP69K degrees of protection. This means that you can directly mount these I/O devices in your plant. Mounting position You can mount the ET 200clean distributed I/O devices in any mounting position. Minimum clearances The minimum clearance around the I/O device is 2 cm.
Page 28: Installation
Mounting 4.2 Installation Installation Introduction The ET 200clean distributed I/O devices are designed for installation on a level, firm surface. The hygienic seals at the support points of the I/O devices provide a hygienic seal to the flat surface. Installation for hygienic requirements If there are hygienic requirements, only use screws and accessories that meet these hygienic requirements.
Page 29 Mounting 4.2 Installation Installing the I/O device The I/O devices have an attachment point on top and on the bottom. To install the I/O device, follow these steps: 1. Drill two fixing holes at a distance of 186 mm. The drilling hole diameter depends on your chosen installation. 2.
Page 30: Rules And Regulations For Operation
Connecting Rules and regulations for operation Introduction The ET 200clean distributed I/O devices are part of plants and systems. Depending on the area of application, follow the special rules and regulations. This section provides an overview of the most important rules to be followed for integrating the ET 200clean distributed I/O devices into a plant or a system.
Page 31: Line Voltage
In the event of danger through overvoltage, you must provide lightning protection measures for internal lightning protection (e.g. lightning protection elements). Additional information can be found in the function manual Designing interference-free controllers (https://support.industry.siemens.com/cs/ww/en/view/59193566). Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 32 • Configure the plant/system in such a way that an error does not result in undefined states. – Line/wire break – Cross-circuit in the line Reference Additional information can be found in the function manual Designing interference-free con trollers (https://support.industry.siemens.com/cs/ww/en/view/59193566). Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 33: Supply Voltages
Connecting 5.2 Operation on grounded/non-grounded infeed Operation on grounded/non-grounded infeed Introduction Information is provided below on the overall configuration of an ET 200clean distributed I/O system on a grounded incoming supply (TN-S network). The specific subjects discussed are: • Disconnecting devices, short-circuit and overload protection to IEC 60364 (corresponding to DIN VDE 0100) and IEC 60204 (corresponding to DIN VDE 0113) •...
Page 34: Components And Protective Measures
Connecting 5.2 Operation on grounded/non-grounded infeed Configuring ET 200clean with non-grounded reference potential (SELV) When configuring the ET 200clean distributed I/O devices with grounded reference potential, occurring interference currents are discharged into functional earth via an internal RC network. You do not need external connection between 1M, 2M and functional earth. Components and protective measures Various components and protective measures are stipulated for setting up a complete plant.
Page 35 Connecting 5.2 Operation on grounded/non-grounded infeed Overall configuration of ET 200clean The following figure shows an ET 200clean distributed I/O device with electrical overall configuration. ① Main switch ② Short-circuit and overvoltage protection ③ Fuses for cable protection ④ When configuring the ET 200clean distributed I/O devices with non-grounded reference poten tial, no connection is made between 1M, 2M and functional earth.
Page 36: Insulation Monitoring
Connecting 5.2 Operation on grounded/non-grounded infeed Insulation monitoring In the following situations, you must provide insulation monitoring: • When setting up the ET 200clean distributed I/O devices with non-grounded reference potential • If dangerous system states occur due to error Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 37: Electrical Isolation
Connecting 5.3 Electrical configuration of the ET 200clean Electrical configuration of the ET 200clean Electrical isolation The electrical configuration of the ET 200clean features electrical isolation between: • 1L+: Non-switched supply voltage (electronics/sensor/load supply): Electrically isolated from all other circuit components •...
Page 38: Cable Protection
Connecting 5.3 Electrical configuration of the ET 200clean Connection of a digital output with a digital input NOTICE Pay attention to the potential groups When a digital output is connected to a digital input, pay attention to the potential groups. Depending on the configuration, 1M and 2M can then be connected, resulting in elimination of the electrical isolation between 1L+ and 2L+.
Page 39 Connecting 5.4 Connecting ET 200clean to functional grounding Power supply of the configuration Two voltage groups are available for the ET 200clean distributed I/O devices. • 1L+ (supply voltage / non-switched) • 2L+ (load voltage / switched) A renewed voltage supply of 1L+ and 2L+ may be necessary. •...
Page 40 Connecting 5.5 Connecting cables for ET 200clean Connection through conductive surface The contact surfaces to the 2 attachment points of the ET 200clean establish the connection to the functional ground. Therefore, follow these instructions: • Installation according to the specifications in the Mounting (Page 26) section •...
Page 41 Connecting 5.6 Wiring Wiring Wiring Connect all cables to the front side of the I/O device: • Supply voltage to the 4-pin M12-L coded round connectors and round sockets • Signal lines to the 5-pin M12-A coded round sockets • PROFINET I/O / MultiFieldbus lines on the 4-pin M12-D coded round sockets Requirement Wire the I/O devices with the supply voltage off.
Page 42 Connecting 5.6 Wiring Connecting the supply voltage, MultiFieldbus and sensor cable/actuator cable To connect M12 connectors, proceed as follows: 1. Insert the plug into the respective round socket on the I/O device. Ensure the correct alignment of the coding between plug and socket. 2.
Page 43 Connecting 5.6 Wiring The following figure shows the connection of the sensor / actuator M12 connectors. Figure 1-9 Connect sensor/actuator cable Pin assignment of the sockets The pin assignment of the sockets can be found in the manuals of the I/O device in the section on pin assignment.
Page 44 Connecting 5.6 Wiring Y-connection (not hygienic) The Y-connection allows you to connect two actuators or sensors to the inputs or outputs of the I/O devices for non-hygienic applications. The use of a Y-cable or the Y-connector is particularly recommended when two channels are occupied for each socket of an I/O device.
Page 45 Connecting 5.6 Wiring Sealing of unused sockets To ensure IP65/IP67 and IP69K degrees of protection, seal off all unused sockets with approved sealing caps. In the case of hygienic requirements, use sealing caps that are approved for this. You can find sealing caps with hygienic seal in the section "Accessories/spare parts (hygienic) (Page 99)".
Page 46 Connecting 5.6 Wiring Article numbers for accessories/spare parts You will find the designations and article numbers in the "Accessories/spare parts (Page 99)" section. Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 47: Factory Markings
Connecting 5.7 Factory markings Factory markings Introduction For better orientation, the ET 200clean distributed I/O system is identified using various markings which will help you when configuring and connecting the I/O devices. Marking of the interfaces The interfaces of the I/O devices are factory-labeled. For hygienic reasons, additional marking of the interfaces is not foreseen.
Page 48 • Comma Separated Values (CSV), contains the I/O data mapping of your configuration You can find additional information on MFCT in the "MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209)" function manual. Detect active fieldbus For exclusive operation on a fieldbus you can recognize the active fieldbus by the number of green LEDs on the MF Device.
Page 49 Equipment Manual, under the "Engineering with" entry. Configuring the ET 200clean with STEP 7 TIA Portal Information on the configuration can be obtained from the STEP 7 online help and in the SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) system manual. Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 50: Isochronous Real-Time Communication
Otherwise, IRT and RT configured IO devices can fail if the sync master fails. Detailed information You can find additional information on the topic of isochronous real-time communication in the STEP 7 online help and in the SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) function manual. Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 51 (QI) in order to use isochronous mode. Detailed information You can find additional information on the topic of isochronous mode in the STEP 7 online help and in the SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) function manual. Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 52: Shared Device
Detailed information You can find additional information on the topic of shared device in the STEP 7 online help and in the SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) function manual. 6.3.5 Module-internal shared input / shared output (MSI/MSO) Module-internal shared input / shared output (MSI/MSO) The module-internal shared input function allows an input module to make its input data available to several IO controllers.
Page 53 V3.0) and on S7-1500R/H CPUs (as of FW V2.6). Detailed information You can find additional information on the topic of system redundancy S2 in the STEP 7 online help and in the SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) function manual. 6.3.7 Device replacement without programming device (PG) Requirement A topology must be created in the project (topological configuration).
Page 54: Media Redundancy
(STEP 7 V5.5 and higher). For additional information, refer to the STEP 7 online help and the SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) manual. EtherNet/IP 6.4.1 Introduction to configuring...
Page 55 Configuring 6.4 EtherNet/IP 6.4.2 EtherNet/IP functions The I/O modules can be configured with MFCT or another user program via EtherNet/IP. The following table shows the supported EtherNet/IP functions with the configuration software MFCT as of V1.5.3.2: Function Firmware version I/O communication with scanner FW 1.1.x or higher Reading diagnostics FW 1.1.x or higher...
Page 56 MultiFieldbus for all downstream devices. The bus interruption is evaluated by the software used and the controller. Detailed information You can find more information in the "MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209)" function manual. 6.5.2 Modbus TCP functions Modbus TCP functions The following table shows the supported functions of the I/O modules in the Modbus TCP mode with the configuration software MFCT as of V1.5.3.2:...
Page 57 The module objects are displayed in the MFCT or in other software during the selection. Detailed information You can find more information in the MF Shared Device section of the "MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209)" function manual. Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 58 Commissioning Commissioning ET 200clean on MultiFieldbus Introduction The commissioning of your distributed I/O devices depends on the respective plant configuration. The following procedure describes how to commission the ET 200clean on an IO controller. Requirements for commissioning on the MultiFieldbus NOTE Performing tests You must ensure the safety of your plant.
Page 59: Identification And Maintenance Data
7.2 Identification and maintenance data Reference Additional information on the commissioning: • STEP 7 online help • In the manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856) • In the MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) function manual Identification and maintenance data 7.2.1 Reading out and entering I&M data Introduction I&M identification data is information which is stored on the I/O device either as read-only...
Page 60: Data Record Structure For I&M Data
With third party software, the "read record" instruction may be named differently. You can find more information in the "MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209)" function manual. Procedure for reading the I&M data using STEP 7 Requirement: An online connection to the I/O device must be available.
Page 61 Explanation Identification data 0: (data record index AFF0 hex) VendorIDHigh read (1 byte) This is where the name of the manufac turer is stored (42 = SIEMENS AG). VendorIDLow read (1 byte) Order_ID read (20 bytes) 6ES7141-7BH00-0BB0 Order number of the I/O device (e.g. of the...
Page 62 Commissioning 7.2 Identification and maintenance data Identification data Access Default Explanation IM_TAG_LOCATION Read/write Enter the installation location of the I/O (22 bytes) device here. Maintenance data 2: (data record index AFF2 hex) IM_DATE Read/write YYYY-MM-DD HH:MM Enter the installation date of the I/O device (16 bytes) here.
Page 63: Maintenance
Maintenance Replacing an I/O device Replacing an I/O device Replacing an I/O device is not permitted during ongoing operation. NOTICE Material damage can occur If you connect or disconnect the I/O devices with the power connected, this can lead to undefined states in your system.
Page 64 Maintenance 8.1 Replacing an I/O device Procedure To replace an I/O device, follow these steps: 1. Disconnect the supply voltage to the I/O device to be replaced. 2. Completely remove all cables connected to the I/O device. 3. Loosen the fixing screws of the I/O device completely. 4.
Page 65: Firmware Update
3. The new I/O device and all downstream I/O devices start up again by themselves. Reference You will find information on the device name in the STEP 7 online help or the MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) function manual. Firmware update Introduction During operation, it may become necessary to update the firmware (e.g. for function extensions).
Page 66 Maintenance 8.3 Resetting the I/O device to factory settings Reference More information about the procedure: • FAQs on the Internet (http://www.siemens.com/automation/service&support) • STEP 7 online help • MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) function manual Resetting the I/O device to factory settings Introduction When you "Reset to factory settings", the I/O device is reset to the "delivery state". All information that was saved internally on the I/O device is deleted.
Page 67: Reset Options
Maintenance 8.3 Resetting the I/O device to factory settings NOTE Substitute value behavior of I/O devices when resetting to factory settings The I/O devices take on the unconfigured state after "Reset to factory settings". There is no I/O data exchange. Reset options You have the following options to reset an I/O device to the factory settings: •...
Page 68: Maintenance And Repair
2 s while "Reset to factory settings" is running. Reference You will find more information on the procedure in the STEP 7 online help and in the Multi Fieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) function manual. Maintenance and repair The components of the SIMATIC ET 200clean system are maintenance-free.
Page 69: Technical Specifications
You can find the associated certificates for download on the Internet. See also: ET 200clean approvals (https://support.industry.siemens.com/cs/ww/en/ps/29390/cert) CE marking The ET 200clean distributed I/O devices meet the requirements and protection targets of the following directives.
Page 70: Rcm Australia/New Zealand
Technical specifications 9.2 Certificates Siemens Aktiengesellschaft Digital Factory Factory Automation DI FA TI COS TT Postfach 1963 D-92209 Amberg UL approval Underwriters Laboratories Inc.: • UL 61010-1, UL 61010-2-201 • CSA C22.2 NO. 61010-1, CSA C22.2 No. 61010-2-201 RCM Australia/New Zealand The ET 200clean distributed I/O system meets the requirements of EN 61000-6-4 Generic standards –...
Page 71: Standards And Requirements
100% Neutral surface disinfectant The testimonial from the ECOLAB® company is available for downloading on the Internet (https://support.industry.siemens.com/cs/ww/en/ps/29390/cert?ct=448). 9.2.1 Fraunhofer Institute for Manufacturing Engineering and Automation (IPA) The ET 200clean distributed I/O devices are certified by IPA as "tested Device". The certificate is available for downloading on the internet (https://support.industry.siemens.com/cs/ww/en/ps/29390/cert?ct=448).
Page 72 Technical specifications 9.3 Standards and requirements The design of the ET 200clean distributed I/O devices corresponds to the EHEDG guidelines. Use in industrial environments The ET 200clean distributed I/O devices are designed for the industrial field. It meets the following standards for this type of use: •...
Page 73: Electromagnetic Compatibility
Technical specifications 9.4 Electromagnetic compatibility Electromagnetic compatibility Definition Electromagnetic compatibility is the ability of an electrical apparatus to function in a satisfactory manner in its electromagnetic environment without affecting this environment. An ET 200clean distributed I/O device fulfills the requirements of the EMC law of the European Union.
Page 74 Technical specifications 9.4 Electromagnetic compatibility Sinusoidal disturbance variables The following tables show the electromagnetic compatibility of the distributed I/O systems to sinusoidal disturbance variables. Table 1-10 RF radiation RF radiation according to IEC 61000-4-3 Corresponds Electromagnetic RF field, amplitude modulated with degree of severity 80 ... 1000 MHz 10 V/m...
Page 75: Transport And Storage Conditions
You can find the values for the rated conditions in the technical specifications of the equipment manuals or on the Internet (https://support.industry.siemens.com/cs/de/en/view/109742718). Tests of mechanical ambient conditions The following table shows the type and scope of the tests on mechanical ambient conditions.
Page 76: Climatic Ambient Conditions
Technical specifications 9.6 Mechanical and climatic ambient conditions Condition tested Test standard Values Shock Shock, tested according Type of shock: Half-sine to IEC 60068-2-27 Shock intensity: 30 g peak value, 18 ms duration Direction of shock: 3 shocks each in ± direction in each of the 3 axes vertical to one another Climatic ambient conditions The following table shows the type and scope of the tests on climatic ambient conditions.
Page 77 Technical specifications 9.7 Details on insulation, protection class, degree of protection and rated voltage Details on insulation, protection class, degree of protection and rated voltage Insulation The insulation is designed in compliance with the requirements of IEC 61010-2-201. NOTE In the case of I/O devices with 24 V DC (SELV/PELV) supply voltage, galvanic isolations are tested with 707 V DC (type test).
Page 78 Technical specifications 9.7 Details on insulation, protection class, degree of protection and rated voltage Degree of protection IP65/67, IP69K (not evaluated by UL) Degree of protection of the ET 200clean distributed I/O system: IP65/IP67 in accordance with IEC 60529 • 1. Code number IP6x: Dust-proof and complete protection from contact •...
Page 79 Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 80 Introduction (Page 6) section. Set up notification of security updates To receive notifications about security updates, follow these steps: 1. Register with mySiePortal (https://sieportal.siemens.com/en-ww/home). 2. Enter the keyword "Security" in the search engine. 3. Choose the "Search in Knowledge base" option.
Page 81 Comprehensive security concept and security strategies 10.4.1 Comprehensive security concept "Defense in Depth" With Defense in Depth, Siemens provides a multi-layer security concept that offers industrial plants comprehensive and far-reaching protection in accordance with the recommendations of the IEC 62443 international standard.
Page 82: Security Management
Siemens will provide you with information and support. Subscribe to the Security feeds (https://www.siemens.com/cert) for information on vulnerabilities. Register with mySiePortal (https://sieportal.siemens.com/en-ww/home) and create filters to be notified when important information is published.
Page 83 Industrial cybersecurity 10.4 Comprehensive security concept and security strategies Employee awareness Regular training in cybersecurity and continuous testing of training success are essential so that cybersecurity measures are internalized in processes and work instructions. This involves general training in the use of software and IT hardware for company communication and as work equipment, e.g.: •...
Page 84 • Setting anomaly references and creating allow and deny lists based on normal network communication and production machine behavior. The SINEC software family offers you reliable security tools (https://www.siemens.com/global/en/products/automation/industrial- communication/sinec-network-software/cybersecurity.html) to detect potential vulnerabilities in OT networks, quickly initiate suitable measures and effectively resolve security vulnerabilities.
Page 85 10.5 Operational application environment and security assumptions 10.5.2 Requirements for the operational application environment and security assumptions Siemens recommends the following security measures: • Conducting a threat and risk assessment (as part of security management) • Network security concepts – Network segmentation –...
Page 86 Security properties of the devices The security properties of the individual devices are listed in the Equipment Manuals. 10.7 Secure operation of the system This section describes measures recommended by Siemens to protect your system from manipulation and unauthorized access. 10.7.1 Hardening measures System hardening, also simply referred to as hardening, is the secure configuration of products or systems.
Page 87 Handling of sensitive data Data protection information Siemens Aktiengesellschaft observes the applicable data protection laws, including the General Data Protection Regulation (GDPR), in particular the rules of data minimization and data protection-friendly default settings (privacy by design, privacy by default).
Page 88 Siemens ProductCERT If Siemens identifies or fixes security gaps (Vulnerabilities) in the products, this will be published in the Security Advisories. You can find the documents for SIMATIC on the following Siemens AG Web page: Siemens ProductCERT and Siemens CERT (https://www.siemens.com/global/en/products/services/cert.
Page 89: Data Backup
• Communication integrity means protecting communication against unauthorized manipulations to ensure high system availability. A central element in this regard is, for example, the use of digital checksums when accessing controllers. (Source: Industrial Cybersecurity website (https://www.siemens.com/us/en/company/topic- areas/cybersecurity/industrial-security.html)) 10.7.8 Secure decommissioning In the following section, you will find information on how to properly decommission individual components of your automation system.
Page 90 Industrial cybersecurity 10.7 Secure operation of the system Secure erasure of data from the I/O device With the following tools, you can securely erase the data from the I/O device: • STEP 7 < V19 • SIMATIC Automation Tool • MultiFieldbus Configuration Tool (MFCT) •...
Page 91 Firmware updates of I/O devices may include a digital signature. The digitally signed firmware update files are available for download on the Siemens Support Web page. The I/O device verifies the authenticity and integrity of the firmware update file before installation using the digital signature with standardized asymmetric cryptography methods.
Page 92 As a check, calculate the hash value of the downloaded firmware update file and compare it with the value specified on the download page. 2. Download the firmware again from the Siemens Support Web page. 3. Repeat the firmware update.
Page 93 Safety-related shutdown 11.1 Safety-related shutdown of ET 200clean Introduction The setup below describes how you shut down ET 200clean standard modules in a fail-safe manner. With the setup shown (e.g. with safety relay 3SK1 or electronic module ET 200SP F-PM-E), all outputs that are connected to load voltage 2L+/2M (24 V Switched) of the ET 200clean standard modules are switched to the safe OFF state.
Page 94 The following figure shows a schematic circuit diagram with safety relay 3SK1. Figure 1-16 Higher-level safety circuit of the outputs You can find an overview table with the article numbers of the I/O devices and other information in the FAQ on safety-related shutdown (https://support.industry.siemens.com/cs/ww/en/view/39198632). Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 95 Figure 1-17 Higher-level safety circuit of the outputs You can find an overview table with the article numbers of the I/O devices and other information in the FAQ on safety-related shutdown (https://support.industry.siemens.com/cs/ww/en/view/39198632). Planning Note the following points when planning safety circuits.
Page 96 • Disabling of dark test (max. SIL 2, Cat.3/PL d) since it causes outputs to drop out briefly Observe the information in Manual for Power Module F-PM-E 24VDC/8A PPM ST (https://support.industry.siemens.com/cs/ww/en/view/78645796) and Product information for Power Module F-PM-E 24VDC/8A PPM ST (https://support.industry.siemens.com/cs/ww/en/view/109761777) •...
Page 97 The information on the safety-related shutdown of standard modules refers to the status of the issue date. Read the up-to-date information on safety-related shutdown in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/39198632). This FAQ specifies the SIMATIC standard modules that are suitable for a safety-related shutdown and a file with wiring examples.
Page 98 Safety-related shutdown 11.1 Safety-related shutdown of ET 200clean Request TÜV report (Report no. SA104002T) You can request copies of the TÜV report at the following address: SIEMENS AG Digital Industries DI FA TI COS TT P.O. Box 1963 D-92209 Amberg, Germany...
Page 99: Dimension Drawing
Dimension drawing The following figure shows the dimensions of an I/O device of the distributed I/O system ET 200clean. Figure 1-18 Dimension drawing of an I/O device Distributed I/O system System Manual, 02/2025, A5E53268649-AA...
Page 100: Accessories/Spare Parts
Online catalog Other article numbers for the ET 200clean distributed I/O system can be found on the internet (https://sieportal.siemens.com/) in SiePortal. 13.2 Accessories/spare parts (not hygienic) Not hygienic accessories for the ET 200clean distributed I/O system Table 1-20 Accessories for power supply...
Page 101 Accessories/spare parts 13.2 Accessories/spare parts (not hygienic) Designation Length Article number M12 CONNECTING CABLE, L-CODED, ANGLED 5.0 m 6XV1801-6GH50 Power connecting cable M12-90/M12-90 for power 10.0 m 6XV1801-6GN10 supply of ET 200 15.0 m 6XV1801-6GN15 Pre-assembled cable with M12 plug and M12 socket, L-coded, 4-pin Robust Power Connecting Cable M12-180/M12-180;...
Page 102 Accessories/spare parts 13.2 Accessories/spare parts (not hygienic) Designation Article number FC TP FRNC Cable (FRNC sheath) 6XV1871‑2F FC TP Food Cable (PE sheath) 6XV1871‑2L FC TP Festoon Cable GP (PVC sheath) 6XV1871‑2S Table 1-23 Pre-assembled cable PROFINET M12 Designation Article number Pre-assembled cable for X1 P1R PN (LAN) and X1 P2R PN (LAN) PROFINET M12 connecting cable, trailing cable, pre- 0.3 m...
Page 103 UL-approved cables In combination with the UL-approved cables for the power supply and the connection of inputs/outputs, the SIMATIC ET 200clean distributed I/O devices meet UL approval. Siemens has UL-approved cables for these applications in the product portfolio. Distributed I/O system...
Page 104 Introduction Industrial cybersecurity SIMATIC Product overview ET 200clean I/O device digital input DI Wiring 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) PROFINET IO Equipment Manual EtherNet/IP Modbus TCP Technical specifications Dimension drawing Parameter data record 02/2025 A5E53132144-AA...
Page 106 Table of contents Introduction............................Introduction........................Guide ET 200clean......................1.2.1 ET200clean information classes..................1.2.2 Basic tools........................1.2.3 MultiFieldbus Configuration Tool (MFCT)................1.2.4 SIMATIC Technical Documentation..................10 Industrial cybersecurity........................12 Introduction to industrial cybersecurity................12 Cybersecurity information....................12 Cybersecurity-relevant information................... 13 Product overview..........................15 Properties ........................
Page 107: Table Of Contents
Table of contents 6.1.4 Update time of the I/O data....................39 6.1.5 Address space........................39 Diagnostics........................43 6.2.1 Status and error displays for EtherNet/IP................43 Modbus TCP............................46 Functions/parameters/address space................. 46 7.1.1 Supported Modbus TCP functions..................46 7.1.2 Parameters........................47 7.1.3 Explanation of the parameters..................
Page 108 Introduction Introduction Purpose of the documentation This Equipment Manual supplements the ET 200clean Distributed I/O System (https://support.industry.siemens.com/cs/ww/en/view/109822889) System Manual. Functions that relate in general to the distributed I/O devices ET 200clean are described in this System Manual. The MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual describes general MultiFieldbus functions.
Page 109 This arrangement enables you to access the specific content you require. You can download the documentation free of charge from the Internet (https://support.industry.siemens.com/cs/us/en/view/109742718). Basic information The System Manual describes in detail the configuration, installation, wiring and commissioning of the SIMATIC ET 200clean distributed I/O system The STEP 7 online help supports you in the configuration and programming.
Page 110: Basic Tools
With the TIA Selection Tool , you can generate a complete order list from your product selection or product configuration. You can find the TIA Selection Tool on the Internet. (https://support.industry.siemens.com/cs/ww/en/view/109767888) SIMATIC Automation Tool You can use the SIMATIC Automation Tool to perform commissioning and maintenance activities on various SIMATIC S7 stations as bulk operations independent of TIA Portal.
Page 111 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 112 MultiFieldbus- and DALI-devices. In addition, the MFCT offers convenient options for mass firmware updates of ET 200 devices with MultiFieldbus- support and reading service data for many other Siemens devices. Functional scope of the MFCT • MultiFieldbus configuration:...
Page 113 Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 114: Application Examples
Manuals, characteristics, operating manuals, certificates • Product master data You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 115 Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 116 Corrective measures for known risks Corrective measures for known risks are announced on the Siemens ProductCERT and Siemens CERT (https://siemens.com/productcert) web page. You can find more information on SIEMENS ProductCERT in the System Manual (https://support.industry.siemens. com/cs/ww/en/view/109822889). Security checks You can find descriptions of specific security measures, such...
Page 117 Industrial cybersecurity 2.3 Cybersecurity-relevant information See also PROFINET Function Manual (https://support.industry.siemens.com/cs/us/en/view/49948856) I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 118: Product Overview
Product overview Properties Article number 6ES7141-7BH00-0BB0 View of the I/O device Figure 2-1 View of the I/O device DI 16x24VDC 8xM12 I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 119: Other Components
• Hygienic M12 sealing cap • Hygienic fixing screw M5 See also You can find more information on accessories in the ET 200clean Distributed I/O System (https://support.industry.siemens.com/cs/ww/en/view/109822889) System Manual. I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 120: Operator Controls And Display Elements
Product overview 3.2 Operator controls and display elements Operator controls and display elements The figure below shows the operator controls and display elements of the DI 16x24VDC 8xM12 I/O device. ① MF (LAN): Sockets for connecting MultiFieldbus ② P1 LK: LINK port status LED ③...
Page 121 Wiring Terminal and block diagram The figure below shows an example of the connections and components of the I/O device. ① Bus interface with integrated 2-port 1M Ground 1M (non-switched) switch ② DI circuit 2L+ Load voltage 2L+ (switched) ③ Internal supply voltage 2M Ground 2M (switched) X10 - X17 Channels 0 to 15 RN/NS RUN/network status LED...
Page 122: Terminal Circuit Diagram
Wiring 4.1 Terminal and block diagram Terminal circuit diagram The figure below shows an example of the pin assignment of signal inputs with 2-wire and 3-wire connection with single and dual assignment of the sockets. ① 2-wire connection (dual assignment of the Ground 1M (non-switched) socket) ②...
Page 123: Pin Assignment
Wiring 4.2 Pin assignment Pin assignment Pin assignment MultiFieldbus connector The following table shows the pin assignment of the MultiFieldbus connector. Table 2-1 Pin assignment of the MultiFieldbus connector, port 1 and 2 Assignment of the core Assignment Front view of the connectors color of the PROFINET cable Assignment X1 P1R...
Page 124 Wiring 4.2 Pin assignment Assignment Front view of the sockets X10 to X17 - sockets for digital inputs X10, X12, X11, X13, X14, X16 X15, X17 Ground 1M Input signal DI : Connector X10 Input signal DI : Connector X11 Input signal DI : Connector X12 Input signal DI...
Page 125 Wiring 4.2 Pin assignment Pin assignment of the socket for loop-through of the supply voltage (M12 L-coded) The table below shows the pin assignment of the M12 L-coded socket for loop-through of the supply voltage. Table 2-4 Pin assignment of the supply voltage socket Assignment of the Assignment Front view of the sock...
Page 126: Parameters/Address Space
PROFINET IO Parameters/address space 5.1.1 Parameters The table below shows the parameters for the I/O device digital inputs DI 16x24VDC 8xM12. Table 2-5 Configurable parameters and their defaults (GSD file) Parameters Value range Default Scope with configura tion software, e.g. STEP 7 (TIA Portal) Diagnostics: Low voltage 1L+ •...
Page 127: Explanation Of The Parameters
PROFINET IO 5.1 Parameters/address space 5.1.2 Explanation of the parameters Diagnostics: Low voltage 1L+ Enabling of the diagnostics for insufficient supply voltage 1L+. Diagnostics: Low voltage 1L+ triggers the "Undervoltage" maintenance event. You can find more information in section Maintenance events (Page 34). Diagnostics: Short-circuit Enabling of diagnostics for short-circuit to ground at transducer supply Diagnostics: Wire break detection and alarm...
Page 128: Address Space
PROFINET IO 5.1 Parameters/address space Hardware interrupt on falling edge Specifies whether a hardware interrupt is generated for a falling edge on the channel. A hardware interrupt is only generated for the channel when there is a fault-free signal (value status/QI = 1).
Page 129 PROFINET IO 5.1 Parameters/address space Address space for configuration as 1 x 16-channel DI 16x24VDC The table below shows the assignments in the process image input (PII) of the address space with configuration as 16-channel I/O device digital inputs without value status. Table 2-7 Address space for configuration as 1 x 16-channel DI 16x24VDC Bit →...
Page 130 PROFINET IO 5.1 Parameters/address space Address space for configuration as 1 x 16-channel DI 16x24VDC QI The table below shows the assignments in the process image input (PII) of the address space with configuration as 16-channel I/O device digital inputs with value status. You can freely assign the start address for the I/O device.
Page 131 You can find information on the functionality Module-internal Shared Input/Shared Output (MSI/MSO) in the STEP 7 online help or in the function manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856). I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 132: Interrupts/Diagnostics Alarms
PROFINET IO 5.2 Interrupts/diagnostics alarms Interrupts/diagnostics alarms 5.2.1 Status and error displays LED displays The figure below shows the LED displays (status and error displays) of the I/O device DI 16x24VDC 8xM12. ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③...
Page 133 PROFINET IO 5.2 Interrupts/diagnostics alarms Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on PROFINET Table 2-10 Error display of the LEDs LEDs Meaning Remedy Missing or insufficient supply voltage Check the supply voltage. at the I/O device. Test of LEDs during startup: The three LEDs light up simultaneously for approximately 0.25 s.
Page 134 PROFINET IO 5.2 Interrupts/diagnostics alarms P1 LK and P2 LK LEDs Table 2-11 Error display of the P1 LK and P2 LK LEDs LEDs Meaning Remedy P1 LK P2 LK There is no Ethernet connection between Check whether the bus cable to the the communications interface of your IO switch/communication partner is interrup...
Page 135: Diagnostic Interrupt
PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.2 Interrupts The I/O device digital inputs DI 16x24VDC 8xM12 supports diagnostic and hardware interrupts. Diagnostic interrupt The I/O device generates a diagnostic interrupt on the following events: • Wire break • Internal module fault • Parameter error •...
Page 136 PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.3 Alarms 5.2.3.1 Diagnostics alarms A diagnostics alarm is output for each diagnostics event. On the I/O device DI 16x24VDC 8xM12, the ER/MS LED flashes red. You can read out the diagnostics alarms in the diagnostics buffer of the CPU, for example.
Page 137: Maintenance Events
PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.3.2 Maintenance events Triggering of a maintenance event The MultiFieldbus interfaces of the ET 200clean support the diagnostics concept and maintenance concept in PROFINET according to the IEC 61158-6-10 standard. The goal is to detect and remove potential problems as soon as possible. The I/O device signals a maintenance event to the higher-level diagnostic system on the following event: Table 2-14 Triggering of a maintenance event...
Page 138: Hardware Interrupts
PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.3.3 Hardware interrupts During a hardware interrupt, the CPU interrupts processing of the user program and processes the hardware interrupt organization block. For detailed information on the event, refer to the hardware interrupt organization block with the "RALRM"...
Page 139: Supported Functions
EtherNet/IP Functions/parameters/address space 6.1.1 Supported EtherNet/IP functions Supported functions The table below shows the functions that the I/O device supports with EtherNet/IP. Supported functions Remarks I/O communication with scanner FW 1.1.x or higher Parameter assignment FW 1.1.x or higher Reading diagnostics FW 1.1.x or higher Normative CIP objects FW 1.1.x or higher...
Page 140 EtherNet/IP 6.1 Functions/parameters/address space Supported CIP objects for EtherNet/IP The table below shows the CIP objects that the I/O device supports with EtherNet/IP. Supported CIP objects Remarks Identity object FW 1.1.x or higher Assembly object FW 1.1.x or higher Connection Manager object FW 1.1.x or higher TCP/IP Interface object FW 1.1.x or higher...
Page 141: Explanation Of The Parameters
EtherNet/IP 6.1 Functions/parameters/address space 6.1.3 Explanation of the parameters Diagnostics: Low voltage 1L+ Enabling of the diagnostics for insufficient supply voltage 1L+. Diagnostics: Short-circuit Enabling of diagnostics for short-circuit to ground at transducer supply Diagnostics: Wire break detection and alarm Activates wire break detection and enabling of diagnostics for the digital input in case of an interruption of the cable between the encoder and I/O device.
Page 142: Update Time Of The I/O Data
EtherNet/IP 6.1 Functions/parameters/address space Hardware interrupt on falling edge Specifies whether a hardware interrupt is generated via the data status on a falling edge on the channel. The hardware interrupt information can be read and confirmed via CIP EtherNet/IP. A hardware interrupt is only generated for the channel when there is a fault-free signal (value status/QI = 1).
Page 143 EtherNet/IP 6.1 Functions/parameters/address space Address space for configuration as 1 x 16-channel DI 16x24VDC The table below shows the assignments in the process image input (PII) of the address space with configuration as 16-channel I/O device digital inputs without value status. Table 2-17 Address space for configuration as 1 x 16-channel DI 16x24VDC without value status Bit →...
Page 144 EtherNet/IP 6.1 Functions/parameters/address space Address space for configuration as 1 x 16-channel DI 16x24VDC QI The table below shows the assignments in the process image input (PII) of the address space with configuration as 16-channel I/O device digital inputs with value status. The addresses of the channels are derived from the start address.
Page 145 * 0 = Value read in at channel is incorrect Reference You can find information about the Module Internal Shared Input/Shared Output (MSI/MSO) functionality in the MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856). I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 146: Diagnostics
EtherNet/IP 6.2 Diagnostics Diagnostics 6.2.1 Status and error displays for EtherNet/IP LED displays The figure below shows the LED displays (status and error displays) of the I/O device DI 16x24VDC 8xM12. ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③...
Page 147 EtherNet/IP 6.2 Diagnostics Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on EtherNet/IP The LEDs display the status with the highest priority if there are different LED states due to overlaid events. (0 = off, 1 = green flashing, 2 = green, 3 = yellow, 4 = red flashing, 5 = red) The following table shows the meaning of the RN/NS, ER/MS LEDs and MT/IO LEDs for EtherNet/IP: Table 2-20 Error display of the LEDs...
Page 148 EtherNet/IP 6.2 Diagnostics LEDs Meaning Remedy Test of LEDs during startup: The three LEDs light up simultaneously for Flashes Flashes Flashes approximately 0.25 s in red. Then for approximately 0.25 s in green. Hardware or firmware defective. You can read out the service data with MFCT.
Page 149: Modbus Tcp
Modbus TCP Functions/parameters/address space 7.1.1 Supported Modbus TCP functions Supported functions The table below shows the functions that the I/O device supports with Modbus TCP. Supported functions RegLayoutVersion Remarks I/O communication with Modbus client V1.0 FW 1.1.x or higher Free user registers (e.g. for coordination of the redundancy) V1.0 FW 1.1.x or higher Device information...
Page 150: Parameters
Modbus TCP 7.1 Functions/parameters/address space 7.1.2 Parameters The table below shows the parameters for the I/O device digital inputs DI 16x24VDC 8xM12. Table 2-23 Configurable parameters and their defaults (GSD file) Parameters Value range Default Effective range with configuration soft ware, for example, MFCT Diagnostics: Low voltage 1L+ •...
Page 151: Explanation Of The Parameters
Modbus TCP 7.1 Functions/parameters/address space 7.1.3 Explanation of the parameters Diagnostics: Low voltage 1L+ Enabling of the diagnostics for insufficient supply voltage 1L+. Diagnostics: Short-circuit Enabling of diagnostics for short-circuit to ground at transducer supply Diagnostics: Wire break detection and alarm Activates wire break detection and enabling of diagnostics for the digital input in case of an interruption of the cable between the encoder and I/O device.
Page 152: Update Time Of The I/O Data
Modbus TCP 7.1 Functions/parameters/address space Hardware interrupt on falling edge Specifies whether a hardware interrupt is generated via the data status on a falling edge on the channel. The hardware interrupt information can be read and confirmed via the event interface.
Page 153 Modbus TCP 7.1 Functions/parameters/address space Address space for configuration as 1 x 16-channel DI 16x24VDC The table below shows the assignments in the process image input (PII) of the address space with configuration as 16-channel I/O device digital inputs without value status. Table 2-25 Address space for configuration as 1 x 16-channel DI 16x24VDC without value status Bit →...
Page 154 Modbus TCP 7.1 Functions/parameters/address space Address space for configuration as 1 x 16-channel DI 16x24VDC QI The table below shows the assignments in the process image input (PII) of the address space with configuration as 16-channel I/O device digital inputs with value status. The addresses of the channels are derived from the start address.
Page 155 * 0 = Value read in at channel is incorrect Reference You can find information about the Module Internal Shared Input/Shared Output (MSI/MSO) functionality in the MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856). I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 156: Diagnostics
Modbus TCP 7.2 Diagnostics Diagnostics 7.2.1 Status and error displays for Modbus TCP LED displays The figure below shows the LED displays (status and error displays) of the I/O device DI 16x24VDC 8xM12. ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③...
Page 157 Modbus TCP 7.2 Diagnostics Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on modbus TCP The LEDs display the status with the highest priority if there are different LED states due to overlaid events. (0 = off, 1 = green flashing, 2 = green, 3 = yellow, 4 = red flashing, 5 = red) The following table shows the meaning of the RN/NS, ER/MS LEDs and MT/IO LEDs for Modbus TCP: Table 2-28 Error display of the LEDs...
Page 158 Modbus TCP 7.2 Diagnostics P1 LK and P2 LK LEDs Table 2-29 Error display of the P1 LK and P2 LK LEDs LEDs Meaning Remedy P1 LK P2 LK There is no Ethernet connection between Check whether the bus cable to the the communications interface of your IO switch/communication partner is interrup...
Page 159: Technical Specifications
Technical specifications of the I/O device digital inputs DI 16x24VDC 8xM12 The following table shows the technical specifications as of the issue date. You can find a data sheet including daily updated technical specifications on the Internet (https://support.industry.siemens.com/cs/de/en/pv/6ES7141-7BH00-0BB0/td?dl=en). Article number 6ES7141-7BH00-0BB0 General information ...
Page 160 Technical specifications Article number 6ES7141-7BH00-0BB0 Input current Current consumption (rated value) 85 mA; without load from load voltage 1L+ (unswitched voltage) 12 A; Maximum value from load voltage 2L+, max. 12 A; Maximum value Encoder supply Number of outputs 24 V encoder supply ...
Page 161 Technical specifications Article number 6ES7141-7BH00-0BB0 Encoder Connectable encoders • 2-wire sensor permissible quiescent current (2-wire 1.5 mA – sensor), max. Interfaces Number of PROFINET interfaces 1. Interface Interface type PROFINET with 100 Mbit/s full duplex (100BASE-TX) Interface types ...
Page 162 Technical specifications Article number 6ES7141-7BH00-0BB0 EtherNet/IP Services – CIP Implicit Messaging CIP Explicit Messaging – – CIP Safety – Shared device Yes; 2x EtherNet/IP Scanner – Number of scanners with shared device, max. Updating times – Requested Packet Interval (RPI) 2 ms Redundancy mode ...
Page 163 Technical specifications Article number 6ES7141-7BH00-0BB0 Isochronous mode Equidistance shortest clock pulse 250 µs max. cycle 4 ms Jitter, max. 10 µs Interrupts/diagnostics/status information Alarms • Diagnostic alarm Yes; Parameterizable • Maintenance interrupt Yes; Parameterizable • Hardware interrupt Yes; Parameterizable Diagnoses ...
Page 164 Category according to ISO 13849-1 Cat. 3 SIL acc. to IEC 62061 SIL 2 • • remark on safety-oriented shutdown https://sup port.industry.siemens.com/cs/de/en/view/39198 product functions / security / header signed firmware update safely removing data Ambient conditions Ambient temperature during operation ...
Page 165: Dimension Drawing
Dimension drawing Dimension drawing The figure below shows the dimension drawing of the I/O device digital inputs DI 16x24VDC 8xM12 in the front and side views. Figure 2-9 Dimension drawing I/O device digital input DI 16x24VDC 8xM12 (6ES7141-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132144-AA...
Page 166: Parameter Data Record
Parameter data record 10.1 Dependencies for the configuration When configuring the I/O device, the parameter settings are independent of each other. 10.2 Structure of data record 128 for I/O device parameter assignment With data record 128, you can reconfigure the I/O device in your user program, regardless of your programming.
Page 167 Parameter data record 10.2 Structure of data record 128 for I/O device parameter assignment Structure of data record 128 The following table shows the structure of data record 128 and its parameters with configuration as a 1 x 16-channel I/O device. The channel parameter blocks are identical and are shown based on the example of Channel 0.
Page 168: Error Transferring The Data Record
Parameter data record 10.3 Error transferring the data record Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Byte ↓ 28…30 Channel 7 channel parameter block 31…33 Channel 8 channel parameter block 34…36 Channel 9 channel parameter block 37…39 Channel 10 channel parameter block...
Page 169 Parameter data record 10.3 Error transferring the data record Error code in STATUS parameter Meaning Solution DS128 (hexadecimal) Byte 0 Byte 1 Byte 2 Byte 3 Invalid diagnostics enable bit set for Check the parameters of the I/O device. ✓ operating mode.
Page 170 Introduction Industrial cybersecurity SIMATIC Product overview ET 200clean I/O device digital inputs/outputs Wiring DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) PROFINET IO Equipment Manual EtherNet/IP Modbus TCP Technical specifications Dimension drawing Parameter data record 02/2025 A5E53132194-AA...
Page 172 Table of contents Introduction............................Guide ET 200clean......................1.1.1 ET200clean information classes..................1.1.1.1 ET 200clean Documentation guide..................1.1.2 Basic tools........................1.1.3 MultiFieldbus Configuration Tool (MFCT)................1.1.4 SIMATIC Technical Documentation..................10 Industrial cybersecurity........................12 Introduction to industrial cybersecurity................12 Cybersecurity information....................12 Cybersecurity-relevant information...................
Page 173 Table of contents 6.1.4 Update time of the I/O data....................44 6.1.5 Address space........................44 Diagnostics........................49 6.2.1 Status and error displays for EtherNet/IP................49 Modbus TCP............................53 Functions/parameters/address space................. 53 7.1.1 Supported Modbus TCP functions..................53 7.1.2 Parameters........................54 7.1.3 Explanation of the parameters..................
Page 174: Introduction
Introduction Purpose of the documentation This Equipment Manual supplements the ET 200clean Distributed I/O System (https://support.industry.siemens.com/cs/ww/en/view/109822889) System Manual. Functions that relate in general to the distributed I/O devices ET 200clean are described in this System Manual. The MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual describes general MultiFieldbus functions. This equipment manual describes the specific adaptations for this I/O device.
Page 175: Guide Et 200Clean
This arrangement enables you to access the specific content you require. You can download the documentation free of charge from the Internet (https://support.industry.siemens.com/cs/us/en/view/109742718). Basic information The System Manual describes in detail the configuration, installation, wiring and commissioning of the SIMATIC ET 200clean distributed I/O system The STEP 7 online help supports you in the configuration and programming.
Page 176: Basic Tools
With the TIA Selection Tool , you can generate a complete order list from your product selection or product configuration. You can find the TIA Selection Tool on the Internet. (https://support.industry.siemens.com/cs/ww/en/view/109767888) SIMATIC Automation Tool You can use the SIMATIC Automation Tool to perform commissioning and maintenance activities on various SIMATIC S7 stations as bulk operations independent of TIA Portal.
Page 177 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 178: Multifieldbus Configuration Tool (Mfct)
MultiFieldbus- and DALI-devices. In addition, the MFCT offers convenient options for mass firmware updates of ET 200 devices with MultiFieldbus- support and reading service data for many other Siemens devices. Functional scope of the MFCT • MultiFieldbus configuration:...
Page 179: Simatic Technical Documentation
Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 180: Application Examples
Manuals, characteristics, operating manuals, certificates • Product master data You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 181: Industrial Cybersecurity
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 182: Cybersecurity-Relevant Information
Corrective measures for known risks Corrective measures for known risks are announced on the Siemens ProductCERT and Siemens CERT (https://siemens.com/productcert) web page. You can find more information on SIEMENS ProductCERT in the System Manual (https://support.industry.siemens. com/cs/ww/en/view/109822889). Security checks You can find descriptions of specific security measures, such...
Page 183 Industrial cybersecurity 2.3 Cybersecurity-relevant information See also PROFINET Function Manual (https://support.industry.siemens.com/cs/us/en/view/49948856) I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 184: Product Overview
Product overview Properties Article number 6ES7143-7BH00-0BB0 View of the I/O device Figure 2-10 View of the I/O device DIQ 16x24VDC/0.5A 8xM12 I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 185 Product overview 3.1 Properties Properties The I/O device has the following technical properties: • Using the MultiFieldbus function, it connects the ET 200clean distributed I/O system with one of the following bus protocols: – PROFINET IO – EtherNet/IP – Modbus TCP • 16 digital inputs/digital outputs, depending on configuration and parameter assignment –...
Page 186: Other Components
• Hygienic M5 fixing screw See also You can find more information on accessories in the ET 200clean Distributed I/O System (https://support.industry.siemens.com/cs/ww/en/view/109822889) System Manual. Operator controls and display elements The figure below shows the operator controls and display elements of the DIQ 16x24VDC/0.5A 8xM12 I/O device.
Page 187 Product overview 3.2 Operator controls and display elements ⑥ ER/MS: ERROR/module status LED ⑦ RN/NS: RUN/network status LED ⑧ LED displays 0 to 15 for channel status/channel error ⑨ X81: Socket for loop-through of the supply and load voltage ⑩ X80: Connector for infeed of supply and load voltage ⑪...
Page 188: Wiring
Wiring Terminal and block diagram I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 189 Wiring 4.1 Terminal and block diagram The figure below shows an example of the connections and components of the I/O device. ① Bus interface with integrated 2-port switch Ground 1M (non-switched) ② Monitoring Load voltage 2L+ (switched) ③ DIQ circuit (1L+, 1M) Ground 2M (switched) ④...
Page 190 Wiring 4.1 Terminal and block diagram Terminal circuit diagram The figure below shows an example of the pin assignment of signal outputs and signal inputs with single and dual assignment of the sockets. ① Configured as inputs: 2-wire connection Ground 1M (non-switched) ②...
Page 191: Pin Assignment
Wiring 4.2 Pin assignment Pin assignment Pin assignment MultiFieldbus connector The following table shows the pin assignment of the MultiFieldbus connector. Table 2-31 Pin assignment of the MultiFieldbus connector, port 1 and 2 Assignment of the core Assignment Front view of the connectors color of the PROFINET cable Assignment X1 P1R...
Page 192 Wiring 4.2 Pin assignment Pin assignment of the sockets for digital inputs/digital outputs The tables below show the pin assignments of the 8 sockets for connection of the digital inputs/digital outputs. Table 2-32 Pin assignment for digital inputs/digital outputs Assignment Front view of the sockets X10 to X13 - sockets for digital inputs/digital X10, X12 X11, X13...
Page 193 If you use the digital outputs for safety-related shutting down, follow the information in the System Manual in the "Safety-related shutdown" chapter. See also: ET 200clean System Manual (https://support.industry.siemens.com/cs/ww/en/view/109822889) Pin assignment of the connector for infeed of the supply voltage (M12 L-coded) The table below shows the pin assignment of the M12 L-coded connector for infeed of the supply voltage.
Page 194 Wiring 4.2 Pin assignment Pin assignment of the socket for loop-through of the supply voltage (M12 L-coded) The table below shows the pin assignment of the M12 L-coded socket for loop-through of the supply voltage. Table 2-35 Pin assignment of the supply voltage socket Assignment of the Assignment Front view of the sock...
Page 195: Profinet Io
PROFINET IO Parameters/address space 5.1.1 Parameters The table below shows the parameters for the I/O device DIQ 16x24VDC/0.5A 8xM12. Table 2-36 Configurable parameters and their defaults (GSD file) Parameters Value range Default Scope with configura tion software, e.g. STEP 7 (TIA Portal) Diagnostics: Low voltage 1L+ •...
Page 196: Explanation Of The Parameters
PROFINET IO 5.1 Parameters/address space 5.1.2 Explanation of the parameters Diagnostics: Low voltage 1L+ Enabling of the diagnostics for insufficient supply voltage 1L+. Diagnostics: Low voltage 1L+ triggers the "Undervoltage" maintenance event. You can find more information in section Maintenance events (Page 38). Diagnostics: Missing 2L+ Enabling of the diagnostics for missing or insufficient load voltage 2L+.
Page 197: Configuration Mode
PROFINET IO 5.1 Parameters/address space Hardware interrupt on rising edge Specifies whether a hardware interrupt is generated for a rising edge on the channel. A hardware interrupt is only generated for the channel when there is a fault-free signal (value status/QI = 1).
Page 198: Address Space
PROFINET IO 5.1 Parameters/address space 5.1.3 Address space The DIQ 16x24VDC/0.5A 8xM12 I/O device can be configured differently; see the following table. Depending on the configuration, additional/different addresses are assigned in the process images. Configuration options of the DIQ 16x24VDC/0.5A 8xM12 I/O device You can configure the I/O device Digital Inputs / Outputs like this: •...
Page 199 PROFINET IO 5.1 Parameters/address space Value status (Quality Information, QI) The value status is always returned with the following configuration options: • DIQ 16x24VDC/0.5A, QI • DIQ 16x24VDC/0.5A, MSI/MSO Evaluating the value status An additional 4 bytes are occupied in the input address space if you enable the value status for the I/O device.
Page 200 PROFINET IO 5.1 Parameters/address space Address space for configuration as 1 x 16-channel DIQ 16x24VDC MSI/MSO The 1st submodule (= basic submodule) behaves like a 1 x 16-channel DIQ 16x24VDC. The value status (Quality Information, QI) is always activated for the submodule. Diagnostics and hardware interrupts are signaled for this submodule.
Page 201 You can find information on the functionality Module-internal Shared Input/Shared Output (MSI/MSO) in the STEP 7 online help or in the function manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856). Address space for configuration as 2 x 8-channel DIQ 16x24VDC S The table below shows the address space allocation with configuration as a 2 x 8-channel I/O device with digital inputs/digital outputs without value status.
Page 202 PROFINET IO 5.1 Parameters/address space Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Description Byte ↓ Assignment in process image output (PIQ) submodule 2 QB y Output values at channels 4 ... 7 QB y +1 Output values at channels 12 ... 15 I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 203: Interrupts/Diagnostics Alarms
PROFINET IO 5.2 Interrupts/diagnostics alarms Interrupts/diagnostics alarms 5.2.1 Status and error displays LED displays The figure below shows the LED displays (status and error displays) of the I/O device DIQ 16x24VDC/0.5A 8xM12. ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③...
Page 204 PROFINET IO 5.2 Interrupts/diagnostics alarms Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on PROFINET Table 2-42 Error display of the LEDs LEDs Meaning Solution Missing or insufficient supply voltage Check the supply voltage. at the I/O device. Test of LEDs during startup: The three LEDs light up simultaneously for approximately 0.25 s.
Page 205 PROFINET IO 5.2 Interrupts/diagnostics alarms PWR LED Table 2-43 Status display of the PWR LED PWR LED Meaning Load voltage 2L+ is missing or too low Load voltage 2L+ present P1 LK and P2 LK LEDs Table 2-44 Error display of the P1 LK and P2 LK LEDs LEDs Meaning Solution...
Page 206: Interrupts
PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.2 Interrupts The I/O device digital inputs DIQ 16x24VDC/0.5A 8xM12 supports diagnostic and maintenance interrupts. Diagnostic interrupt The I/O device generates a diagnostic interrupt on the following events: • Wire break • Internal module fault •...
Page 207: Maintenance Events
PROFINET IO 5.2 Interrupts/diagnostics alarms Table 2-46 Diagnostics alarms, their meanings and corrective measures Diagnostics alarm Error code Meaning Corrective measures Wire break Fault in the external circuitry Check the external circuitry and correct the fault. Encoder faulty Replace the encoder. Impedance of encoder circuitry is too high Use a different encoder type or modify the wiring.
Page 208: Hardware Interrupts
PROFINET IO 5.2 Interrupts/diagnostics alarms System alarms in STEP 7 The maintenance information is generated in STEP 7 with the following system alarms: • Maintenance demanded - indicated for each port by a yellow wrench icon in the device view or in the hardware configuration. You can find additional information in the STEP 7 online help.
Page 209: Ethernet/Ip
EtherNet/IP Functions/parameters/address space 6.1.1 Supported EtherNet/IP functions Supported functions The table below shows the functions that the I/O device supports with EtherNet/IP. Supported functions Remarks I/O communication with scanner FW 1.1.x or higher Parameter assignment FW 1.1.x or higher Reading diagnostics FW 1.1.x or higher Normative CIP objects FW 1.1.x or higher...
Page 210: Parameters
EtherNet/IP 6.1 Functions/parameters/address space Supported CIP objects for EtherNet/IP The table below shows the CIP objects that the I/O device supports with EtherNet/IP. Supported CIP objects Remarks Identity object FW 1.1.x or higher Assembly object FW 1.1.x or higher Connection Manager object FW 1.1.x or higher TCP/IP Interface object FW 1.1.x or higher...
Page 211: Explanation Of The Parameters
EtherNet/IP 6.1 Functions/parameters/address space Parameters Value range Default Effective range with configuration soft ware, for example, MFCT Hardware interrupt on falling edge • Deactivated Deactivated Channel (Digital inputs) • Activated Configuration mode • Channel • Reaction to CPU STOP • Shutdown Shutdown Channel...
Page 212: Input Delay
EtherNet/IP 6.1 Functions/parameters/address space Input delay This parameter can be used to suppress signal interference. Changes to the signal are only detected if they are present consistently for longer than the set input delay time. For input channels with longer input delays, the read-in time is moved accordingly. This means individual channels can be assigned input delays, if necessary, without having a negative impact on the possible cycle time.
Page 213: Address Space
EtherNet/IP 6.1 Functions/parameters/address space 6.1.4 Update time of the I/O data You can estimate the typical update time for an I/O cycle as follows: RPI timer (settable from 2 to 20 ms ± 10 %) default 10 ms + I/O processing (typically 1.4 ms, ± 1 ms jitter due to free-running cycles) + EM conversion (dependent on cycle time and parameter assignment of the module) If necessary, you must take into account other influences caused by the EIP scanner and network components by adding them.
Page 214 EtherNet/IP 6.1 Functions/parameters/address space Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Description Byte ↓ IB x +4 Output data status (ODS) of submodule Assignment in the process image output (PIQ) QB x Output values at channels 0 ... 7 QB x +1 Output values at channels 8 ... 15 Value status (Quality Information, QI) The value status is always returned with the following configuration options: •...
Page 215 EtherNet/IP 6.1 Functions/parameters/address space Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Description Byte ↓ Assignment in the process image output (PIQ) QB x Output values at channels 0 ... 7 QB x +1 Output values at channels 8 ... 15 * 0 = Value read in at channel is incorrect Address space for configuration as 1 x 16-channel DIQ 16x24VDC MSI/MSO The 1st submodule (= basic submodule) behaves like a 1 x 16-channel DIQ 16x24VDC.
Page 216 * 0 = Value read in at channel is incorrect Reference You can find information about the Module Internal Shared Input/Shared Output (MSI/MSO) functionality in the MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856). I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 217 EtherNet/IP 6.1 Functions/parameters/address space Address space for configuration as 2 x 8-channel DIQ 16x24VDC S The table below shows the address space allocation with configuration as a 2 x 8-channel I/O device with digital inputs/digital outputs without value status. Table 2-53 Address space for configuration as 2 x 8-channel DIQ 16x24VDC S without value status Bit →...
Page 218: Diagnostics
EtherNet/IP 6.2 Diagnostics Diagnostics 6.2.1 Status and error displays for EtherNet/IP LED displays The figure below shows the LED displays (status and error displays) of the I/O device DIQ 16x24VDC/0.5A 8xM12. ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③...
Page 219 EtherNet/IP 6.2 Diagnostics Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on EtherNet/IP The LEDs display the status with the highest priority if there are different LED states due to overlaid events. (0 = off, 1 = green flashing, 2 = green, 3 = yellow, 4 = red flashing, 5 = red) The following table shows the meaning of the RN/NS, ER/MS LEDs and MT/IO LEDs for EtherNet/IP: Table 2-54 Error display of the LEDs...
Page 220 EtherNet/IP 6.2 Diagnostics LEDs Meaning Remedy Test of LEDs during startup: The three LEDs light up simultaneously for Flashes Flashes Flashes approximately 0.25 s in red. Then for approximately 0.25 s in green. Hardware or firmware defective. • You can read out the service data with MFCT.
Page 221 EtherNet/IP 6.2 Diagnostics Channel status/channel error LED Table 2-57 Status and error display of the channel status/channel error LED LEDs Meaning Channel status/channel error Process value = 0 Process value = 1 Channel diagnostics I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 222: Modbus Tcp
Modbus TCP Functions/parameters/address space 7.1.1 Supported Modbus TCP functions Supported functions The table below shows the functions that the I/O device supports with Modbus TCP. Supported functions RegLayoutVersion Remarks I/O communication with Modbus client V1.0 FW 1.1.x or higher Free user registers (e.g. for coordination of the redundancy) V1.0 FW 1.1.x or higher Device information...
Page 223: Parameters
Modbus TCP 7.1 Functions/parameters/address space 7.1.2 Parameters The table below shows the parameters for the I/O device DIQ 16x24VDC/0.5A 8xM12. Table 2-58 Configurable parameters and their defaults (GSD file) Parameters Value range Default Effective range with configuration soft ware, for example, MFCT Diagnostics: Low voltage 1L+ •...
Page 224 Modbus TCP 7.1 Functions/parameters/address space Diagnostics: Short-circuit Enable diagnostics: • for short-circuit of the encoder supply to ground. • for short-circuit of the output to ground. • for short-circuit of the output to 1L+ or 2L+. Diagnostics: Wire break detection and alarm Activates wire break detection and enabling of diagnostics for the digital input in case of an interruption of the cable between the encoder and I/O device.
Page 225: Update Time Of The I/O Data
Modbus TCP 7.1 Functions/parameters/address space Configuration mode Specifies whether the channel operates as digital input (DI) or digital output (DQ). Reaction to CPU STOP With this parameter, you set the reaction of the digital outputs of the I/O device after a CPU STOP: •...
Page 226: Address Space
Modbus TCP 7.1 Functions/parameters/address space 7.1.5 Address space The DIQ 16x24VDC/0.5A 8xM12 I/O device can be configured differently; see the following table. Depending on the configuration, additional/different addresses are assigned in the process images. Configuration options of the DIQ 16x24VDC/0.5A 8xM12 I/O device When the I/O device is configured using a GSD file, the configurations are available under different short designations/device names in the device view of MFCT.
Page 227 Modbus TCP 7.1 Functions/parameters/address space Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Description Byte ↓ Assignment in the process image output (PIQ) QB x Output values at channels 0 ... 7 QB x +1 Output values at channels 8 ... 15 Value status (Quality Information, QI) The value status is always returned with the following configuration options: •...
Page 228 Modbus TCP 7.1 Functions/parameters/address space Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Description Byte ↓ Assignment in the process image output (PIQ) QB x Output values at channels 0 ... 7 QB x +1 Output values at channels 8 ... 15 * 0 = Value read in at channel is incorrect Address space for configuration as 1 x 16-channel DIQ 16x24VDC MSI/MSO The 1st submodule (= basic submodule) behaves like a 1 x 16-channel DIQ 16x24VDC.
Page 229 * 0 = Value read in at channel is incorrect Reference You can find information about the Module Internal Shared Input/Shared Output (MSI/MSO) functionality in the MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual SIMATIC PROFINET with STEP 7 (https://support.industry.siemens.com/cs/ww/en/view/49948856). I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 230 Modbus TCP 7.1 Functions/parameters/address space Address space for configuration as 2 x 8-channel DIQ 16x24VDC S The table below shows the address space allocation with configuration as a 2 x 8-channel I/O device with digital inputs/digital outputs without value status. Table 2-63 Address space for configuration as 2 x 8-channel DIQ 16x24VDC S without value status Bit →...
Page 231: Diagnostics
Modbus TCP 7.2 Diagnostics Diagnostics 7.2.1 Status and error displays for Modbus TCP LED displays ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③ PWR: Power LED for load voltage 2L+ ④ MT/IO: MAINT/IO status LED ⑤...
Page 232 Modbus TCP 7.2 Diagnostics Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on modbus TCP The LEDs display the status with the highest priority if there are different LED states due to overlaid events. (0 = off, 1 = green flashing, 2 = green, 3 = yellow, 4 = red flashing, 5 = red) The following table shows the meaning of the RN/NS, ER/MS LEDs and MT/IO LEDs for Modbus TCP: Table 2-64 Error display of the LEDs...
Page 233 Modbus TCP 7.2 Diagnostics PWR LED Table 2-65 Status display of the PWR LED PWR LED Meaning Load voltage 2L+ is missing or too low Load voltage 2L+ present P1 LK and P2 LK LEDs Table 2-66 Error display of the P1 LK and P2 LK LEDs LEDs Meaning Remedy...
Page 234: Technical Specifications
Technical specifications Technical specifications of the I/O device DIQ 16x24VDC/0.5A 8xM12 The following table shows the technical specifications as of the issue date. You can find a data sheet including daily updated technical specifications on the Internet (https://support.industry.siemens.com/cs/de/en/pv/6ES7143-7BH00-0BB0/td?dl=en). Article number 6ES7143-7BH00-0BB0 General information ...
Page 235 Technical specifications Article number 6ES7143-7BH00-0BB0 Load voltage 1L+ • Rated value (DC) 24 V permissible range, lower limit (DC) 20.4 V • • permissible range, upper limit (DC) 28.8 V • Reverse polarity protection Yes; Against destruction; encoder power supply outputs applied with reversed polarity, loads pick Load voltage 2L+ ...
Page 236 Technical specifications Article number 6ES7143-7BH00-0BB0 Number of simultaneously controllable inputs all mounting positions – up to 55 °C, max. Input voltage • Rated value (DC) 24 V • for signal "0" -3 to +5V • for signal "1" +11 to +30V Input current ...
Page 237 Technical specifications Article number 6ES7143-7BH00-0BB0 Output delay with resistive load • "0" to "1", max. 100 µs; at rated load "1" to "0", max. 1L+: 100 µs / 2L+: 3 ms; at rated load • Parallel switching of two outputs ...
Page 238 Technical specifications Article number 6ES7143-7BH00-0BB0 Protocols Supports protocol for PROFINET IO PROFIsafe EtherNet/IP Modbus TCP PROFINET IO Device Services – Yes; 250 µs to 4 ms in 125 µs frame – Prioritized startup – Shared device Number of IO Controllers with shared –...
Page 239 Technical specifications Article number 6ES7143-7BH00-0BB0 Modbus TCP Services – read coils (code=1) read discrete inputs (code=2) – – Read Holding Registers (Code=3) – write single coil (code=5) – write multiple coils (code=15) – Write Multiple Registers (Code=16) Parameter change by master –...
Page 240 SIL acc. to IEC 62061 SIL 2 • • remark on safety-oriented shutdown https://sup port.industry.siemens.com/cs/de/en/view/39198 product functions / security / header signed firmware update safely removing data I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 241 Technical specifications Article number 6ES7143-7BH00-0BB0 Ambient conditions Ambient temperature during operation • min. -30 °C max. 55 °C • Altitude during operation relating to sea level • Ambient air temperature-barometric pres Up to max. 5 000 m, at installation height > 2 sure-altitude 000 m additional restrictions connection method...
Page 242: Dimension Drawing
Dimension drawing Dimension drawing The figure below shows the dimension drawing of the I/O device digital inputs/outputs DIQ 16x24VDC0.5A 8xM12 in the front and side views. Figure 2-18 Dimension drawing I/O device digital inputs/outputs DIQ 16x24VDC/0.5A 8xM12 (6ES7143-7BH00-0BB0) Equipment Manual, 02/2025, A5E53132194-AA...
Page 243: Parameter Data Record
Parameter data record 10.1 Dependencies for the configuration The parameter settings are dependent on each other when configuring the I/O device. These dependencies must be considered when configuring with the latest HSP in STEP 7 TIA. When configuring with the GSD file or with data record 128, these dependencies must be observed. Dependencies of the parameter settings This table lists the parameters and their dependencies.
Page 244: Structure Of Data Record 128 For I/O Device Parameter Assignment
Parameter data record 10.2 Structure of data record 128 for I/O device parameter assignment 10.2 Structure of data record 128 for I/O device parameter assignment With data record 128, you can reconfigure the I/O device in your user program, regardless of your programming.
Page 245 Parameter data record 10.2 Structure of data record 128 for I/O device parameter assignment Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Byte ↓ Device parameter block Reserved 5...6 Channel header information Number of channel parameter blocks Parameter assignment as a 1 x 16-channel I/O device = 16 (0001 0000...
Page 246 Parameter data record 10.2 Structure of data record 128 for I/O device parameter assignment Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Byte ↓ 40…42 Channel 11 channel parameter block 43…45 Channel 12 channel parameter block 46…48 Channel 13 channel parameter block...
Page 247: Error Transferring The Data Record
Parameter data record 10.3 Error transferring the data record The following table shows the structure of data record 128 with configuration as 2 x 8-channel I/O device for channels 4 ... 7, 12 ... 15. The assignment of the header information and channel parameters are identical to the parameter assignments of a 1 x 16-channel I/O device.
Page 248 Parameter data record 10.3 Error transferring the data record Table 2-72 Error codes Error code in STATUS parameter Meaning Solution DS128 (hexadecimal) Byte 0 Byte 1 Byte 2 Byte 3 Number of the data record unknown. Enter a valid number for the data ✓...
Page 249 Introduction Industrial cybersecurity SIMATIC Product overview ET 200clean CM 8x IO-Link + DIQ 4x24VDC Wiring 8xM12 (6ES7148-7JH00-0BB0) Communications module PROFINET IO Equipment Manual EtherNet/IP Modbus TCP Technical specifications Dimension drawing Parameter data record 02/2025 A5E53131660-AA...
Page 251 Table of contents Introduction............................Guide ET 200clean......................1.1.1 ET200clean information classes..................1.1.1.1 ET 200clean Documentation guide..................1.1.2 Basic tools........................1.1.3 MultiFieldbus Configuration Tool (MFCT)................1.1.4 SIMATIC Technical Documentation..................10 Industrial cybersecurity........................12 Introduction to industrial cybersecurity................12 Cybersecurity information....................12 Cybersecurity-relevant information...................
Page 252 Table of contents EtherNet/IP............................48 Functions/parameters/address space................. 48 6.1.1 Supported EtherNet/IP functions..................6.1.2 Parameters........................49 6.1.3 Explanation of the parameters..................51 6.1.4 Update time of the I/O data....................54 6.1.5 Example address space..................... 54 Diagnostics........................56 6.2.1 Status and fault displays....................56 Modbus TCP............................
Page 253: Introduction
Introduction Purpose of the documentation This Equipment Manual supplements the ET 200clean Distributed I/O System (https://support.industry.siemens.com/cs/ww/en/view/109822889) System Manual. Functions that relate in general to the distributed I/O devices ET 200clean are described in this System Manual. The MultiFieldbus (https://support.industry.siemens.com/cs/ww/en/view/109773209) Function Manual describes general MultiFieldbus functions. This equipment manual describes the specific adaptations for this I/O device.
Page 254: Guide Et 200Clean
This arrangement enables you to access the specific content you require. You can download the documentation free of charge from the Internet (https://support.industry.siemens.com/cs/us/en/view/109742718). Basic information The System Manual describes in detail the configuration, installation, wiring and commissioning of the SIMATIC ET 200clean distributed I/O system The STEP 7 online help supports you in the configuration and programming.
Page 255: Basic Tools
With the TIA Selection Tool , you can generate a complete order list from your product selection or product configuration. You can find the TIA Selection Tool on the Internet. (https://support.industry.siemens.com/cs/ww/en/view/109767888) SIMATIC Automation Tool You can use the SIMATIC Automation Tool to perform commissioning and maintenance activities on various SIMATIC S7 stations as bulk operations independent of TIA Portal.
Page 256 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 257: Multifieldbus Configuration Tool (Mfct)
MultiFieldbus- and DALI-devices. In addition, the MFCT offers convenient options for mass firmware updates of ET 200 devices with MultiFieldbus- support and reading service data for many other Siemens devices. Functional scope of the MFCT • MultiFieldbus configuration:...
Page 258: Simatic Technical Documentation
Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 259: Application Examples
Manuals, characteristics, operating manuals, certificates • Product master data You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 260: Industrial Cybersecurity
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 261: Cybersecurity-Relevant Information
Corrective measures for known risks Corrective measures for known risks are announced on the Siemens ProductCERT and Siemens CERT (https://siemens.com/productcert) web page. You can find more information on SIEMENS ProductCERT in the System Manual (https://support.industry.siemens. com/cs/ww/en/view/109822889). Security checks You can find descriptions of specific security measures, such...
Page 262 Industrial cybersecurity 2.3 Cybersecurity-relevant information See also PROFINET Function Manual (https://support.industry.siemens.com/cs/us/en/view/49948856) CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 263: Product Overview
Product overview Properties Article number 6ES7148-7JH00-0BB0 View of the I/O device Figure 2-19 View of the I/O device CM 8x IO-Link + DIQ 4x24VDC 8xM12 CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 264 Product overview 3.1 Properties Properties The I/O device has the following technical properties: • Using the MultiFieldbus function, it connects the ET 200clean distributed I/O system with one of the following bus protocols: – PROFINET IO – EtherNet/IP – Modbus TCP • IO-Link master according to IO-Link specification V1.1 •...
Page 265 • Hygienic fixing screw M5 • hygienic cables See also You can find more information on accessories in the ET 200clean Distributed I/O System (https://support.industry.siemens.com/cs/ww/en/view/109822889) System Manual. See also Function Manual IO-Link System (https://support.industry.siemens.com/cs/en/en/view/65949252). CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module...
Page 266: Operator Controls And Display Elements
Product overview 3.2 Operator controls and display elements Operator controls and display elements The following figure shows the operator controls and display elements of the CM 8x IO-Link + DIQ 4x24VDC 8xM12 communications module. ① MF (LAN): Sockets for connecting the ⑧...
Page 267: Functions
Product overview 3.3 Functions Functions IO-Link is a point-to-point connection between an IO-Link master and an IO-Link device. On the IO-Link master, you can use IO-Link devices as well as conventional sensors/actuators with unshielded standard cables using proven 3-wire technology. IO-Link is downward-compatible to conventional digital sensors and actuators.
Page 268: Reset Communication Module To Factory Settings
• Non-volatile memory is reset (content of the IO-Link data memory is lost) PROFINET factory reset You can find additional information on the PROFINET factory reset in the ET 200Clean Distrib uted I/O System (http://support.automation.siemens.com/WW/view/en/109774008) system manual. CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module...
Page 269 3.4 Reset communication module to factory settings MFCT Factory Reset You can find additional information on MFCT factory reset in the ET 200Clean Distributed I/O System (http://support.automation.siemens.com/WW/view/en/109774008) system manual. CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 270: Wiring
Wiring CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 271: Terminal And Block Diagram
Wiring 4.1 Terminal and block diagram Terminal and block diagram The figure below shows an example of the connections and components of the I/O device. ① Bus interface with integrated 2-port Supply voltage 1L+ (non-switched) switch ② Monitoring Ground 1M (non-switched) ③...
Page 272 Wiring 4.1 Terminal and block diagram ① Class A, C/Q - DQ, DIQ - DQ Load voltage 2L+ (switched) ② Class A, 1U , DIQ - DI, C/Q - IO-Link IO-Link port n ③ Class A, 1U , DIQ - DI, C/Q - DI Input signal / output signal ④...
Page 273: Pin Assignment
Wiring 4.2 Pin assignment Pin assignment Terminal assignment PROFINET connector The following table shows the pin assignment of the MultiFieldbus connector. Table 2-73 Pin assignment of the MultiFieldbus connector, port 1 and 2 Assignment of the core Assignment Front view of the connectors color of the PROFINET cable Assignment X1 P1 R...
Page 274 Safety-related shutdown If you use the digital outputs for safety-related shutting down, follow the information in the System Manual in the "Safety-related shutdown" section. See also: ET 200clean System Manual (https://support.industry.siemens.com/cs/en/en/view/65949252) NOTE Reverse polarity protection To ensure reverse polarity protection, use the ground 1M supplied by the I/O device on pin 3 of the corresponding socket.
Page 275 3-wire connection cable (Port Class A Compatibility). More information about IO-Link can be found in the IO-Link System (https://support.industry.siemens.com/cs/en/en/view/65949252) function manual. Pin assignment of the connector for infeed of the supply voltage (M12 L-coded) The table below shows the pin assignment of the M12 L-coded connector for infeed of the supply voltage.
Page 276: Profinet Io
PROFINET IO Parameters/address space 5.1.1 Parameters Parameters The following table shows the parameters that you can set for each port (each submodule) of the IO-Link master CM 8x IO-Link + DIQ 4x24VDC 8xM12. Table 2-77 Diagnostics and port parameter IO-Link port Parameters Value range Default...
Page 277: Explanation Of The Parameters
PROFINET IO 5.1 Parameters/address space Table 2-78 Configurable parameters digital input and outputs and their defaults (GSD file) Parameters Value range Default Effective range with configuration soft ware, for example, MFCT Diagnostics: Low voltage 1L+ • Disabled Disabled Channel • Enabled Diagnostics: Short-circuit •...
Page 278: Input Delay
PROFINET IO 5.1 Parameters/address space Hardware interrupt (device notification) Enable of the hardware interrupt for the selected IO-Link port. The possible hardware interrupts are dependent on the IO-Link device used. More information on the hardware interrupts can be found in the description of the IO-Link device used.
Page 279: Operating Mode
PROFINET IO 5.1 Parameters/address space Hardware interrupt on falling edge (only for DIQ) Specifies whether a hardware interrupt is generated for a falling edge on the channel. Configuration mode (only for DIQ) Specifies whether the channel operates as digital input (DI) or digital output (DQ). Reaction to CPU STOP (only for DIQ) With this parameter, you set the reaction of the digital outputs of the I/O device after a CPU STOP:...
Page 280 • ET 200AL DIQ 4+DQ 4x 24 V DC/0.5 A (6ES7143-5BF00-0BL0) See also You can find out more about the vendor ID and the device ID of an IO-Link device on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109748852). CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 281: Address Space
PROFINET IO 5.1 Parameters/address space 5.1.3 Address space Introduction The IO-Link master CM 8x IO-Link + DIQ 4x24VDC 8xM12 has eight ports. Each port is represented by a submodule. IO-Link master and DIQ slot have their own process data areas: •...
Page 282 PROFINET IO 5.1 Parameters/address space Port Qualifier Information (PQI) NOTE Port Qualifier Information (PQI) The Port Qualifier Information (PQI) with the size 1 byte is always transmitted together with the input data of the IO-Link device. The PQI cannot be deactivated. Description Value Meaning...
Page 283 PROFINET IO 5.1 Parameters/address space Address space for configuration as 1 x 4-channel DIQ 4x24VDC The following figure shows the address space allocation with configuration as 4-channel I/O device with digital inputs/digital outputs without value status. The addresses of the channels are derived from the start address.
Page 284 PROFINET IO 5.1 Parameters/address space Address space for configuration as 1 x 4-channel DIQ 4x24VDC MSI/MSO The 1st submodule (= basic submodule) behaves like a 1 x 4-channel DIQ 4x24VDC. The value status (Quality Information, QI) is always activated for the submodule. Diagnostics and hardware interrupts are signaled for this submodule.
Page 285 (QI) Value status, outputs: Channels 0 to 3 (value status QI0 to QI3) 0 = Value read in at the channel is incorrect Reference For more information, please refer to the IO-Link system (http://support.automation.siemens.com/WW/view/en/65949252) function manual. CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 286: Interrupts/Diagnostics Alarms
PROFINET IO 5.2 Interrupts/diagnostics alarms Interrupts/diagnostics alarms 5.2.1 Status and error displays LED displays The following figure shows the LED display of the CM 8x IO-Link + DIQ 4x24VDC 8xM12 communications module. ① P1 LK: LINK port status LED ② P2 LK: LINK port status LED ③...
Page 287 PROFINET IO 5.2 Interrupts/diagnostics alarms Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) Table 2-82 Error display of the LED Meaning Remedy RN/NS ERR/MS MT/IO (yel (green) (red) low) No or insufficient supply Check the supply voltage. voltage Test of LEDs during startup: On (green)
Page 288 PROFINET IO 5.2 Interrupts/diagnostics alarms LEDs P1 LK and P2 LK The following table describes the behavior of LEDs that indicate the connection status with a PROFINET IO controller or a PROFINET switch. Table 2-83 Status displays of the LEDs P1 LK and P2 LK LEDs Meaning Remedy...
Page 289: Interrupts
PROFINET IO 5.2 Interrupts/diagnostics alarms Channel status/channel error LEDs IO-Link LEDs Meaning Channel status/error Input or output value is 0 or port is disabled. IO-Link communication established, active device or channel fault. On (red) At startup or permanently, if no functional IO-Link device was found. Flashes •...
Page 290: Alarms
PROFINET IO 5.2 Interrupts/diagnostics alarms Maintenance interrupt The I/O device generates a maintenance interrupt on the following event: • Low voltage 1L+ Hardware interrupt If the fault-free signal (value status/QI = 1) is pending at the channel, meaning no diagnostic error interrupt, the I/O device generates a hardware interrupt for the following events: •...
Page 291: Diagnostics Alarms
PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.3.1 Diagnostics alarms IO-Link master error types All IO-Link events of the type Error generated by the IO-Link device or port are mapped to the PROFINET diagnostic message of the type (severity) "Diagnosis" of the assigned submodule. IO-Link device diagnostics The IO-Link master generates PROFINET channel diagnostics (CET, ECET) from the IO-Link events of an IO-Link device according to the following mapping regulations:...
Page 292 PROFINET IO 5.2 Interrupts/diagnostics alarms Error type Extended error Error text Meaning (CET) type (ECET) 0x9502 0x1803 Wrong device DeviceID Check device (38136 (6147 0x1804 Short-circuit to C/Q Check port connection (6148 0x1805 IO-Link PHY overtem (6149 perature 0x1806 Short-circuit to L+ Check port connection (6150 0x1808...
Page 293: Maintenance Events
Replace the defective Short-circuit to ground. encoder/actuator. See also Diagnostics function manual (https://support.industry.siemens.com/cs/ww/en/view/59192926) 5.2.3.2 Maintenance events Maintenance event for IO-Link master All IO-Link events of the type Warning generated by the IO-Link device or port are mapped to the PROFINET diagnostic message of the type "Maintenance" of the assigned submodule. The aim is the early detection and elimination of potential faults.
Page 294 PROFINET IO 5.2 Interrupts/diagnostics alarms Maintenance event for DIQ and for IO-Link master The MultiFieldbus interfaces of the ET 200eco PN M12-L support the diagnostics concept and maintenance concept in PROFINET according to the IEC 61158-6-10 standard. The goal is to detect and remove potential problems as early as possible.
Page 295: Process Alarm Events
PROFINET IO 5.2 Interrupts/diagnostics alarms 5.2.3.3 Process alarm events Hardware interrupt events for IO-Link master All IO-Link events (event codes) of the Notification type that are generated by the IO-Link device are mapped to the PROFINET hardware interrupt of the assigned submodule. The additional alarm information read out using RALRM contains the relevant IO-Link event code.
Page 296: Ethernet/Ip
EtherNet/IP Functions/parameters/address space 6.1.1 Supported EtherNet/IP functions Supported functions The table below shows the functions that the I/O device supports with EtherNet/IP. Supported functions Remarks I/O communication with scanner FW 1.1.x or higher Parameter assignment FW 1.1.x or higher Reading diagnostics FW 1.1.x or higher Normative CIP objects FW 1.1.x or higher...
Page 297: Parameters
EtherNet/IP 6.1 Functions/parameters/address space Supported CIP objects for EtherNet/IP The I/O device for EtherNet/IP supports the following CIP objects: • Identity object • Assembly object • Connection Manager object • TCP/IP Interface object • EtherNet Link object • LLDP Management object •...
Page 298 EtherNet/IP 6.1 Functions/parameters/address space Parameters Value range Default Effective range with con figuration software, for example, MFCT DeviceID* Device ID of the connected Channel IO-Link device Inspection Level/Data Storage* • Same type (V1.0) Type-compatible (V1.1) Channel without Backup&Restore with Backup&Restore •...
Page 299: Explanation Of The Parameters
EtherNet/IP 6.1 Functions/parameters/address space 6.1.3 Explanation of the parameters Diagnostics: Low voltage 1L+ Enabling of the diagnostics for insufficient supply voltage 1L+. Diagnostics: Missing 2L+ The diagnostic message is enabled for missing or insufficient load voltage 2L+. Diagnostics port This parameter enables the diagnostics for the selected IO-Link port. In the diagnostics A distinction is made between error and maintenance interrupts.
Page 300: Input Delay
EtherNet/IP 6.1 Functions/parameters/address space Diagnostics: Wire break detection and alarm Activates wire break detection and enabling of diagnostics for the digital input. In the event of an interruption of the cable between the encoder and I/O device, a diagnostic message is generated.
Page 301: Operating Mode
EtherNet/IP 6.1 Functions/parameters/address space Port configuration without S7-PCT This parameter releases the port configuration without S7-PCT for the module. NOTE Changes to the port configuration If you have assigned the IO-Link device parameters via port configuration without S7-PCT, or have configured the port as a digital input, digital output or deactivated, you can no longer change the port configuration via S7-PCT.
Page 302: Update Time Of The I/O Data
X14 - X17 See also You can find out more about the vendor ID and the device ID of an IO-Link device on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109748852). 6.1.4 Update time of the I/O data You can estimate the typical update time for an I/O cycle as follows: ...
Page 303: Input Range
The following table shows the input range for the example configuration: Slot Subslot DataItem Description SIMATIC ET 200clean, CM 8x IO-Link + DIQ 4x 24VDC, 8x M12 / Input data status IO-Link master proxy / input data status Input_data_1_Byte IO-Link 1 I/ 1 O + PQI...
Page 304: Diagnostics
EtherNet/IP 6.2 Diagnostics Diagnostics 6.2.1 Status and fault displays LED displays The figure below shows the LED displays (status and error displays) of the I/O device CM 8x IO-Link + DIQ 4x24VDC 8xM12. ① P1 LK: LINK port status LED ②...
Page 305 EtherNet/IP 6.2 Diagnostics Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) on EtherNet/IP The LEDs display the status with the highest priority if there are different LED states due to overlaid events. (0 = off, 1 = green flashing, 2 = green, 3 = yellow, 4 = red flashing, 5 = red) The following table shows the meaning of the RN/NS, ER/MS LEDs and MT/IO LEDs for EtherNet/IP: Table 2-91 Error display of the LEDs...
Page 306 EtherNet/IP 6.2 Diagnostics LEDs Meaning Solution Test of LEDs during startup: The three LEDs light up simultaneously for Flash Flash Flash approximately 0.25 s in red. Then for approximately 0.25 s in green. Hardware or firmware defective. • You can read out the service data with STEP 7 V5.6.
Page 307: Modbus Tcp
Modbus TCP Functions/parameters/address space 7.1.1 Supported Modbus TCP functions Supported functions The table below shows the functions that the I/O device supports with Modbus TCP. Supported functions RegLayoutVersion Remarks I/O communication with Modbus client V1.0 FW 1.1.x or higher Free user registers (e.g. for coordination of the redundancy) V1.0 FW 1.1.x or higher Device information...
Page 308: Parameters
Modbus TCP 7.1 Functions/parameters/address space 7.1.2 Parameters Parameters The following table shows the parameters that you can set for each port (each submodule) of the IO-Link master CM 8x IO-Link + DIQ 4x24VDC 8xM12. Table 2-93 Diagnostics and port parameter IO-Link port Parameters Value range Default...
Page 309: Explanation Of The Parameters
Modbus TCP 7.1 Functions/parameters/address space Parameters Value range Default Effective range with configuration soft ware, for example, MFCT Diagnostics: Wire break detection and • Disabled Disabled Channel alarm (Digital inputs) • Enabled Input delay • 0.05 ms 3.2 ms Channel (Digital inputs) •...
Page 310 Modbus TCP 7.1 Functions/parameters/address space Hardware interrupt (device notification) Enable of the hardware interrupt for the selected IO-Link port. The possible hardware interrupts are dependent on the IO-Link device used. More information on the hardware interrupts can be found in the description of the IO-Link device used.
Page 311 Modbus TCP 7.1 Functions/parameters/address space Hardware interrupt on falling edge (only for DIQ) Specifies whether a hardware interrupt is generated for a falling edge on the channel. Configuration mode (only for DIQ) Specifies whether the channel operates as digital input (DI) or digital output (DQ). Reaction to CPU STOP (only for DIQ) With this parameter, you set the reaction of the digital outputs of the I/O device after a CPU STOP:...
Page 312: Update Time Of The I/O Data
X14 - X17 See also You can find out more about the vendor ID and the device ID of an IO-Link device on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109748852). 7.1.4 Update time of the I/O data You can estimate the typical update time for an I/O cycle as follows: ...
Page 313: Example Address Space
The following table shows the input range for the example configuration: Slot Subslot DataItem Description SIMATIC ET 200clean, CM 8x IO-Link + DIQ 4x 24VDC, 8x M12 / Input data status IO-Link master proxy / input data status Input_data_1_Byte IO-Link 1 I/ 1 O + PQI...
Page 314 Modbus TCP 7.1 Functions/parameters/address space Output range The following table shows the output range for the example configuration: Slot Subslot DataItem Description Output_data_1_Byte IO-Link 1 I/ 1 O + PQI Output_data_1_Byte IO-Link 1 I/ 1 O + PQI Outputs DIQ 4x24VDC See also You can find more information in the MultiFieldbus function manual.
Page 315: Diagnostics
Modbus TCP 7.2 Diagnostics Diagnostics 7.2.1 Status and fault displays LED displays The figure below shows the LED displays (status and error displays) of the I/O device CM 8x IO-Link + DIQ 8x24VDC M12-L ① P1 LK: LINK port status LED ②...
Page 316 Modbus TCP 7.2 Diagnostics Behavior of the LEDs RN/NS (RUN/network status), ER/MS (ERROR/module status) and MT/IO (MAINT/IO status) The LEDs display the status with the highest priority if there are different LED states due to overlaid events. (0 = off, 1 = green flashing, 2 = green, 3 = yellow, 4 = red flashing, 5 = red) The following table shows the meaning of the RN/NS, ER/MS and MT/IO LEDs: Table 2-95 Error display of the LEDs LEDs...
Page 317 Modbus TCP 7.2 Diagnostics P1 LK and P2 LK LEDs Table 2-96 Error display of the P1 LK and P2 LK LEDs LEDs Meaning Solution P1 LK P2 LK There is no Ethernet connection between Check whether the bus cable to the the communications interface of your IO switch/communication partner is interrup...
Page 318: Technical Specifications
Technical specifications of the CM 8x IO-Link + DIQ 4x24VDC 8xM12 communications module The following table shows the technical specifications as of the issue date. You can find a data sheet including daily updated technical specifications on the Internet (https://support.industry.siemens.com/cs/de/en/pv/6ES7148-7JH00-0BB0/td?dl=de). Article number 6ES7148-7JH00-0BB0 General information ...
Page 319 Technical specifications Article number 6ES7148-7JH00-0BB0 Load voltage 1L+ • Rated value (DC) 24 V permissible range, lower limit (DC) 20.4 V • • permissible range, upper limit (DC) 28.8 V • Reverse polarity protection Yes; against destruction Load voltage 2L+ • Rated value (DC) 24 V •...
Page 320 Technical specifications Article number 6ES7148-7JH00-0BB0 Number of simultaneously controllable inputs all mounting positions – up to 55 °C, max. Input voltage • Rated value (DC) 24 V • for signal "0" -3 to +5V • for signal "1" +11 to +30V Input current ...
Page 321 Technical specifications Article number 6ES7148-7JH00-0BB0 Parallel switching of two outputs • for uprating for redundant control of a load • Switching frequency • with resistive load, max. 100 Hz • with inductive load, max. 0.5 Hz • on lamp load, max. 1 Hz Total current of the outputs ...
Page 322 Technical specifications Article number 6ES7148-7JH00-0BB0 Interfaces Number of PROFINET interfaces 1. Interface Interface type PROFINET with 100 Mbit/s full duplex (100BASE-TX) Interface types • M12 port Yes; 2x M12, 4-pin, D-coded Number of ports • • integrated switch Protocols ...
Page 323 Technical specifications Article number 6ES7148-7JH00-0BB0 EtherNet/IP Services – CIP Implicit Messaging CIP Explicit Messaging – – CIP Safety – Shared device Yes; 2x EtherNet/IP Scanner – Number of scanners with shared device, max. Updating times – Requested Packet Interval (RPI) 2 ms Redundancy mode ...
Page 324 Technical specifications Article number 6ES7148-7JH00-0BB0 Alarms • Diagnostic alarm Yes; Parameterizable Maintenance interrupt Yes; Parameterizable • • Hardware interrupt Yes; Parameterizable Diagnoses • Diagnostic information readable • Monitoring the supply voltage – parameterizable Wire-break Yes; DI, input current < 0.3 mA, per channel •...
Page 325 Category according to ISO 13849-1 Cat. 3 SIL acc. to IEC 62061 SIL 2 • • remark on safety-oriented shutdown https://sup port.industry.siemens.com/cs/de/en/view/39198 product functions / security / header signed firmware update safely removing data Ambient conditions Ambient temperature during operation ...
Page 326 Figure 2-30 Total current of outputs 1L+ and 2L+ for IO-Link master CM 8x IO-Link + DIQ 4x24VDC M12 NOTE You can find additional information in the system manual ET 200clean Distributed I/O System (http://support.automation.siemens.com/WW/view/en/109774008). CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 327: Dimension Drawing
Dimension drawing The following figure shows the dimension drawing of the CM 8x IO-Link + DIQ 4x24VDC 8xM12 communications module in front and side view. Figure 2-31 Dimension drawing CM 8x IO-Link + DIQ 4x24VDC 8xM12 (6ES7148-7JH00-0BB0) Communications module Equipment Manual, 02/2025, A5E53131660-AA...
Page 328: Parameter Data Record
Parameter data record 10.1 Dependencies for the configuration The parameter settings are dependent on each other when configuring the I/O device. These dependencies must be considered when configuring with the latest HSP in STEP 7 TIA. When configuring with the GSD file or with data record 128, these dependencies must be observed. Dependencies of the parameter settings This table lists the parameters and their dependencies.
Page 329: Structure Of Data Record 128 For I/O Device Parameter Assignment (Diq)
Parameter data record 10.2 Structure of data record 128 for I/O device parameter assignment (DIQ) 10.2 Structure of data record 128 for I/O device parameter assignment (DIQ) With data record 128, you can reconfigure the I/O device in your user program, regardless of your programming.
Page 330 Parameter data record 10.2 Structure of data record 128 for I/O device parameter assignment (DIQ) Structure of data record 128 as a 1 x 4-channel I/O device The following table shows the structure of data record 128 and its parameters with configuration as a 1 x 4-channel I/O device. The channel parameter blocks are identical and are shown based on the example of Channel 0.
Page 331: Error Transferring The Data Record
Parameter data record 10.3 Error transferring the data record Bit → Bit 7 Bit 6 Bit 5 Bit 4 Bit 3 Bit 2 Bit 1 Bit 0 Byte ↓ 10…12 Channel 1 channel parameter block 13…15 Channel 2 channel parameter block 16…18 Channel 3 channel parameter block Reserved bits must be set to 0 Valid with channel mode DI...
Page 332 Parameter data record 10.3 Error transferring the data record Error code in STATUS parameter Meaning Solution DS128 (hexadecimal) Byte 0 Byte 1 Byte 2 Byte 3 Invalid coding for substitute value Check the parameters of the I/O ✓ behavior. device. Invalid coding for replacement filter Check the parameters of the I/O ✓...
Page 333: Product Information
Figure 1 Y-cable NOTE The cable does not fulfil the requirements according to NEMA 250 Type 4X. Y-connector (6ES7194-1KA01-0XA0) The following figure shows the structure of the Y-connector. Figure 2 Y-connector © Siemens AG 2015 - 2018. All rights reserved A5E02512963-AC, 10/2018...
Page 334: Dimension Drawings
Wiring The following figure shows the wiring of the Y-cable and the Y-connector. Figure 3 Wiring of the Y-cable or the Y-connector Dimension drawings The dimension drawings of the Y-cable and the Y-connector are provided below. You must take the dimensions into consideration for installation of your distributed I/O system in cabinets, control rooms, etc.
Page 335 Introduction Safety instructions Overview of system SIMATIC diagnostics S7-1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro, ET 200eco PN Quick start Diagnostics Configuring and determining system diagnostics Function Manual System diagnostics by means of the user program Alarms Diagnostics of the S7-1500R/H redundant system 11/2024 A5E03735838-AJ...
Page 337 Table of contents Introduction............................Function Manuals documentation guide................1.1.1 Information classes Function Manuals................1.1.2 Basic tools........................1.1.3 SIMATIC Technical Documentation..................12 Safety instructions..........................15 Cybersecurity information....................15 Overview of system diagnostics......................16 Properties of system diagnostics..................16 Benefits of innovative system diagnostics................18 Quick start............................
Page 338 Table of contents System diagnostics by means of the user program................68 Options of system diagnostics in the user program............68 System diagnostics using process image inputs..............70 Alarms..............................73 Creating alarms with the "Program_Alarm" instruction............74 Editing alarms in the alarm editor..................76 Display of program alarms....................
Page 339: Introduction
Introduction Purpose of the documentation This Function Manual provides an overview of the diagnostics options for the SIMATIC S7‑1500 automation system, for 1513pro-2 PN and 1516pro‑2 PN CPUs based on SIMATIC S7‑1500, and for the SIMATIC ET 200MP, ET 200SP, ET 200AL and ET 200eco PN distributed I/O systems. The documentation covers the following: •...
Page 340 Functions with which you are familiar from Redundant System S7-1500R/H tents expanded to include the the SIMATIC S7‑1500 automation system System Manual S7‑1500R/H redundant sys are implemented for the S7‑1500R/H (https://support.industry. siemens. redundant system. com/cs/ww/en/view/109754833) Diagnostics Function Manual, 11/2024, A5E03735838-AJ...
Page 341 (Page 44), – Know-how protection or copy pro Web server tection of the PLC program (http://support.automation. – Program/communication load and siemens. cycle time com/WW/view/en/59193560) – Collective signatures, cycle times, function manual, and runtimes of the F‑runtime Using the trace and logic analyz...
Page 342: Function Manuals Documentation Guide
Industry Mall The Industry Mall is the catalog and order system of Siemens AG for automation and drive solutions on the basis of Totally Integrated Automation (TIA) and Totally Integrated Power (TIP).
Page 343: Device Information
Product Information takes precedence over the device and system manuals. You will find the latest Product Information on the Internet: • S7-1500/ET 200MP (https://support.industry.siemens.com/cs/de/en/view/68052815) • SIMATIC Drive Controller (https://support.industry.siemens.com/cs/de/en/view/109772684/en) • Motion Control (https://support.industry.siemens.com/cs/de/en/view/109794046/en) • ET 200SP (https://support.industry.siemens.com/cs/de/en/view/73021864) • ET 200eco PN (https://support.industry.siemens.com/cs/ww/en/view/109765611) Diagnostics Function Manual, 11/2024, A5E03735838-AJ...
Page 344: Basic Tools
You will find the Manual Collections on the Internet: • S7-1500/ET 200MP/SIMATIC Drive Controller (https://support.industry.siemens.com/cs/ww/en/view/86140384) • ET 200SP (https://support.industry.siemens.com/cs/ww/en/view/84133942) • ET 200AL (https://support.industry.siemens.com/cs/ww/en/view/95242965) • ET 200eco PN (https://support.industry.siemens.com/cs/ww/en/view/109781058) 1.1.2 Basic tools Tools The tools described below support you in all steps: from planning, over commissioning, all the way to analysis of your system.
Page 345 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 346: Simatic Technical Documentation
Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 347 1. Download the associated documentation after receiving your product and before initial installation/commissioning. Use the following download options: – Industry Online Support International: (https://support.industry.siemens.com) The article number is used to assign the documentation to the product. The article number is specified on the product and on the packaging label. Products with new, non-compatible functions are provided with a new article number and documentation.
Page 348: Application Examples
Introduction 1.1 Function Manuals documentation guide You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 349: Safety Instructions
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 350: Overview Of System Diagnostics
Overview of system diagnostics Properties of system diagnostics Introduction In the SIMATIC environment, the term "system diagnostics" refers to diagnostics of devices and modules. All SIMATIC products have integrated diagnostic functions that you can use to detect and remedy faults. The components automatically flag a potential fault in the operation and provide detailed information.
Page 351 Overview of system diagnostics 3.1 Properties of system diagnostics Consistent diagnostics from the field level all the way to the management level The various diagnostics media give you a uniform view of maintenance-related information of every automation component in the plant: System status (module and network status, alarms for system errors) are available plant-wide in a uniform display.
Page 352: Benefits Of Innovative System Diagnostics
Overview of system diagnostics 3.2 Benefits of innovative system diagnostics Benefits of innovative system diagnostics System diagnostics is also possible in STOP The system diagnostics is integrated in the firmware of the CPU and works independently of the cyclic user program. This means it is also available in the STOP CPU operating mode. Faults are detected immediately and signaled to the higher-level HMI devices, the Web server and the display of the SIMATIC S7‑1500 CPU, even in STOP mode.
Page 353: Quick Start
Quick start Introduction The following chapters of this documentation describe the different options for establishing system diagnostics. All described options can be used independently of one another. This chapter gives you an overview of the basic procedure to get initial diagnostics information fast.
Page 354: Additional Information
Quick start 4.2 Using STEP 7 Result The diagnostics events are displayed in the diagnostics buffer in the sequence in which they occur. Figure 4-4 Display of the diagnostics buffer in the display of the SIMATIC S7‑1500 CPU NOTE Automatic updating of diagnostics information You set automatic updating of the diagnostics information under: "Display"...
Page 355 Quick start 4.2 Using STEP 7 Determining diagnostics information using STEP 7 To determine diagnostics information using STEP 7, follow these steps: 1. Open the respective project in STEP 7. 2. Open the portal view of STEP 7. 3. Select the "Online & Diagnostics" portal. 4.
Page 356 Quick start 4.2 Using STEP 7 9. Click on the "Go online" button. The project view of STEP 7 opens. The network view is opened in the work area. The symbols in the project tree provide initial information about the faulty modules. Figure 4-7 Display of the fault in the network view 10.
Page 357 Quick start 4.2 Using STEP 7 Result The link in the "Details" table column takes you to the online and diagnostics view of the device and to the diagnostics buffer there, for example. This includes more information on all diagnostics events in the order in which they occurred. Figure 4-9 Diagnostics buffer with detailed error description NOTE Symbols and their meaning...
Page 358: Configuring And Determining System Diagnostics
Configuring and determining system diagnostics Introduction System diagnostics is the recording, evaluation and reporting of an error within the automation system. The generated alarms contain a textual error description and the error location. For SIMATIC CPUs, system diagnostics is enabled by default and cannot be disabled. For each individual CPU in your project, you can specify which diagnostic alarms you want or do not want to receive on your display device.
Page 359: Configuring System Diagnostics In The Cpu Properties
Configuring and determining system diagnostics 5.1 Configuring system diagnostics in the CPU properties Configuring system diagnostics in the CPU properties Requirements • A project is open • STEP 7 displays the network view Procedure To configure the system diagnostics in the CPU properties, proceed as follows: 1.
Page 360: Configuring Alarms For System Diagnostics In The Project
Configuring and determining system diagnostics 5.2 Configuring alarms for system diagnostics in the project Configuring alarms for system diagnostics in the project Predefined alarm texts are available for establishing the system diagnostics. Requirements • STEP 7 is open. • A project is open. Procedure To configure alarm settings for system diagnostics of the project in STEP 7, proceed as follows:...
Page 361: Options For Displaying System Diagnostics
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Options for displaying system diagnostics Example This section includes a diagnostics example to show how system diagnostics is established with the help of different display options. The example includes a CPU from the SIMATIC S7‑1500 product series that is connected to an ET 200S distributed I/O system and an HMI Comfort Panel via PROFINET.
Page 362: Diagnostics Information At The Devices
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.1 Diagnostics information at the devices 5.3.1.1 LEDs Overview All hardware components, such as CPUs, interface modules and modules, provide information about their operating mode as well as internal and external errors through their LEDs.
Page 363: Display Of The Cpu
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Additional information The meaning of the individual LED displays, their different combinations and the remedial measures resulting from them in case of errors are device-specific. The explanation can be found in the manuals of the modules.
Page 364: Diagnostics Information In Step 7
For additional information on the topic "Functions and operation of the display of the SIMATIC S7‑1500 CPU", see the documentation for the S7-1500 automation system (http://support.automation.siemens.com/WW/view/en/59191792). You can find detailed information on the individual options, a training course and a...
Page 365: Event Table
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Symbols for the comparison status The diagnostics symbols can be combined at the bottom right with additional smaller symbols that indicate the result of the online/offline comparison. The following table shows the possible comparison symbols and their meaning.
Page 366: Accessible Devices (Without Project)
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics The following table shows the possible symbols and their meaning. Table 4-5 Symbols in the event table Symbol Meaning Incoming event Outgoing event Incoming event for which there is no independent outgoing event User-defined diagnostics event Additional information For additional information on the individual symbols, please refer to the online help for STEP...
Page 367 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Procedure To display diagnostic information for specific devices even without an offline project, follow these steps: 1. Establish a connection to the respective CPU. 2. Select the command "Accessible devices" from the "Online" menu. The "Accessible devices"...
Page 368: Devices & Networks
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.2.3 Devices & networks Devices & networks - Go online You can get an overview of the current state of your automation system in the device view or network view. You implement the following tasks in the device view: •...
Page 369: Online & Diagnostics
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5. Select the respective device under "Compatible devices in the target subnet". 6. Confirm the dialog with the "Connect" button. The online mode is started. Result The connected devices are now displayed with diagnostic information in the network view in the working area.
Page 370 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics • Functions – Assign IP address – Set time and date of the CPU – Firmware update (e.g. for PLC, display) – Assign device name – Reset to factory settings –...
Page 371: Diagnostics" Tab In The Inspector Window
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Procedure To display an overview of the faulty devices, follow these steps: 1. Select the affected device folder in the project tree. 2. Select the shortcut menu command "Online & Diagnostics". The online and diagnostics view of the module to be diagnosed is started.
Page 372 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Subordinate "Device information" tab This tab gives you an overview of faulty devices to which an online connection exists or has existed. The table provides the following diagnostics information on the faulty devices: •...
Page 373: Cpu Diagnostics Buffer
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Subordinate "Alarm display" tab System diagnostics alarms are output in the "Alarm display" tab. Figure 4-22 "Alarm display" tab To receive alarms in STEP 7, follow these steps: 1. Open the project view. 2.
Page 374 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics The contents of the diagnostics buffer are stored in the retentive memory in case of a memory reset of the CPU. Errors or events can be evaluated even after a longer period of time thanks to the diagnostics buffer to determine the cause of a STOP or to trace the occurrence of a single diagnostic event and to be able to assign it.
Page 375: Security Events
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Security events The following security events (event types) result in an entry in the diagnostics buffer. • Going online with the correct or incorrect password • Manipulated communications data detected •...
Page 376: Online Tools" Task Card
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.2.7 "Online tools" task card Online view in the "Online tools" task card The following requirements must be met to display the online view of the "Online tools" task card in STEP 7: •...
Page 377: Configuring The Settings For I/O Modules In Step 7
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.2.8 Configuring the settings for I/O modules in STEP 7 You can also make settings for system diagnostics in STEP 7 for I/O modules. The parameters you have to configure depend on the I/O module. The settings are optional.
Page 378: Diagnostics Information Using The Web Server
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.3 Diagnostics information using the web server System diagnostics using the CPU Web server The CPUs of the SIMATIC series have an integrated Web server and let you display the system diagnostics information by means of PROFINET.
Page 379 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics The following diagnostics options are available with the integrated Web server: • Start page with general CPU information • Information on diagnostics • Contents of the diagnostics buffer • Module information •...
Page 380: Accessing The Web Server
Entity certificate), "Public Key Infrastructure" (PKI) and certificate management can be found in the Communication function manual (https://support.industry.siemens.com/cs/ww/en/view/59192925) and in the online help for STEP 7, keyword "Secure communication". 7. Automatic updating is activated in the default setting of a configured CPU.
Page 381 "Download certificate". You can find instructions for installing the certificate in the help system of your Web browser and in the FAQ with the entry ID 103528224 at the Service&Support (https://support.industry.siemens.com/cs/ww/en/view/103528224) website. 5. Click the NEXT link to go to the Web server pages.
Page 382 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Figure 4-30 Web server, "Diagnostics" Web page Diagnostics option "Diagnostics buffer" The browser displays the content of the diagnostics buffer on the "Diagnostics buffer" Web page. Figure 4-31 Web server, "Diagnostics buffer" Web page Diagnostics Function Manual, 11/2024, A5E03735838-AJ...
Page 383 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Diagnostics option "Module information" The status of a device is indicated by the Web browser with symbols and comments on the "Module information" Web page. Modules are displayed on the "Module information" Web page in the "Name" column with a link.
Page 384 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Diagnostics option "Communication" The "Communication" web page provides detailed information about the following tabs: • Parameter A summary of the information on the PROFINET and Ethernet interfaces of the selected CPU is available in this tab.
Page 385 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics "Topology" diagnostics option The "Topology" Web page provides information on the topological configuration and status of the PROFINET devices in your PROFINET IO system. Figure 4-35 Web server, "Topology" Web page "Motion Control Diagnostics"...
Page 386 Additional information on the topic is available in the Web server function manual (http://support.automation.siemens.com/WW/view/en/59193560). You can find additional information on the trace function in the Using the trace and logic analyzer function (https://support.industry.siemens.com/cs/ww/en/view/64897128) function manual. Diagnostics Function Manual, 11/2024, A5E03735838-AJ...
Page 387: Showing Diagnostic Information On An Hmi Device
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.4 Showing diagnostic information on an HMI device Components and objects for system diagnostics You can use the functionality of system diagnostics via HMI devices with the following components: •...
Page 388: Configuring System Diagnostics
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics System diagnostics view The system diagnostics view reflects the current status of all accessible devices in your plant. You navigate directly to the cause of the error and the associated device. You have access to all diagnostics-capable devices that you have configured in the STEP 7 hardware and network editor.
Page 389 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Procedure Proceed as follows to configure the system diagnostics view: 1. Insert a system diagnostics view in your project: – To insert in the global screen: Double-click the "System diagnostics window" object in the "Toolbox"...
Page 390: Different Views Of The System Diagnostics View
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Result: Any screen result The system diagnostics view has been added to the screen. The diagnostics status of the entire plant is displayed in the system diagnostics view in WinCC Runtime. Figure 4-39 System diagnostics view in the screen Result: Global screen result The system diagnostics window has been added to the global screen.
Page 391: Diagnostic Overview
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Diagnostic overview The "Diagnostic overview" screen is the start screen of the system diagnostics view in WinCC Runtime. In this view, you can select the station for which you want to display additional diagnostic information.
Page 392: Navigation Buttons
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Distributed I/O view The distributed I/O view is only available for distributed I/O systems. The distributed I/O view shows the status of the devices of the PROFIBUS/PROFINET-subnet. Each element in the view shows the following information: •...
Page 393: Inserting System Diagnostics Indicator
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.4.3 Inserting system diagnostics indicator Introduction The system diagnostics indicator is a predefined graphic library object which alerts you to errors in your plant. The library object shows the overall status of your plant in one of two states as follows: •...
Page 394 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Procedure 1. Select the "DiagnosticsIndicator" object in the global library. 2. Drag-and-drop the library object to the position in the open screen where you want to insert the object. The library object is added.
Page 395: Configuring Button As System Diagnostics Indicator
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.4.4 Configuring button as system diagnostics indicator Introduction Instead of using the "DiagnosticsIndicator" object from the library, you can configure a button in "Graphics" mode, for example, to indicate errors in your plant. Requirements •...
Page 396 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Result You have configured an interface that reacts to error events from the CPU. The button changes when an error event occurs in Runtime. The button has two states. •...
Page 397: System Diagnostics In Wincc Unified
Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 5.3.4.5 System diagnostics in WinCC Unified Objects for system diagnostics in WinCC Unified The following diagnostics objects are available to display system diagnostics on WinCC Unified components: • Diagnostics indicator •...
Page 398 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics To configure a diagnostics indicator in an open screen, follow these steps: 1. Open the "Toolbox" task card. 2. Select the "IndustryGraphicLibrary > SIMATIC > SystemDiagnostic" folder in the "Dynamic widgets"...
Page 399 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics 6. Select the "@DiagnosticsIndicatorTag" in the "Process" area. Figure 4-47 Configuring a diagnostics indicator Result: You have configured a diagnostics indicator and dynamized the status using a tag. The colors of the dynamized SVGs change according to the defined tag values in Runtime. Table 4-7 Possible diagnostic values Status Diagnostic value...
Page 400 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics Configuring the system diagnostics view You configure the system diagnostics view in WinCC Unified in the same way as in WinCC. However, while system diagnostics in WinCC shows each view in table form, WinCC Unified has a matrix view.
Page 401 Configuring and determining system diagnostics 5.3 Options for displaying system diagnostics NOTE System diagnostics in WinCC Unified for S7‑1500R/H systems For S7‑1500R/H systems, system diagnostics in WinCC Unified is available as of TIA Portal V20. In the matrix view, you can switch to the diagnostics view with the "Show diagnostics buffer" button.
Page 402: System Diagnostics By Means Of The User Program
System diagnostics by means of the user program Options of system diagnostics in the user program Introduction You can configure responses to diagnostics alarms in the user program. You can, for example, specify that your plant is stopped in case of specific diagnostics alarms. Instructions A vendor-independent structure of data records with diagnostics information applies.
Page 403: Additional Information
• PROFINET function manual (http://support.automation.siemens.com/WW/view/en/49948856) • From PROFIBUS DP to PROFINET IO (https://support.industry.siemens.com/cs/ww/en/view/19289930) programming manual • Manual for the respective module Application examples You can find detailed application examples with further documentation and example projects on the Service&Support Website:...
Page 404: System Diagnostics Using Process Image Inputs
6.2 System diagnostics using process image inputs For more information about how to realize channel diagnostics in the user program of the SIMATIC S7-1500, refer to the FAQ with entry ID 109480387 on the Service&Support Website (https://support.industry.siemens.com/cs/ww/en/view/109480387). System diagnostics using process image inputs Introduction In addition to event-driven system diagnostics, the input and output modules of the SIMATIC series provide diagnostics information using the process image input.
Page 405 System diagnostics by means of the user program 6.2 System diagnostics using process image inputs Evaluation of the value status If you have enabled the value status for an I/O module, this module provides additional information on the value status in addition to the user data. This information is available directly in the process image input and can be retrieved with simple binary operations without having the evaluate the module diagnostics.
Page 406 System diagnostics by means of the user program 6.2 System diagnostics using process image inputs Example - Evaluation of the value status for the input channel of an analog input module The example below shows the basic evaluation of the value status for the input channel of an analog input module in the user program.
Page 407: Alarms
Alarms Introduction Alarms allow you to display events from processing in the automation system and to quickly detect errors, to precisely localize them and to remove them. Downtimes are significantly reduced in a plant. Before alarms can be output, they need to be configured. You can create, edit and compile event-dependent alarms along with their alarm texts and alarm attributes and display them on display devices.
Page 408: Creating Alarms With The "Program_Alarm" Instruction
Alarms 7.1 Creating alarms with the "Program_Alarm" instruction Creating alarms with the "Program_Alarm" instruction "Program_Alarm" instruction You create a program alarm in STEP 7 with the "Program_Alarm" instruction. The figure below shows the "Program_Alarm" instruction with the most important input tags. ①...
Page 409 Alarms 7.1 Creating alarms with the "Program_Alarm" instruction NOTE The "Program_Alarm" instruction can only be called in a function block. A program alarm can be up to 256 bytes long in total (with associated values and texts from the text list). The associated values can be a maximum of 512 bytes in length.
Page 410: Editing Alarms In The Alarm Editor
Alarms 7.2 Editing alarms in the alarm editor Editing alarms in the alarm editor Introduction You can edit the created alarms in STEP 7 either in the program editor or in the alarm editor. You can find additional information on editing alarms in the program editor in the STEP 7 online help under "Creating and editing alarms".
Page 411 Alarms 7.2 Editing alarms in the alarm editor ③ "Type alarms" area: This is where the type alarms created in a function block with the "Program_Alarm" instruction are displayed. Type alarms serves as templates for instance alarms (④). All the inputs you make for the type alarm are automatically included in the instance alarms derived from it. You can find more information on type alarms in the STEP 7 online help under "Alarm types and alarms".
Page 412: Display Of Program Alarms
Alarms 7.3 Display of program alarms Display of program alarms Program alarms you create with the "Program_Alarm" instruction are automatically made available to the display devices. You have the following options to display the alarms: • STEP 7 • HMI •...
Page 413: Output Of The Alarm State With The "Get_Alarmstate" Instruction
Alarms 7.4 Output of the alarm state with the "Get_AlarmState" instruction Output of the alarm state with the "Get_AlarmState" instruction "Get_AlarmState" instruction The "Get_AlarmState" instruction outputs the alarm state of a program alarm. The output of the alarm state always refers to a program alarm that was created using the "Program_Alarm" instruction.
Page 414: Example Program For Program Alarms
Alarms 7.5 Example program for program alarms Example program for program alarms 7.5.1 Task Introduction This section describes the basic configuration of program alarms with the "Program_Alarm" instruction based on two examples. The two examples solve the same problem but use a different approach.
Page 415 Alarms 7.5 Example program for program alarms Steps The following steps are necessary for this example: 1. Define tags for signal acquisition 2. Create function block 3. Create program alarms 4. Call function block 5. Edit alarm text Define tags for signal acquisition The following table shows the tags that are used in this example.
Page 416 Alarms 7.5 Example program for program alarms Create function block To create a function block, follow these steps: 1. Open the "Program blocks" folder in the project tree. 2. Double-click "Add new block". The "Add new block" dialog opens. 3. Select the button "Function block". Figure 4-58 Create FB 4.
Page 417 Alarms 7.5 Example program for program alarms 4. Supply the SIG input tag of the "Program_Alarm" instruction with the tags for the maximum fill level. #level_max(SIG:="max"); SIG: If a signal change occurs at the SIG input tag, the "Program_Alarm" instruction generates a program alarm.
Page 418: Example 2: Program Alarm With Associated Value
Alarms 7.5 Example program for program alarms Figure 4-61 Edit alarm text Result: You have created the alarm texts for both type alarms. Additional information You can learn how to create multilingual texts under "Multilingual alarms" in the section Editing alarms in the alarm editor (Page 76). 7.5.3 Example 2: Program alarm with associated value Introduction...
Page 419 Alarms 7.5 Example program for program alarms Define tags for signal acquisition The following table shows the tags that are used in this example. Define these tags in the standard tag table. The standard tag table is available in the project tree under "PLC tags". Table 4-11 Tags for fill level alarms Name Data type...
Page 420 Alarms 7.5 Example program for program alarms Create program alarm To create the program alarm for the example program, follow these steps: 1. Select the created function block (FB) in the "Program blocks" folder in the project tree. 2. Insert the call of the "Program_Alarm" instruction in the instruction part of the function block.
Page 421 Alarms 7.5 Example program for program alarms Result: You have called the alarm block in the user program and created an instance alarm. Creating a text list To create the text list for the example program, follow these steps: 1. Double-click on the "Text lists" command in the program tree. The text list editor opens.
Page 422: Displaying The Alarm
Alarms 7.5 Example program for program alarms The window below opens. Figure 4-68 Insert a dynamic parameter (text list) 5. Select the text list "level_textlist" and the tag "max". Confirm your selection by clicking "OK". Result: You have created the alarm text for the type alarms. If the tag "max"...
Page 423: Diagnostics Of The S7-1500R/H Redundant System
Diagnostics of the S7-1500R/H redundant system S7-1500R/H diagnostics Diagnostics for a S7-1500R/H redundant system is basically the same as a standard S7-1500. You have the following display options: • Via STEP 7 • Via HMI devices • Via the display of the CPUs The CPUs provide information about their operating states as well as internal and external errors through their LEDs.
Page 424 Diagnostics of the S7-1500R/H redundant system Diagnostics view in STEP 7 An online connection is System state Examples in section available to the Online data and diagnostics of the backup CPU Backup CPU RUN-Solo or STOP Restrictions in the The following are not displayed: RUN-Solo system state (Page 108) •...
Page 425: Online And Diagnostics View
Diagnostics of the S7-1500R/H redundant system 8.1 Online and Diagnostics view Online and Diagnostics view Introduction You open the Online and Diagnostics view for the redundant system or for each CPU of the redundant system. Online & diagnostics for the redundant system "Online access": For the S7-1500R/H redundant system, it is displayed whether an online connection exists between the programming device/PC and a CPU.
Page 426 You can find information on the operating and system states in the Redundant System S7-1500R/H System Manual (https://support.industry.siemens.com/cs/ww/en/view/109754833). Online & diagnostics for IO devices in a line topology in the S7-1500H system As of STEP 7 V18, you have the option to configure R1 devices. You assign each interface module of an R1 device to one of the two H-CPUs.
Page 427: Online Tools" Task Card
Diagnostics of the S7-1500R/H redundant system 8.2 "Online Tools" task card The "Online & diagnostics" function for IO devices is independent of the configuration variant of the redundant S7-1500H system. You can use the "Online & diagnostics" function for ring or line topologies or a combination topology.
Page 428 Diagnostics of the S7-1500R/H redundant system 8.2 "Online Tools" task card CPU operator panel The two "CPU operator panel" panes show for the respective CPU of the redundant system: • The role of the CPU, primary CPU or backup CPU •...
Page 429: 8.3 Diagnostics View In The Project Tree And In The Device View And Network View
Reference You can find information on the operating and system states in the Redundant System S7-1500R/H System Manual (https://support.industry.siemens.com/cs/ww/en/view/109754833). Diagnostics view in the project tree and in the device view and network view Additional icons for redundant systems in the project tree Table 4-13 Icons for redundant systems in the project tree of STEP 7...
Page 430 Diagnostics of the S7-1500R/H redundant system 8.3 Diagnostics view in the project tree and in the device view and network view Icon in the project Meaning tree Identifier of the folder for the backup CPU: RUN operating state Identifier of the folder for the primary CPU: STARTUP operating state Identifier of the folder for the backup CPU: SYNCUP operating state...
Page 431 Diagnostics of the S7-1500R/H redundant system 8.3 Diagnostics view in the project tree and in the device view and network view Network view of the system The network view shows no faults for the H-CPUs or the IO device. Maintenance demanded in lower-level component indicated for the system, since the system is not in the RUN-Redundant system state.
Page 432 Diagnostics of the S7-1500R/H redundant system 8.3 Diagnostics view in the project tree and in the device view and network view Alarm display of the system As in the RUN-Solo system state, the alarms of the CPU for which there is an online connection are displayed via the "Alarm display"...
Page 433 Diagnostics of the S7-1500R/H redundant system 8.3 Diagnostics view in the project tree and in the device view and network view Example: Diagnostics display of a faulty R1 device An example of the diagnostics display for IO devices in the redundant S7-1500H system is shown below.
Page 434 Diagnostics of the S7-1500R/H redundant system 8.3 Diagnostics view in the project tree and in the device view and network view To display the diagnostics of the assigned interface modules, proceed as follows: 1. Open the device folder of the CPU. 2.
Page 435 Diagnostics of the S7-1500R/H redundant system 8.3 Diagnostics view in the project tree and in the device view and network view In the device view of the faulty IO device, you see the status of the individual interface modules. Figure 4-84 Diagnostics display of a faulty R1 device in the device view To display extended diagnostics of the interface modules, proceed as follows: 1.
Page 436: Diagnostics In The Run-Redundant System State
Diagnostics of the S7-1500R/H redundant system 8.4 Diagnostics in the RUN-Redundant system state Figure 4-85 View of the "Redundancy" dialog window NOTE Deviating diagnostics display If you remove an interface module of an R1 device, the other interface module signals this error with a red flashing ERROR LED.
Page 437 S7-1500H. You can find information on the redundancy scenarios in the Redundant System S7-1500R/H System Manual (https://support.industry.siemens.com/cs/ww/en/view/109754833). Special examples of a redundant system S7-1500H are shown below: S7-1500H Example 1: The PROFINET ring between the CPU of the redundant S7-1500H system and an IO device was interrupted.
Page 438 Diagnostics of the S7-1500R/H redundant system 8.4 Diagnostics in the RUN-Redundant system state The diagnostics in the network view indicates errors at the affected port of the PROFINET interfaces of PLC_2. Figure 4-87 Diagnostics example: RUN-Redundant system state, open PROFINET ring You can evaluate the diagnostics using the displays of the CPUs via the "Diagnostics"...
Page 439 Diagnostics of the S7-1500R/H redundant system 8.4 Diagnostics in the RUN-Redundant system state Figure 4-88 Diagnostics example: RUN-Redundant system state, a synchronization module fails Evaluate diagnostics on the display For example 2, display of the PLC_2 CPU shows: • In the "Overview" menu command: A message is available in the next lower level page. •...
Page 440 Diagnostics of the S7-1500R/H redundant system 8.4 Diagnostics in the RUN-Redundant system state To evaluate the display, proceed as follows: 1. Navigate to "Pairing state" via the menu commands "Overview" > "Redundancy". 2. This is displayed as the pairing state: Single paired (X4). This means that the redundancy connection is available at the H-Sync interface X4, but not at the X3.
Page 441 Diagnostics of the S7-1500R/H redundant system 8.4 Diagnostics in the RUN-Redundant system state Figure 4-89 Diagnostics example: RUN-Redundant system state, a redundancy connection has failed Evaluate diagnostics on the display Perform the analysis of the display of PLC_2 CPU exactly as for example 2. Diagnostics Function Manual, 11/2024, A5E03735838-AJ...
Page 442: Restrictions In The Run-Solo System State
Diagnostics of the S7-1500R/H redundant system 8.5 Restrictions in the RUN-Solo system state Restrictions in the RUN-Solo system state The primary CPU is in RUN operating state. The Backup CPU is in STOP operating state, is switched off, defective, or not available. Restrictions in the RUN-Solo system state The primary CPU records the diagnostics states of the distributed I/O.
Page 443: System Diagnostics By Means Of The User Program
The following instruction for diagnostics cannot be used for S7-1500R/H redundant systems: • DPNRM_DG: Read diagnostics data from a DP slave Organization blocks You can find the description of the applicable OBs for S7-1500R/H in the S7-1500R/H redund ant system (https://support.industry.siemens.com/cs/ww/en/view/109754833) system manual. Diagnostics Function Manual, 11/2024, A5E03735838-AJ...
Page 444 Introduction Security information SIMATIC Industrial cybersecurity S7-1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro, ET 200eco PN Product overview Communication Communications services Function Manual PG communication HMI communication Open User Communication S7 communication Point-to-point link OPC UA communication Addressing via DHCP Routing Connection resources Diagnostics and fault...
Page 445 Continued Communication with the redundant system S7-1500R/H Industrial Ethernet Security with CP 1543-1 S7-1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro, ET 200eco PN Communication Function Manual...
Page 447 Table of contents Introduction............................10 Function Manuals documentation guide................1.1.1 Information classes Function Manuals................17 1.1.2 Basic tools........................1.1.3 S7 Port Configuration Tool (S7-PCT).................. 21 1.1.4 S7 Failsafe Configuration Tool (S7-FCT)................21 1.1.5 MultiFieldbus Configuration Tool (MFCT)................1.1.6 SIMATIC Technical Documentation..................23 Security information...........................
Page 448 Table of contents 5.6.3.6 Special features when backing up and restoring a CPU............5.6.3.7 Tips for error avoidance and error handling............... 86 5.6.3.8 Rules for the replacement parts scenario................87 5.6.4 Secure Open User Communication..................88 5.6.4.1 Secure OUC of an S7-1500 CPU as TLS client to an external PLC (TLS server)...... 5.6.4.2 Secure OUC of an S7-1500 CPU as TLS server to an external PLC (TLS client)......
Page 449 Table of contents 11.1.3 OPC UA for S7-1200/S7-1500 CPUs................... 166 11.1.4 Access to OPC UA applications................... 168 11.1.5 Addressing nodes......................172 11.1.6 Namespace overview for the OPC UA server of the S7-1200/1500 CPUs......175 11.1.7 What you need to know about OPC UA clients..............176 11.2 Security at OPC UA......................
Page 450 Table of contents 11.3.4.2 Using OPC UA companion specifications................261 11.3.4.3 Creating a server interface for companion specification............. 267 11.3.4.4 Creating a user-defined server interface................271 11.3.4.5 Data types for companion specifications................277 11.3.4.6 LocalizedText and ByteString data types................278 11.3.4.7 Using additional OPC UA data types for companion specifications........
Page 451 Table of contents 11.5.1 Rules for subscriptions...................... 364 11.5.2 Rules for the user program....................365 11.5.3 Master copies for OPC UA communication................. 366 Addressing via DHCP........................... 368 12.1 Principle of address assignment via DHCP................370 12.2 DHCP with DNS......................... 372 12.3 Activate DHCP........................
Page 452 Table of contents 16.8.1 Setting up the connection of the Open User Communication with the redundant ..429 S7-1500R/H system 16.8.2 Open User Communication with CP 1543-1 communications processors......433 16.9 Using an OPC UA server in an S7-1500R/H system.............. 434 16.9.1 Information worth knowing on the OPC UA server in the S7-1500R/H system.....
Page 453: Introduction
Introduction Purpose of the documentation This Function Manual provides you with an overview of the communication options, the CPUs, communications modules and processors and PC systems of the systems SIMATIC S7‑1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro and SIMATIC Drive Controller. This Function Manual describes connection-oriented, asynchronous communication. The documentation covers the following: •...
Page 454 Introduction What's new in the Communication Function Manual, Edition 11/2024 as compared to Edition 11/2023 What's new? What are the customer benefits? Where can I find the information? Table for communication proto Information on protocols and ports used by inter Section Communications protocols cols and port numbers used in Eth...
Page 455 Introduction What's new? What are the customer benefits? Where can I find the information? Revision of the tables for commu Updated information on protocols and ports used. Communications protocols and port nication protocols and port num You can see at first glance which default settings numbers used for Ethernet commu...
Page 456 Introduction What's new? What are the customer benefits? Where can I find the information? OPC UA GDS mechanism: Now The Web server certificate for HTTPS communica What you should know about the cer also usable for Web server certific tion can now also be managed via the OPC UA GDS tificate management (Page 63) ates mechanism, without separate download of the...
Page 457 Introduction What's new? What are the customer benefits? Where can I find the information? Name-based addressing with DNS • DNS server addresses can be obtained from the DHCP with DNS (Page 372) CPU via DHCP • The CPU can obtain host and domain names from a DHCP server for applications that are implemented with OPC UA or (Secure) OUC.
Page 458 SIMATIC S7‑1500 automation system are imple tem Manual S7‑1500R/H redundant system mented for the S7‑1500R/H redundant system. (https://support.industry.siemens. com/cs/ww/en/view/109754833) What's new in the Communication Function Manual, Edition 12/2017 compared to Edition 09/2016 What's new? What are the customer benefits? Where can I find the information? OPC UA Companion Specification Through OPC UA Companion Specification, meth...
Page 459 Industry Mall The Industry Mall is the catalog and order system of Siemens AG for automation and drive solutions on the basis of Totally Integrated Automation (TIA) and Totally Integrated Power (TIP).
Page 460: Function Manuals Documentation Guide
ET 200SP, ET 200AL and ET 200eco PN distributed I/O systems is arranged into three areas. This arrangement enables you to access the specific content you require. You can download the documentation free of charge from the Internet (https://support.industry.siemens.com/cs/ww/en/view/109742705). Basic information The system manuals and Getting Started describe in detail the configuration, installation, wiring and commissioning of the SIMATIC S7‑1500, SIMATIC Drive Controller, ET 200MP,...
Page 461: General Information
• SIMATIC Drive Controller (https://support.industry.siemens.com/cs/de/en/view/109772684/en) • Motion Control (https://support.industry.siemens.com/cs/de/en/view/109794046/en) • ET 200SP (https://support.industry.siemens.com/cs/de/en/view/73021864) • ET 200eco PN (https://support.industry.siemens.com/cs/ww/en/view/109765611) Manual Collections The Manual Collections contain the complete documentation of the systems put together in one file. You will find the Manual Collections on the Internet: •...
Page 462: Basic Tools
With the TIA Selection Tool , you can generate a complete order list from your product selection or product configuration. You can find the TIA Selection Tool on the Internet. (https://support.industry.siemens.com/cs/ww/en/view/109767888) SIMATIC Automation Tool You can use the SIMATIC Automation Tool to perform commissioning and maintenance activities on various SIMATIC S7 stations as bulk operations independent of TIA Portal.
Page 463 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 464: S7 Port Configuration Tool (S7-Pct)
SIMATIC S7-PCT The Port Configuration Tool (PCT) is a PC-based software for the parameter assignment of Siemens IO-Link Master modules and IO-Link devices from any manufacturer. You integrate IO-Link-devices using the standardized device description "IODD", which you get from the respective device manufacturer. S7-PCT supports version 1.0 and V1.1 of the IODD.
Page 465 • Microsoft C++ Redistributable for x86-systems (you can find the installation data for download on the Internet. (https://aka.ms/vs/15/release/vc_redist.x86.exe)) The download of the tool and further information as well as documentation on the individual functions of the MFCT can be found on the Internet. (https://support.industry.siemens.com/cs/de/en/view/109773881) Communication Function Manual, 11/2024, A5E03735815-AM...
Page 466: Simatic Technical Documentation
Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 467: Application Examples
Manuals, characteristics, operating manuals, certificates • Product master data You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 468: Security Information
Security information General security information Note the security-relevant information provided in the corresponding system manual. You can find information relevant to cybersecurity in the section Industrial cybersecurity (Page 26). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 469: Industrial Cybersecurity
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 470: Security-Relevant Information In This Manual
Industrial cybersecurity 3.2 Security-relevant information in this manual Security-relevant information in this manual Observe all security-relevant notes on topics in this Communication manual. Security-relevant notes on ... Section Interfaces Product overview (Page 28) Ports and protocols Overview of communication options (Page 33) Communications protocols and port numbers used for Ether...
Page 471: Product Overview
Product overview CPUs, communications modules and processors, and PC systems of the S7‑1500, ET 200MP, ET 200SP, ET 200pro and ET 200AL systems provide you with interfaces for communication via PROFINET, PROFIBUS and point-to-point connections. CPUs, communications modules and communications processors PROFINET and PROFIBUS DP interfaces are integrated in the S7‑1500 CPUs. The CPU 1516‑3 PN/DP for example has 2 PROFINET interfaces and 1 PROFIBUS DP interface.
Page 472 Product overview Interfaces of communications modules Interfaces of communications modules (CMs) extend the interfaces of CPUs (for example, the communication module CM 1542-5 adds a PROFIBUS interface to S7-1500 automation system). ① PROFIBUS DP interface Figure 4-92 PROFIBUS DP interface of the CM 1542‑5 and CM DP (to an ET 200SP CPU) Communication Function Manual, 11/2024, A5E03735815-AM...
Page 473 Product overview Interfaces of communications processors Interfaces of communication processors (CP) offer additional functionality to what is provided by the integrated interfaces of the CPUs. CPs allow special applications, for example the CP 1543-1 provides security functions for protecting Industrial Ethernet networks via its Industrial Ethernet interface.
Page 474 Product overview Interfaces of communications modules for point-to-point connections The communication modules for point-to-point connections provide communication via their RS 232-, RS 422- and RS 485 interfaces, for example, Freeport or Modbus communication. ① Interface for point-to-point connections Figure 4-94 Example of interface for point-to-point connection at the CM PtP RS422/485 BA Communication Function Manual, 11/2024, A5E03735815-AM...
Page 475 Product overview Interfaces of interface modules PROFINET and PROFIBUS DP interfaces of the interface modules (IM) in ET 200MP, ET 200SP and ET 200AL are used to connect the distributed I/O ET 200MP, ET 200SP and ET 200AL to PROFINET or PROFIBUS of the higher-level IO controller or DP master. ①...
Page 476: Communications Services
Communications services Overview of communication options Overview of communications options The following communications options are available for your automation task. Table 4-14 Communications options Communications options Functionality Via interface: PN/IE serial PG communication On commissioning, testing, diagnostics HMI communication On operator control and monitoring Open communication via TCP/IP Data exchange via PROFINET/Industrial Ethernet with TCP/IP...
Page 477: 5.1 Overview Of Communication Options
Communications services 5.1 Overview of communication options Communications options Functionality Via interface: PN/IE serial Open communication with FDL (only Data exchange via PROFIBUS with the FDL protocol CM 1542‑5 as of firmware V2.0) Instructions: • TSEND_C/TRCV_C • TSEND/TRCV • TUSEND/TURCV • TCON •...
Page 478 OPC UA PubSub for SIMATIC S7-1500, can be found in this Application example (https://support.industry.siemens.com/cs/ww/en/view/109782455). • This FAQ (https://support.industry.siemens.com/cs/ww/en/view/102420020) describes how to configure fetch/write communication via CP1543-1 with S7‑1500. • More information about the Fetch/Write services is available in the STEP 7 online help.
Page 479: Communications Protocols And Port Numbers Used For Ethernet Communication
Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Communications protocols and port numbers used for Ethernet communication This section provides an overview of the supported protocols and port numbers used for communication over PN/IE interfaces. For each protocol the address parameters, the respective communications layer as well as the communications role and the communications direction are specified.
Page 480 Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Protocol / Role Port num (2) Link layer Description / function Default setting / notes (4) Transport lay LLDP Not relev (2) Ethertype PROFINET Link Layer Discovery Pro Default: Activated. 0x88CC (LLDP) tocol.
Page 481 Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Protocol / Role Port num (2) Link layer Description / function Default setting / notes (4) Transport lay IGMPv2 Not relev (3) Network layer Internet Group Management Pro IGMPv2 is a functionality of the IP tocol.
Page 482 Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Protocol / Role Port num (2) Link layer Description / function Default setting / notes (4) Transport lay As of FW (4) TCP Open User Communication The following applies to FW versions version (4) UDP (TCP/UDP).
Page 483 Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Layers and logs of the S7-1500 Software Controller (via Ethernet interface on the Windows side) The following table shows the protocols that are supported by the S7-1500 Software Controller via the Ethernet interfaces assigned by Windows.
Page 484 Do not use ports for OUC, which are already used by other Windows applications. Layers and protocols of S7-1500 communications modules The documentation for the protocols of S7-1500 communications modules (e.g. CP 1543-1) can be found here (https://support.industry.siemens.com/cs/ww/en/view/67700710). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 485 Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Layers and protocols of interface modules The following table shows the protocols supported by ET 200 interface modules. To find out which protocols your ET 200 interface module supports, refer to the technical specifications in the relevant equipment manual.
Page 486 Communications services 5.2 Communications protocols and port numbers used for Ethernet communication Protocol / Role Port num (2) Link layer Description / function Default setting / notes (4) Transport lay IO controller according to the config uration. PTCP uses standard-compliant multic ast MAC addresses.
Page 487: Overview Of Connection Resources
Communications services 5.3 Overview of connection resources Overview of connection resources Connection resources Some communications services require connections. Connections allocate resources on the CPUs, CPs and CMs involved (for example memory areas in the CPU operating system). In most cases one resource per CPU/CP/CM is allocated for a connection. In HMI communication, up to 3 connection resources are required per HMI connection.
Page 488: Setting Up A Connection
Communications services 5.4 Setting up a connection Setting up a connection Automatic connection STEP 7 sets up a connection automatically (for example PG or HMI connection) if you have connected the PG/PC interface to an interface of the CPU physically and have made the interface assignment in STEP 7 in the "Go online"...
Page 489 Communications services 5.4 Setting up a connection Setting up a configured connection You set up the configured connection in the network view of the Devices & networks editor of STEP 7 in the context of a CPU or a software controller. Figure 4-97 Configured setup Effects on the connection resources of the CPU You can often choose between a configured or a programmed connection.
Page 490: Data Consistency
Communications services 5.5 Data consistency Connection Automatically Programmed setup Configured setup Open communication via UDP con nection Open communication via ISO con nection Open communication via FDL con nection Communication via Modbus TCP connection E-mail connection FTP connection S7 connection* * Note that for an S7-1500 CPU you must enable the use of PUT/GET communication in the properties of the CPU.
Page 491 Communications services 5.5 Data consistency The following figure shows a data area that is smaller than the maximum size of the consistent data area. In this case, when transferring the data area, it is ensured that there is no interruption by the user program during data access so that the data is not changed. ①...
Page 492 Communications services 5.5 Data consistency Example of an inconsistency The figure below shows an example of changing data during the transfer. The destination data area contains data from different points in time. ① Maximum size of the consistent data area Figure 4-100 Example: Changing data during the transfer System-specific maximum data consistency for S7‑1500: No inconsistency occurs if the system-specific maximum size of the consistent data is kept to.
Page 493: Secure Communication
Communications services 5.6 Secure Communication In S7 communication with the PUT/GET instructions or Write/Read via HMI communication, you need to take into account the size of the consistent data areas during programming or configuration. In the user program of an S7-1500 as server, there is no instruction available that can coordinate the data transfer in the user program.
Page 494 Communications services 5.6 Secure Communication Secure Communication via CP 1242-7 GPRS V2 is not possible. Public Key Infrastructure (PKI) The attribute "secure" is used for the identification of communication mechanisms that are based on a Public Key Infrastructure (PKI) (for example RFC 5280 for Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List Profile).
Page 495 Communications services 5.6 Secure Communication • Transport and storage of the public key using X.509 certificates: – X.509 certificates are digitally signed data that allow public key authentication in terms of the bound identity. – X.509 certificates can contain information that describes in more detail or restricts use of the public key.
Page 496 Communications services 5.6 Secure Communication The figure below shows the TLS protocol in the context of communication layers. Figure 4-101 TLS protocol in the context of communication layers Secure communication with OPC UA An OPC UA server is implemented in S7-1500 CPUs as of firmware V2.0. OPC UA Security also covers authentication, encryption and data integrity with digital X.509 certificates and also uses a Public Key Infrastructure (PKI).
Page 497: Device-Dependent Security Features
Communications services 5.6 Secure Communication 5.6.1.2 Device-dependent security features Transport Layer Security (TLS) is a widespread security protocol that improves the data security for communications. For the S7-1500 automation system, TLS is used for secure communication for the following certificate-based applications: •...
Page 498 Communications services 5.6 Secure Communication Supported encryption methods and parameters for creating certificates To generate the public key for a new certificate, in the TIA Portal, set the encryption method and encryption parameters. These certificate parameters are device-dependent and dependent on the application used One possibility: In the CPU properties, go to "Protection &...
Page 499: Confidentiality Through Encryption
Communications services 5.6 Secure Communication 5.6.1.3 Confidentiality through encryption Message encryption is an important element of data security. When encrypted messages are intercepted by third parties during communication, these potential eavesdroppers cannot access the information they contain. There is a wide range of mathematical processes (algorithms) for encrypting messages. All algorithms process a "key"...
Page 500 Communications services 5.6 Secure Communication Asymmetric encryption Asymmetric encryption works with a pair of keys consisting of one public key and one private key. Used with a PKI, it is also known as Public Key cryptography or simply PKI cryptography. A communication partner, Alice in the figure below, has a private key and a public key.
Page 501 Communications services 5.6 Secure Communication Encryption processes in practice In practice, for example with a CPU Web server and Secure Open User Communication, the TLS protocol is used below the relevant application layer. Application layers are HTTP or SMTP, for example, as detailed above. TLS (Transport Layer Security) uses a combination of asymmetric encryption and symmetric encryption (hybrid encryption) for secure data transfer, for example, over the Internet, and uses the following subprotocols:...
Page 502: Authenticity And Integrity Through Signatures
Communications services 5.6 Secure Communication 5.6.1.4 Authenticity and integrity through signatures Attacks from programs that intercept communication between the server and client and act as if they themselves were client or server, are called man-in-the-middle attacks. If the false identity of these programs is not detected, they can obtain important information about the S7 program, for example, or set values in the CPU and attack a machine or plants.
Page 503: Self-Signed Certificates
Communications services 5.6 Secure Communication Self-signed certificates Self-signed certificates are certificates whose signature comes from the certificate subject and not from an independent certificate authority. Examples: • You can create and sign a certificate yourself, for example, to encrypt messages to a communication partner.
Page 504 Communications services 5.6 Secure Communication How signatures are generated and verified Asymmetric key usage ensures that certificates can be verified: The example of the "MyCert" certificate illustrates the "Sign" and "Verify signature" processes. Generating a signature: 1. The issuer of the "MyCert" certificate generates a hash value from the certificate data using a specific hash function (for example SHA-1, Secure Hash Algorithm).
Page 505 Communications services 5.6 Secure Communication Signing messages The method described above for signing and verifying certificates also uses the TLS session for signing and verifying messages: If a hash value is generated by a message and this hash value is encrypted with the private key of the sender and attached to the original message, the receiver of the message is able to check the integrity of the message.
Page 506: Managing Certificates
Communications services 5.6 Secure Communication 5.6.2 Managing certificates 5.6.2.1 What you should know about the certificate management This section shows the available certificate management options of an S7-1500 CPU depending on the service (CPU application) used and on the versions of the TIA Portal / the CPU firmware.
Page 507: Certificate Management With Tia Portal
Communications services 5.6 Secure Communication 5.6.2.2 Certificate management with TIA Portal STEP 7 as of version V14 together with the S7‑1500 CPUs as of firmware version 2.0 support the Internet PKI (RFC 5280) in as far as an S7‑1500 CPU is able to communicate with devices that also support the Internet PKI.
Page 508 Communications services 5.6 Secure Communication Figure 4-106 Security settings for an S7‑1500 CPU in STEP 7 Special features of the section "Protection & Security > Certificate manager" Only in this section of the Inspector window do you switch between the global, i.e. project- wide, and the local, i.e.
Page 509 Communications services 5.6 Secure Communication The figure below shows how the "Global security settings" are shown in the project tree after the "Use global security settings for certificate manager" option has been activated in the Inspector window of the CPU. When you double-click "User login"...
Page 510: Examples For The Management Of Certificates
Communications services 5.6 Secure Communication When the hardware configuration is loaded, the device certificate, the public key as well as the private key are loaded into the CPU. NOTICE Enabling the "Use global security settings for certificate manager" option - Consequences The "Use global security settings for certificate manager"...
Page 511 Communications services 5.6 Secure Communication TCON_IPV4_SEC). STEP 7 assigns the certificate ID automatically during the generation or creation of certificates. Procedure STEP 7 automatically loads the required CA certificates together with the hardware configuration to the participating CPUs so that the requirements for certificate verification exist for both CPUs.
Page 512 Communications services 5.6 Secure Communication Proceed as follows to add the self-signed certificate of the communication partner of the CPU: 1. Mark PLC_1 and navigate to the "Certificates of partner devices" table in the "Protection & Security" section. 2. Click in an empty line in the "Certificate subject" column in the "Device certificates" table to add a new certificate.
Page 513 Communications services 5.6 Secure Communication 5. Click in an empty line in the "Certificate subject" column to add the imported certificates. 6. Select the required CA certificates of the communication partner from the drop-down list and confirm the selection. Optionally the MES system can also request a device certificate of the CPU to authenticate the CPU (i.e., the TLS client).
Page 514 Communications services 5.6 Secure Communication Secure Open User Communication to a mail server (SMTP over TLS) An S7-1500 CPU can establish a secure connection to an e-mail server with the communication instruction TMAIL-C. The system data types TMail_V4_SEC and TMail_QDN_SEC allow you to determine the partner port of the e-mail server and thus to reach the e-mail server via "SMTP over TLS".
Page 515: How Communication With Certificates Works: Http Over Tls
Communications services 5.6 Secure Communication 5.6.2.4 How communication with certificates works: HTTP over TLS The following paragraphs show how the mechanisms described are used to establish a secure communication between a Web browser and the Web server of an S7-1500 CPU. Initially the changes for the "Permit access only with HTTPS"...
Page 516 Communications services 5.6 Secure Communication Loading the Web server certificate The server certificate generated by STEP 7 is then automatically also loaded to the CPU when the hardware configuration is loaded. • If you use the certificate manager in the global security settings, the certificate authority of the project (CA certificate) signs the server certificate of the Web server: During loading the CA certificate of the project is loaded as well automatically.
Page 517 Communications services 5.6 Secure Communication Course of the secure communication The figure below shows, in simplified terms, how communication is established ("handshake") focusing on the negotiation of keys used for data exchange (here with HTTP over TLS). However, the course can be applied to all communication options that are based on the usage of TLS, i.e.
Page 518: Tip: Updating Loaded Certificates In Run
Communications services 5.6 Secure Communication You have the following options for obtaining the intermediate certificates: – The server itself sends the required intermediate certificates to Alice along with its end- entity certificate – in the form of a signed message so that Alice can verify the integrity of the certificate chain.
Page 519: Requirements For Secure Communication
Communications services 5.6 Secure Communication Procedure 1. In TIA Portal (project navigation), navigate to the certificate manager (Security settings > Security functions). 2. Select the "Certificate authority (CA)" tab or the "Device certificates" tab - depending on which certificate you want to update. 3.
Page 520 Communications services 5.6 Secure Communication Security settings wizard When you add a CPU to the project that supports secure PG/HMI communication in the TIA Portal from the hardware catalog, a wizard starts for the security settings of the CPU. The wizard guides you step by step through the following CPU settings: •...
Page 521 Communications services 5.6 Secure Communication Certificate-based communication also between PG/HMI and CPU Because, as of TIA Portal version V17 and CPU firmware version V2.9 (S7-1500) or V4.5 (S7-1200), the PG/HMI communication is also certificate-based, you will be prompted to accept the server certificate in the course of the commissioning. Tips and rules for password management •...
Page 522: Useful Information For The Protection Of Confidential Plc Configuration Data
Communications services 5.6 Secure Communication 5.6.3.2 Useful information for the protection of confidential PLC configuration data The concept for Secure Communication protected by security standards comprises the following components: • A password-based key information that is used for protecting confidential configuration data (e.g.
Page 523: Changing Your Password
Communications services 5.6 Secure Communication Two memory areas for more security The charged components are related to each other like two matching puzzle pieces: The project is bound to the loaded key information, the loaded key information is bound to the password that was assigned during configuration.
Page 524 Communications services 5.6 Secure Communication Change password - configuration is already loaded If the CPU has already been loaded with a configuration and the configuration is protected with a password for confidential PLC configuration data, you must first either reset the CPU to the factory settings and delete the password for confidential PLC configuration data in the CPU or delete it directly online and then set it.
Page 525: Resetting The Password
Communications services 5.6 Secure Communication NOTE Reset to factory settings via the display of the CPU Resetting the CPU to factory settings via the display deletes the password for the protection of confidential PLC configuration data. More information Information on how to proceed in case of a spare part can be found in section Rules for the replacement parts scenario (Page 87).
Page 526 Communications services 5.6 Secure Communication Delete password – Configuration is already loaded If the CPU has already been loaded with a configuration and the configuration is protected with a password for confidential PLC configuration data, you can, for loading a new project, delete the password for confidential PLC configuration data online and then specify a new password.
Page 527: Assign Password Via Simatic Memory Card
Communications services 5.6 Secure Communication 5.6.3.5 Assign password via SIMATIC Memory Card If you want to transfer the password to protect confidential PLC configuration data to a CPU without using TIA Portal, you can also use a SIMATIC memory card for this function. The use of a SIMATIC memory card is suitable for the following purposes: •...
Page 528: Special Features When Backing Up And Restoring A Cpu
Communications services 5.6 Secure Communication Creating a SIMATIC memory card with "SET PASSWORD" job 1. Create a folder in the root directory named "SET_PWD.S7S". 2. Create a text file named "PWD.TXT" with the password as text-only in the folder just created on the memory card.
Page 529: Tips For Error Avoidance And Error Handling
Communications services 5.6 Secure Communication Restoring the backup When restore the backup of a CPU (menu "Online", command “Download to device” with marked backup in TIA Portal) the CPU can only communicate with a PG/PC or HMI if the following condition is fulfilled: •...
Page 530: Rules For The Replacement Parts Scenario
Communications services 5.6 Secure Communication • The same error occurs if your CPU configuration does not use a password and the already loaded configuration requires a user-defined password. Remedy: – Use the online function "Set password to protect confidential PLC configuration data" to delete the password or to set the same password as in the CPU configuration.
Page 531: Secure Open User Communication
Communications services 5.6 Secure Communication More information In section Assign password via SIMATIC Memory Card (Page 84) you can read how to use the SIMATIC Memory Card to assign the password to protect confidential PLC configuration data. 5.6.4 Secure Open User Communication 5.6.4.1 Secure OUC of an S7-1500 CPU as TLS client to an external PLC (TLS server) The following section describes how you can set up Open User Communication via TCP from...
Page 532 Communications services 5.6 Secure Communication 4. Set the parameters for secure communication in the "Start value" column. – "ActivateSecureConn": Activation of secure communication for this connection. If this parameter has the value FALSE, the subsequent security parameters are irrelevant. You can set up a non-secure TCP or UDP connection in this case.
Page 533: Additional Information
Communications services 5.6 Secure Communication Additional information You can find more information on the TCON_QDN_SEC system data type in the STEP 7 online help. For additional information on secure communication, refer to the section Secure Communication (Page 50). 5.6.4.2 Secure OUC of an S7-1500 CPU as TLS server to an external PLC (TLS client) The following section describes how you can set up Open User Communication via TCP from an S7-1500 CPU as TLS server to a TLS client.
Page 534 Communications services 5.6 Secure Communication – "TLSServerCertRef": ID of the own X.509-V3 certificate. Figure 4-117 Certificate handling from the perspective of the S7-1500 as TLS server – "TLSClientCertRef": ID of the X.509-V3 certificate (or a group of X.509-V3 certificates) that is used by the TLS server to validate TLS client authentication. If this parameter is 0, the TLS server uses all (CA) certificates currently loaded in the server certificate store to validate the client authentication.
Page 535: Secure Ouc Between Two S7-1500 Cpus
Communications services 5.6 Secure Communication 5.6.4.3 Secure OUC between two S7-1500 CPUs The following section describes how you can set Secure Open User Communication via TCP between two S7-1500 CPUs. In the process one S7‑1500 CPU acts as TLS client (active establishing of the connection) and the other S7‑1500 CPU as TLS server (passive establishing of the connection).
Page 536 Communications services 5.6 Secure Communication 3. Set the connection parameters of the TCP connection in the "Start value" column. For example, enter the IPv4 address of the TLS server for "RemoteAddress". NOTE Connection parameter Interface ID Note that you can enter the value "0" for the interface ID in the data type TCON_IP_V4_SEC.
Page 537: Secure Ouc Via Cp Interface
Communications services 5.6 Secure Communication – "TLSServerCertRef": ID of the own X.509-V3 certificate. – "TLSClientCertRef": Enter the value 2 (reference to the CA certificate of the TIA Portal project (SHA256) or the value 1 (reference to the CA certificate of the TIA Portal project (SHA1)).
Page 538 Communications services 5.6 Secure Communication The fundamental procedure and the concept for using secure communication via a CP interface is similar to that of secure communication via the interfaces of the S7-1500 CPUs. Essentially, you have to assign the certificates to the CPU in the role of a TLS server or TLS client and not to the CPU.
Page 539 Communications services 5.6 Secure Communication – The root certificate (CA certificate) with which the device certificate of the communication partner is signed must also be located in the certificate memory of the CP or in the certificate memory of the external device. If you use intermediate certificates, you have to ensure that the complete certificate path exists in the validating device.
Page 540 Communications services 5.6 Secure Communication 3. Set the connection parameters of the TCP connection in the "Start value" column. For example, enter the IPv4 address of the TLS server for "RemoteAddress". 4. Set the parameters for secure communication in the "Start value" column. –...
Page 541 Communications services 5.6 Secure Communication – "TLSServerCertRef": ID of the own X.509-V3 certificate. – "TLSClientCertRef": Enter the value 2 (reference to the CA certificate of the TIA Portal project (SHA256) or the value 1 (reference to the CA certificate of the TIA Portal project (SHA1)).
Page 542: Secure Ouc With Modbus Tcp
Communications services 5.6 Secure Communication 5.6.4.5 Secure OUC with Modbus TCP For secure Modbus TCP connection you need to create a data block with one of the system data types TCON_IP_V4_SEC or TCON_QDN_SEC yourself, assign parameters and call it directly at the MB_Server or MB_CLIENT instruction. Requirements: •...
Page 543: Secure Ouc Via E-Mail
Communications services 5.6 Secure Communication 5.6.4.6 Secure OUC via e-mail Setting up a secure connection to a mail server over the CPU interface For secure communication to a mail server you need to create a data block with one of the system data types TMAIL_V4_SEC, TMAIL_QDN_SEC yourself, assign parameters and call it directly at the TMAIL_C instruction.
Page 544 Communications services 5.6 Secure Communication Example: Setting up a secure connection to a mail server over IPv4 The following section describes how to set up a secure connection to an IPv4 mail server with the TMAIL_C communication instruction. To set up a secure connection via the IP4 address of the mail server, follow these steps: 1.
Page 545: Application Example
Application example This application example (https://support.industry.siemens.com/cs/ww/en/view/46817803) show how you can use the CP of an S7-1500 or S7-1200 station to set up a secure connection to an email server and send an email with the default application "TMAIL_C" from the S7 CPU.
Page 546: Secure Pg/Hmi Communication
Communications services 5.6 Secure Communication Additional information You can find more information about the system data types TMail_V4_SEC and TMAIL_QDN_SEC in the STEP 7 online help. For additional information on secure communication, refer to the section Secure Communication (Page 50). 5.6.5 Secure PG/HMI communication 5.6.5.1...
Page 547 You can use a policy setting to check the assigned passwords as they are entered into the TIA Portal. This will ensure that your company complies with prescribed password policies. If your machine or system does not require this protection based on the Siemens Industrial Defense-in-Depth concept, you can dispense with password assignment, for example, because another equivalent protection is present.
Page 548: Additional Settings For The Secure Pg/Hmi Communication
Communications services 5.6 Secure Communication 5.6.5.2 Additional settings for the secure PG/HMI communication In addition to the assignment of a password to protect confidential PLC configuration data, you have further setting options for the behavior of the CPU during operation. PG/PC and HMI communication mode You can set how the CPU can communicate with programming devices and HMI devices: •...
Page 549: Tip For Certificate-Based Communication Between Pg And Cpu
Communications services 5.6 Secure Communication 5.6.5.3 Tip for certificate-based communication between PG and CPU The certificate-based PG/PC communication (Secure PG/PC communication) means that the communication partner of the CPU – the programming device with installed TIA Portal – must trust the device certificate of the CPU so that a connection can be loaded. To put it simply, from the TIA Portal perspective you have the following options to trust the certificate of a CPU: •...
Page 550 1. Copy the CA certificate exported in the previous step to the following directory: C:\ProgramData\Siemens\Automation\Certstore\Trusted 2. Start TIA Portal. In the "Info" tab of the Inspector window, a message appears for each CA certificate which provides information on whether the CA certificate could be successfully transferred to the CA store of TIA Portal.
Page 551: Cpu Behavior From Loading To Operational Readiness
Communications services 5.6 Secure Communication 5.6.5.4 CPU behavior from loading to operational readiness To ensure that communication between the CPU and a programming device or HMI device is secure, it must first have a certificate. However, the certificate for productive operation is only issued when the project is loaded into the CPU.
Page 552 Communications services 5.6 Secure Communication Figure 4-129 Connection establishment, provisioning phase WARNING Potential security risks during commissioning During commissioning, the CPU provides a manufacturer device certificate (if available) or a self-signed certificate that you must trust in order to establish a connection. Only trust this certificate if the programming device and the CPU are in a protected network and are directly connected to each other.
Page 553: Using Secure Hmi Communication
Communications services 5.6 Secure Communication Startup of PG/HMI communication When the CPU is loaded and has received the CPU certificate for Secure PG/HMI Communication, the programming device connects again - this time based on the loaded CA certificate. Figure 4-130 Startup of PG/HMI communication 5.6.5.5 Using secure HMI communication As of TIA Portal version V17, the CPU and the HMI device communicate via secure HMI...
Page 554 Communications services 5.6 Secure Communication Configuring secure HMI communication 1. Configure the HMI device with an alarm view. NOTE Without an alarm view you cannot identify the errors during connection establishment. 2. Configure the CPU with the required security settings. Select a PLC communication certificate to protect the HMI connection or have the TIA Portal generate a PLC communication certificate.
Page 555: Using Legacy Pg/Pc Communication For Tia Portal
Communications services 5.6 Secure Communication Unified Comfort Panels 1. Open the Control Panel. 2. Select "Security > Certificates". 3. In the "Certificate store" selection list, select the entry "Other Certificates". 4. In the "Other certificates" list, select the PLC communication certificate of the CPU. 5.
Page 556: Information About Compatibility
Communications services 5.6 Secure Communication Setting the Legacy PG/PC communication 1. In the "Online" menu, select the command "Use only Legacy PG/PC communication". 2. Select the check box in front of the menu command. Result: All online connections are set up as for TIA Portal versions < V17. The setting remains active for the duration of the session.
Page 557 Communications services 5.6 Secure Communication In summary ("PG" here stands for a programming device with TIA Portal): • PG/HMI and CPU come with the V17 (or subsequent version): TLS procedure is used. • PG/HMI comes from a predecessor version (< V17): Legacy procedure is used - provided that you have deactivated the option "Only allow secure PG/PC and HMI communication"...
Page 558: Snmp
Communications services 5.7 SNMP SNMP 5.7.1 Activating and deactivating SNMP The network management protocol SNMP (Simple Network Management Protocol) is used for performing monitoring and diagnostics of the network topology. SNMP uses the transport protocol UDP and knows two roles: the SNMP manager (client) and SNMP agent (server). •...
Page 559: Configuring Snmp
Communications services 5.7 SNMP Configuring SNMP As of CPU firmware version V3.0 and TIA Portal version V18, you can change the following settings for SNMP in the CPU properties: • Activate SNMP (default: deactivated) • Read-only community string (default: "public") • Read-write community string (default: "private") You can find the settings in the "Advanced configuration >...
Page 560 Communications services 5.7 SNMP Activating/deactivating SNMP in the user program In addition to the configuration in the CPU properties, you can also activate or deactivate SNMP in the user program. To do this, transfer a data record 0xB071 to a PROFINET interface of the CPU.
Page 561 Communications services 5.7 SNMP 5.7.2 Activating/deactivating SNMP by data record transfer: Example for a CPU 1516-3 PN/DP Introduction You need to activate the SNMP for a CPU 1516‑3 PN/DP to manage your network infrastructure, CPUs and IO devices with SNMP. The example below shows the 0xB071 data record being transferred to a PROFINET interface for this purpose.
Page 562: Activating/Deactivating Snmp By Data Record Transfer With S7-1500R/H Cpus
Communications services 5.7 SNMP Programming example for the data record transfer in the OB1 The data record 0xB071 is transferred in the following program code: //----------------------------------------- // Start writing SNMP settings //----------------------------------------- IF "ActivateSnmp".snmpWrite THEN IF (NOT "ActivateSnmp".snmpWriteDone) AND (NOT "ActivateSnmp".snmpWriteError) THEN "instWrrec_1"(REQ := "ActivateSnmp".snmpWrite, ID := "Local~PROFINET-Schnittstelle_1", INDEX := 16#B071,...
Page 563 Communications services 5.7 SNMP Hardware IDs for PROFINET interface X1: • The PROFINET interface X1 of the left CPU has the hardware ID 65164 (default name: Local1~PROFINET-interface_1). • The PROFINET interface X1 of the right CPU has the hardware ID 65364 (default name: Local2~PROFINET-interface_1).
Page 564 Communications services 5.7 SNMP Programming examples for the OB72 and OB1 organization blocks Open the OB72 that has been added. With the following program code, determine whether the R/H system has assumed the "Run REDUNDANT" state and set the starting command for the "WRREC"...
Page 565 Communications services 5.7 SNMP Deactivating SNMP again You can use the program code used above, with small changes, to deactivate SNMP. Assign the value "0" to the tag "ActivateSnmp".snmpRecord.snmpControl in the user program: "ActivateSnmp".snmpRecord.snmpControl := 0; The next time the "WRREC" instructions are called, SNMP will be deactivated again. Communication Function Manual, 11/2024, A5E03735815-AM...
Page 566: Pg Communication
PG communication Properties Using PG communication, the CPU or another module capable of communication exchanges data with an engineering station (for example PG, PC). The data exchange is possible via PROFIBUS and PROFINET subnets. The gateway between S7 subnets is also supported. PG communication provides functions needed to load programs and configuration data, run tests, and evaluate diagnostic information.
Page 567 PG communication Figure 4-133 Setting up PG communication 4. Click "Start search". All devices that you can address with PG communication appear shortly thereafter in the table "Compatible devices in target subnet". 5. In the "Compatible devices in target subnet" table, select the relevant CPU and confirm with "Go online".
Page 568: Hmi Communication
HMI communication Properties Using HMI communication, one or more HMI devices (for example HMI Basic/Comfort/Mobile Panel) exchanges data with a CPU for operator control and monitoring with via the PROFINET or PROFIBUS DP interface. The data exchange is via HMI connections. If you want to set up several HMI connections to a CPU, use for example: •...
Page 569 HMI communication 4. In the "Connections" tab, select the row of the HMI connection. In the "General" area of the "Properties" tab, you see the properties of the HMI connection, some of which you can change. Figure 4-134 Setting up HMI communication 5.
Page 570: Open User Communication
Open User Communication Overview of Open User Communication Features of Open User Communication Through Open User Communication, also called "open communication", the CPU exchanges data with another device capable of communication. Open User Communication has the following features and characteristics: •...
Page 571: Protocols For Open User Communication
Open User Communication 8.2 Protocols for Open User Communication Protocols for Open User Communication Protocols for Open User Communication The following protocols are available for open communication: Table 4-20 Transport protocols for open communication Transport protocol Via interface TCP according to RFC 793 PROFINET/Industrial Ethernet ISO-on-TCP according to RFC 1006 (Class 4) PROFINET/Industrial Ethernet...
Page 572 The application example provides a function block with which you can implement the MQTT protocol into the SIMATIC S7-1500. You can find the application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109772284). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 573: Instructions For Open User Communication
Open User Communication 8.3 Instructions for Open User Communication See also SYSLOG (https://support.industry.siemens.com/cs/ww/en/view/51929235) Instructions for Open User Communication Introduction You set up Open User Communication via the corresponding connection (for example, TCP connection) as follows: • By programming in the user programs of the communications partners or •...
Page 574 8.3 Instructions for Open User Communication You can modify the connection parameters in the "connection description DB". This FAQ (https://support.industry.siemens.com/cs/ww/en/view/58875807) describes how to program the TCON instruction to set up a connection for Open User Communication between two S7-1500 CPUs.
Page 575 Open User Communication 8.3 Instructions for Open User Communication The following table shows you the different connections of the Secure Open User Communication and the matching system data types and instructions. Secure OUC connection System data type Instructions Secure TCP connection from an •...
Page 576 • T_DIAG: Check the connection Basic examples for Open User Communication The Siemens Online Support offers you function blocks (FBs) that facilitate the handling of the instructions of the Open User Communication. You can find the function block with corresponding examples on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109747710).
Page 577: Open User Communication With Addressing Via Domain Names
Open User Communication 8.4 Open User Communication with addressing via domain names Open User Communication with addressing via domain names As of firmware version V2.0, S7‑1500 CPUs, ET 200SP CPUs and the CPUs 1513/1516pro‑2 PN support Open User Communication with addressing via Domain Name System (DNS). A DNS client is integrated in the CPU.
Page 578 Open User Communication 8.4 Open User Communication with addressing via domain names Setting up a TCP connection via the domain name of the communication partner For TCP communication via the domain name you need to create a data block with the TCON_QDN system data type yourself, assign parameters and call it directly at the instruction.
Page 579: Setting Up Open User Communication Via Tcp, Iso-On-Tcp, Udp And Iso
Open User Communication 8.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO Addressing a UDP connection via the domain name of the communication partner For S7-1500 CPUs as of firmware version V2.0, you can address the recipient with its fully qualified domain name (FQDN) when sending data via UDP.
Page 580 Open User Communication 8.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO – IPv4 address of the local end point Figure 4-138 Connection parameters for TSEND_C 4. In the drop-down list box of the partner end point, select a connection partner. You can select an unspecified device or a CPU in the project as the communication partner.
Page 581 Open User Communication 8.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO Additional values are determined and entered after the selection or creation of the connection description DB or configured connection. The following is valid for specified connection partners: –...
Page 582 Open User Communication 8.5 Setting up Open User Communication via TCP, ISO-on-TCP, UDP and ISO Changed values are checked immediately for input errors by the connection configuration and entered in the data block for the connection description. NOTE Open User Communication between two communication partners can only work when the program section for the partner end point has been downloaded to the hardware.
Page 583: Setting Up Communication Over Fdl
Additional information The STEP 7 online help describes: • The instructions for open communication • The connection parameters This FAQ (https://support.industry.siemens.com/cs/ww/en/view/109479564) describes how the instructions TSEND_C and TRCV_C behave in the S7-1500. Setting up communication over FDL Requirements • Configuration software: STEP 7 Professional V14 •...
Page 584 Open User Communication 8.6 Setting up communication over FDL 6. Under Interface, select the following interfaces: – Local: PROFIBUS interface of CM 1542‑5 – Specified partner: PROFIBUS interface of CM 1542‑5 7. Under Connection data, select the setting <new>. The figure below shows a fully configured FDL connection in STEP 7. Figure 4-140 Configuring the FDL connection Setting up an FDL connection in the user program For communication via FDL, you need to create the data block of the TCON_FDL system data...
Page 585: Setting Up Communication With Modbus Tcp
Open User Communication 8.7 Setting up communication with Modbus TCP 5. Interconnect the CONNECT parameter of the TCON instruction with the tag of the data type TCON_FDL. In the example below, the CONNECT parameter of the TCON instruction is interconnected with the tag "FDL_Connection"...
Page 586 Open User Communication 8.7 Setting up communication with Modbus TCP 4. Assign the parameters of the MB_CLIENT or MB_SERVER instruction. Observe the following rules: An IPv4 server address must be specified for each MB_CLIENT connection. Each MB_CLIENT or MB_SERVER connection must use a unique instance DB with one of the data structures TCON_IP_v4, TCON_QDN or TCON_Configured.
Page 587: Setting Up Communication Via E-Mail
MB_CLIENT instruction. You can find more information on the MB_UNIT_ID parameter in the STEP 7 online help. Reference • This FAQ (https://support.industry.siemens.com/cs/ww/en/view/94766380) describes how to program and configure the Modbus TCP communication between two S7-1500 CPUs. • This FAQ (https://support.industry.siemens.com/cs/ww/en/view/102020340) describes how to program and configure Modbus TCP communication between an S7-1500 CPU and an S7-1200 CPU.
Page 588: Setting Up Communication Via Ftp
Open User Communication 8.9 Setting up communication via FTP 4. Set the connecting parameters of the TCP connection in the variable in the "Start value" column. Enter the IPv4 address of the mail server, for example, for the "MailServerAddress" (for TMAIL_v4) NOTE Connection parameter Interface ID Note that you can enter the value "0"...
Page 589 Open User Communication 8.9 Setting up communication via FTP Procedure for setting up FTP server functionality Requirement: The FTP server can be reached via the IPv4 network. 1. Configure an S7‑1500 automation system with CPU and CP 1543‑1 in the device view of the Devices &...
Page 590: Application Examples
Application examples • Application example: FTP communication with S7-1500 and CP 1543-1 You can find the application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/103550797). • Application example: FTP client communication with S7-1200/1500 You can find the application example on the Internet (https://support.industry.siemens.com/cs/ww/en/view/81367009).
Page 591 Open User Communication 8.10 Establishment and termination of communications relations Setting up the connection Establishing communication Terminating communication By configuring a connection After downloading the connection configura By deleting the connection configuration in tion and the user program to the CPUs. STEP 7 and downloading the changed config...
Page 592: S7 Communication
S7 communication Characteristics of S7 communication S7 communication as homogeneous SIMATIC communication is characterized by vendor- specific communication between SIMATIC CPUs (not an open standard). S7 communication is used for migration and for connecting to existing systems (S7‑300, S7‑400). For data transfer between two S7‑1500 automation systems, we recommend that you use open communication (see section Open User Communication (Page 127)).
Page 593 You must also enable this service for protection in the CPU configuration in the "Protection" area. This FAQ (https://support.industry.siemens.com/cs/ww/en/view/82212115) provides information about how to configure and program an S7 instruction and the GET and PUT communication instructions for data exchange between two S7-1500 CPUs.
Page 594 S7 communication S7 communication via PROFIBUS DP interface in slave mode You can find the "Test, commissioning, routing" check box in STEP 7 in the properties of the PROFIBUS DP interface of communications modules (e.g. CM 1542‑5). Using this check box, you decide whether the PROFIBUS DP interface of the DP slave is an active or passive device on PROFIBUS.
Page 595 S7 communication – IPv4 address of the local end point Figure 4-147 Connection configuration for PUT instruction 4. In the drop-down list box of the partner end point, select a connection partner. You can select an unspecified device or a CPU in the project as the communication partner. The following parameters are automatically entered as soon as you have selected the connection partner: –...
Page 596 S7 communication Configuring S7 connections for e.g. BSEND/BRCV If you want to use the instructions for BSEND/BRCV for S7 communication, for example, you first need to configure an S7 connection. To configure a S7 connection, follow these steps: 1. Configure the communications partners in the network view of the Devices & networks editor of STEP 7.
Page 597 S7 communication S7 communication via CP 1543‑1 If you set up S7 communication via the Industrial Ethernet interface of the CP 1543‑1, you can select the transport protocol for data transfer in the properties of the S7 connection under "General": • "TCP/IP" check box selected (default): ISO‑on‑TCP (RFC 1006): for S7 communication between S7‑1500 CPUs •...
Page 598 S7 communication 5. Using drag-and-drop in our example, connect PLC_1 in the left S7 subnet (PROFIBUS) to PLC_3 in the right S7 subnet (PROFINET). The S7 connection between CPU 1 and CPU 3 is configured. Figure 4-149 S7 connections via different subnets ET 200SP Open Controller as router for S7 connections If you assign the "PROFINET onboard [X2]"...
Page 599 S7 communication Additional information You can find detailed information on configuring S7 connections and how to use the instructions for S7 communication in the user program in the STEP 7 online help. Communication Function Manual, 11/2024, A5E03735815-AM...
Page 600: Point-To-Point Link
Point-to-point link Functionality A point-to-point connection for S7‑1500, ET 200MP and ET 200SP is established via communications modules (CMs) with serial interfaces (RS232, RS422 or RS485): • S7‑1500/ET 200MP: – CM PtP RS232 BA – CM PtP RS422/485 BA – CM PtP RS232 HF – CM PtP RS422/485 HF • ET 200SP: – CM PtP The bidirectional data exchange via a point-to-point connection works between communications modules or third-party systems or devices capable of communication.
Page 601 Point-to-point link Properties of procedure 3964 (R) • When the data is sent, control characters are added (start, end and block check characters). Make sure that these control characters are not included as data in the frame. • Connection establishment and termination makes use of control characters. •...
Page 602 Point-to-point link Instructions for Freeport communication There are 3 instructions available for the dynamic configuration in the user program for Freeport communication. The following applies to all 3 instructions: the previously valid configuration data is overwritten but not stored permanently in the target system. •...
Page 603 Point-to-point link Procedure for setting up USS communication 1. Configure an S7‑1500 configuration with CPU and CM in the device view of the hardware and network editor of STEP 7. 2. In the Project tree, select the "Program blocks" folder and open OB1 in the folder by double-clicking on it.
Page 604 CM PtP communication mod ule - Configurations for point-to-point connections (https://support.industry.siemens.com/cs/us/en/view/59057093). • You can find a description of how to use the instructions for point-to-point connections in the user program in the STEP 7 online help.
Page 605: Opc Ua Communication
OPC UA topic page For an overview of the most important articles and links on the subject of OPC UA, refer to the SIEMENS Industry Online Support. OPC UA topic page (https://support.industry.siemens.com/cs/ww/en/view/109770435) Communication...
Page 606: General Features Of Opc Ua
OPC UA communication 11.1 What you need to know about OPC UA 11.1.2 General features of OPC UA OPC UA and PROFINET OPC UA and PROFINET can be used together. The two protocols use the same network infrastructure. Independence from the operating system The OPC UA standard is platform-independent and uses an optimized TCP-based binary protocol for high-performance applications.
Page 607 OPC UA communication 11.1 What you need to know about OPC UA Implementation in different programming languages The OPC Foundation has implemented the OPC UA standard in several programming languages: Stacks for .NET, ANSI C and Java are available, although maintenance has been discontinued for the stacks for ANSI C and Java.
Page 608 OPC UA communication 11.1 What you need to know about OPC UA Micro Embedded Device 2017 Server Profile This profile provides limited functionality; it requires at least two parallel connections. Additionally, it allows subscriptions/data monitoring, but no UA Security and no method calls. •...
Page 609: Opc Ua For S7-1200/S7-1500 Cpus
OPC UA communication 11.1 What you need to know about OPC UA Integrated security mechanisms OPC UA uses security mechanisms at various levels: • A secure connection can only be established between an OPC UA server and an OPC UA client if the client and server can register with X.509-v3 certificates and accept each other's certificates (security at the application level).
Page 610 OPC UA communication 11.1 What you need to know about OPC UA OPC UA server of the S7-1200 CPU As of firmware V4.4, an S7-1200 CPU is equipped with an OPC UA server. The OPC UA server is generally configured as it is for an S7-1500 CPU; the scope of functions and the quantity limits are limited according to the supported "Micro Embedded Device 2017 Server Profile".
Page 611: Access To Opc Ua Applications
11.1 What you need to know about OPC UA Application example in Industry online support Siemens Industry Online Support provides a free application example with a client API for various applications. You use the functions of this interface to create your own OPC UA clients that match your application.
Page 612 OPC UA communication 11.1 What you need to know about OPC UA Principle: Interface for access via communications module For a CPU application, such as OPC UA, to be accessed via CP interface, you must configure a virtual interface (W1). IP-based applications can then be accessed via the IP address parameters of this virtual interface.
Page 613 OPC UA communication 11.1 What you need to know about OPC UA Example: Access of OPC UA clients to the OPC UA server of the CPU For access of an OPC UA client to the OPC UA server of the CPU, the following interfaces of the S7-1500 station are available: •...
Page 614 OPC UA communication 11.1 What you need to know about OPC UA Example: Access of OPC UA clients to OPC UA servers via S7-1500 CPU with activated IP Forwarding OPC UA client and OPC UA server can also be connected to one another via an S7-1500 CPU, in which case the S7-1500 CPU operates as an IP Forwarder.
Page 615: Addressing Nodes
It is therefore necessary for an OPC UA client to request the current index of the namespace (e.g. "http://www.siemens.com/simatic-s7-opcua") from the server before reading or writing its values.
Page 616 OPC UA communication 11.1 What you need to know about OPC UA The following example reads the "MyDB" array data block completely. This data block contains an array with ten integer values. All ten values should be read in one pass. Therefore, "0:9" is entered at the array range.
Page 617 OPC UA communication 11.1 What you need to know about OPC UA PLC tags in the address space of the OPC UA server The figure below shows where the PLC tags in the example are located in the address space of the OPC UA server (excerpt from UA client): The "MyDB"...
Page 618: Namespace Overview For The Opc Ua Server Of The S7-1200/1500 Cpus
Namespace for node IDs and BrowseNames of the OPC UA spe cification for devices (OPC 10000-100). Example 2:DeviceRevision http://www.siemens.com/simatic- Namespace for node IDs and s7-opcua BrowseNames that are defined product-specifically for an S7-1200/S7-1500 CPU. In this namespace instances (CPU, tags, DBs, etc.) as well as their types...
Page 619: What You Need To Know About Opc Ua Clients
OPC UA communication 11.1 What you need to know about OPC UA Namespace URI Namespace index Description URIs of additional namespaces for > 3 Not specified. Can, for example, further instances and types be defined with SiOME. Examples Examples http://machinesupplier.org/imple 4:MyPackMLMachineInstance mentedPackML 5:PackMLBaseObjectType...
Page 620 OPC UA communication 11.1 What you need to know about OPC UA Reading data from the server and writing to the server You now know the namespace, identifier and data type of PLC tags. This means that you can now specifically read individual PLC tags and DB components as well as complete arrays and structures.
Page 621 OPC UA communication 11.1 What you need to know about OPC UA Subscription The term "Subscription" is used for a function in which only those tags for which an OPC UA client has registered at the OPC UA server are transferred. The OPC UA server only sends a message to the OPC UA client for these registered tags (monitored Items) when a value has changed.
Page 622: Security At Opc Ua
OPC UA communication 11.2 Security at OPC UA In this example, the length of the queue is set to "1": Only one value is read from the CPU at an interval of 50 milliseconds and subsequently sent to the OPC UA client when the value has changed.
Page 623 OPC UA communication 11.2 Security at OPC UA When STEP 7 compiles your project it also checks whether you have considered the setting options for the protection and warns you of possible risks. This also includes an OPC UA security policy with the setting "no security", which corresponds to the end point "None". NOTE Disabling security policies you do not want If you have enabled all security policies in the secure channel settings of the S7-1500 OPC UA...
Page 624: Man-In-The-Middle Attacks
OPC UA communication 11.2 Security at OPC UA 11.2.2 Certificates pursuant to ITU X.509 Security mechanisms are integrated in several layers in OPC UA. Digital certificates have an important role here. An OPC UA client can only establish a secure connection to an OPC UA server when the server accepts the digital certificate of the client and classifies it as trusted.
Page 625 OPC UA communication 11.2 Security at OPC UA Check during connection establishment When a connection is being established between the client and server, the devices check all information from the certificate that is required to determine its integrity, such as signature, period of validity, application name (URN) and, in case of firmware version V2.5 only, also the IP address of the client in the client certificate.
Page 626 OPC UA communication 11.2 Security at OPC UA Useful information: Certificate types • Self-signed certificate: Each device generates and signs its own certificate. Application examples: Static configuration with limited number of communication nodes. No new certificates can be derived from a self-signed certificate. However, you need to load all self-signed certificates from partner devices to the CPU (STOP required).
Page 627: Certificates With Opc Ua
(private and public key). More information An application example for the use of certificates with the TIA Portal can be found here: Using certificates with TIA Portal (https://support.industry.siemens.com/cs/ww/en/view/109769068). 11.2.3 Certificates with OPC UA Usage of X509 certificates with OPC UA OPC UA uses various types of X.509 certificates for establishing a connection from client to...
Page 628: Creating Self-Signed Certificates
Example client from the online support The OPC UA .NET client for the SIMATIC S7-1500 OPC UA server (https://support.industry.siemens.com/cs/ww/en/view/109737901) creates a self-signed software certificate of the client application in the Windows Certificate Store during the first program start. The documentation for this example describes the procedure for handling these certificates.
Page 629: Generating Pki Key Pairs And Certificates Yourself
OPC UA communication 11.2 Security at OPC UA More information For more information on handling client certificates, refer to the section Handling of the client certificates of the S7-1500 CPU (Page 355). 11.2.5 Generating PKI key pairs and certificates yourself This section is only relevant if you want to use an OPC UA client that cannot itself create a PKI key pair and a client certificate.
Page 630 OPC UA communication 11.2 Security at OPC UA 8. Generate a CSR (Certificate Signing Request). To do this, enter the following command: "req -new -key myKey.key -out myRequest.csr". During execution of this command, OpenSSL queries information about your certificate: – Country name: for example "DE" for Germany, "FR" for France –...
Page 631 OPC UA communication 11.2 Security at OPC UA Signing the certificate yourself Enter the following command so that you can generate and sign your certificate (self-signed certificate) yourself: "x509 -req -days 365 -in myRequest.csr -signkey myKey.key -out myCertificate.crt". The figure below shows the command line with the command and OpenSSL: The command generates an X.509 certificate with the attributes that you transfer with the CSR (in the example "myRequest.csr"), for example with a validity of one year (-days 365).
Page 632: Secure Transfer Of Messages
OPC UA communication 11.2 Security at OPC UA 11.2.6 Secure transfer of messages Establishing secure connections with OPC UA OPC UA uses secure connections between client and server. OPC UA checks the identity of the communication partners. OPC UA uses certificates in accordance with X.509-V3 from the ITU (International Telecommunication Union) for client and server authentication.
Page 633 OPC UA communication 11.2 Security at OPC UA Layers required The figure below shows the three layers that are always required for establishing a connection: the transport layer, the secure channel and the session. Figure 4-156 Necessary layers: transport layer, secure channel and session •...
Page 634 OPC UA communication 11.2 Security at OPC UA Establishing the secure channel The secure channel is established as follows: 1. The server starts establishing the secure channel when it receives a request to this effect from the client. This request is signed or signed and encrypted, or the message is sent in plain text (security mode of the selected server end point).
Page 635: Certificate Management Via Global Discovery Server (Gds)
OPC UA communication 11.2 Security at OPC UA 11.2.7 Certificate management via Global Discovery Server (GDS) 11.2.7.1 Automated certificate management with GDS As of TIA Portal V17 and S7-1500 CPU firmware version V2.9, you can use the certificate management services of the OPC UA server to transfer OPC UA server certificates during runtime.
Page 636 OPC UA communication 11.2 Security at OPC UA The main application of GDS is the management of CA-signed certificates with the corresponding CRLs: • Initial creation of an OPC UA application certificate, for example, for the OPC UA server or for the web server •...
Page 637 OPC UA communication 11.2 Security at OPC UA System configuration with GDS The figure below shows an example of the tasks of the devices involved in combination with a GDS that provides certificate management functions. ① Root CA - device that issues certificates for the system (these certificates can also be transmit ted in other ways, for example, by email) ②...
Page 638: Configuration Limits For Push Function
OPC UA communication 11.2 Security at OPC UA It is not possible to use both transmission paths in parallel. If, for example, you have opted for transfer of OPC UA server certificates with GDS push functions at runtime, you must also transmit all the other certificate types to the CPU via this route.
Page 639: Setting And Loading Gds Parameters
OPC UA communication 11.2 Security at OPC UA Example You want to grant access to the OPC UA server for up to 62 OPC UA clients and fill the trusted list accordingly. When you add a Certificate Revocation List entry in the trusted list, you can only trust up to 61 client certificates.
Page 640 OPC UA communication 11.2 Security at OPC UA • An authenticated user with sufficient function rights is configured The user must have a role that has the "Manage certificates" function right. This function right, in turn, has the following requirements: –...
Page 641: Gds Commissioning
OPC UA communication 11.2 Security at OPC UA Enabling the diagnostics for the lapsing of certificates If you wish to be informed in advance about the lapsing of a certificate, select the "Enable system diagnostics event for the certificate lapsing" option in the area "Protection & Security > Certificate management".
Page 642 OPC UA communication 11.2 Security at OPC UA During the runtime phase, the existing CRLs are updated, for example, and the certificates and trust lists are renewed. Communication is secure in this phase. Requirement Only authorized users with sufficient function rights can set up a connection in the provisioning phase.
Page 643 OPC UA communication 11.2 Security at OPC UA Sequence of the provisioning phase The following provides an outline of the process of the provisioning phase for OPC UA server certificates and trust lists. The process of the provisioning phase for web server certificates is comparable. In contrast to OPC UA, the GDS client only pushes web server certificates but not trust lists into the corresponding certificate store.
Page 644 OPC UA communication 11.2 Security at OPC UA Entering the provisioning phase After startup of the OPC UA server, the CPU automatically enters the provisioning phase when one of the following conditions is met: • The OPC UA server certificate is the initial self-signed certificate generated by the CPU and has not yet been replaced by a valid server certificate.
Page 645 OPC UA communication 11.2 Security at OPC UA Request of a valid server certificate As of TIA Portal version V18 / S7-1500 CPU version V3.0, in addition to OPC UA server certificates, certificates for other services can also be transferred to the CPU, for example, for the web server.
Page 646: Address Model For The Push Certificate Management
OPC UA communication 11.2 Security at OPC UA Because the share of the set communication load is fully utilized during key generation over a longer period of time, set the "Cycle load due to communication" share so that the maximum cycle time is not exceeded and sufficient reserves are available.
Page 647 OPC UA communication 11.2 Security at OPC UA Address model for the GDS push functionality The address model for the GDS push functionality corresponds to the "Information Model for Push Certificate Management" of the OPC UA specification OPC 10000-12: Discovery, Global Services.
Page 648 OPC UA communication 11.2 Security at OPC UA Method / Attribute (Variable) Description MaxTrustListSize Variable that specifies the maximum size of the trust list. MulticastDnsEnabled Variable that specifies whether multicast DNS is supported. For S7-1500 CPUs, the value is "False". CertificateGroups Object (folder) that organizes all certificate groups supported by the OPC UA server.
Page 649 OPC UA communication 11.2 Security at OPC UA UpdateCertificate Applications: • Generation of certificate with CreateSigningRequest. No private key is available. • New private key and new certificate were generated outside of the server. Both are updated with UpdateCertificate. • Certificate generated and signed with the private key of the existing certificate. No private key is available.
Page 650: Apply Changes
OPC UA communication 11.2 Security at OPC UA Apply Changes The method has no parameters. Method Result Codes Result Code Description Bad_UserAccessDenied The current user does not have the required func tion rights. GetRejectedList The method has the following parameters: Parameter Data type Description...
Page 651: Certificategroups In The Address Model
OPC UA communication 11.2 Security at OPC UA 11.2.7.6 CertificateGroups in the address model Certificates and trust lists for services or applications of the CPU (for example, OPC UA servers) that can be updated during runtime are located in the address model in the "CertificateGroups"...
Page 652 OPC UA communication 11.2 Security at OPC UA "TrustList" node The node for the trust list object (TrustList file) defines an OPC UA file type (Binary encoded stream) that contains information on the certificates and CRLs that can be read and updated in the "pki store\trusted\issuer"...
Page 653: Role-Based Security In Opc Ua
OPC UA communication 11.2 Security at OPC UA Description of the methods The description of the methods with their result codes, attributes and types of the TrustList object is available in the OPC UA specification Part 12, Discovery and Global Services. 11.2.8 Role-based security in OPC UA 11.2.8.1...
Page 654 OPC UA communication 11.2 Security at OPC UA Relationship between roles/permissions for OPC UA and roles/function rights for users and roles The users that you define as part of the local or central user management in the security settings of the project (users and roles) are taken into account for the access control of the OPC UA server as follows: only users with the "OPC UA server access"...
Page 655 OPC UA communication 11.2 Security at OPC UA Roles and permissions for OPC UA In the editor for users and roles, you can create a role that is then available for the further configuration of server interfaces. Assigning roles and OPC UA permissions is possible for elements of server interfaces (variables, methods) and for complete namespaces (i.e.
Page 656 You can easily add these roles as standard OPC UA roles in the TIA Portal. More information You can find the latest information on configuring the role-based security for S7-1500 CPUs in the product information (https://support.industry.siemens.com/cs/ww/en/view/68052815). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 657: Using The S7-1500 As An Opc Ua Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3 Using the S7-1500 as an OPC UA server 11.3.1 Interesting information about the OPC UA server of the S7-1500 CPUs 11.3.1.1 The OPC UA server of the S7-1500 CPUs The S7‑1500 CPUs as of firmware V2.0 are equipped with an OPC UA server.
Page 658 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Node classes OPC UA servers provide information in the form of nodes. A node can be, for example, an object, a tag, a method or a property. The example below shows the address space of the OPC UA server of an S7-1500 CPU (extract from the OPC UA client "UaExpert"...
Page 659: End Points Of The Opc Ua Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.1.2 End points of the OPC UA server The end points of the OPC UA server define the security level for a connection. Depending on the purpose of use or desired security level, you have to carry out the corresponding settings for the connection at the end point.
Page 660 OPC UA. This requires .NET Framework 4.0; see TIA Portal Openness, Automating SIMATIC projects with scripts (https://support.industry.siemens.com/cs/ww/en/view/109477163). • If you already know the syntax and the PLC program, you can access the OPC UA server without first researching the information.
Page 661: Mapping Of Data Types
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.1.3 Mapping of data types SIMATIC and OPC UA data types SIMATIC data types do not always correspond with OPC UA data types. S7-1500 CPUs provide SIMATIC tags (with SIMATIC data types) to their own OPC UA server as OPC UA data types.
Page 662 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server SIMATIC data type OPC UA data type DATE DATE → UInt16 TIME_OF_DAY (TOD) → UInt32 LTIME_OF_DAY (LTOD) LTOD → UInt64 DATE_AND_TIME (DT) → Byte[8] DateTime mapped as structure Special note: You can only describe the structure completely with an OPC UA client.
Page 663: Additional Information
More details on mapping of basic data types, arrays and structures can be found in the OPC UA Specification Part 6, "Mappings" (see OPC UA BINARY there). What must be considered with arrays and data types DTL and LDT in the OPC UA server of a SIMATIC S7-1500? FAQ (https://support.industry.siemens.com/cs/ww/en/view/109766726) Communication Function Manual, 11/2024, A5E03735815-AM...
Page 664: Runtime Behavior Of The Opc Ua Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.1.4 Runtime behavior of the OPC UA server OPC UA server in operation The OPC UA server of the S7-1500 CPU starts when you activate the server and download the project to the CPU.
Page 665 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server As of FW version V2.8, the behavior of the OPC UA server has been optimized as follows: • When objects are downloaded in STOP operating state of the CPU, the OPC UA server still always stops and then restarts.
Page 666: Accessing Opc Ua Server Data
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.2 Accessing OPC UA server data 11.3.2.1 Client accesses and local accesses to the OPC UA server An OPC UA server provides a lot of information for OPC UA clients within a network. The following section describes options for making CPU tags (PLC tags and DB elements) available in the address space of your own OPC UA server.
Page 667 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Here, an S7‑1500 CPU as client writes values to an OPC UA tag of the OPC UA server. The mapping between CPU variable and OPC UA tag makes it look as though the OPC UA client writes a value directly into the CPU variable.
Page 668 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server time when the value was "collected" in the server, such as by a read service or by sampling in the context of a subscription. If you write DataValue directly with "OPC_UA_WriteList" to an OPC UA tag node, for example, you can provide a time stamp determined in the program as the SourceTimestamp for the value.
Page 669 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Figure 4-165 Client reads data value (OPC UA tag of the server of the S7-1500 CPU) Other application options If OPC UA clients log on with an S7-1500 CPU for value changes (monitored items) in the context of a subscription and you supply the corresponding DataValue with both the value and the additional information mentioned above, then changes to the additional information can also trigger a notification.
Page 670: Managing Write And Read Rights
OPC UA tags involved in the same "OPC_UA_WriteList" call. More information An application example (https://support.industry.siemens.com/cs/us/en/view/109820694) is provided to assist you on the topic of "Setting OPC UA DataValue attributes". You can find information on how to coordinate read and write permissions for CPU‑tags in the Coordinating read and write permissions for CPU tags (Page 230) section.
Page 671 Visible in HMI engineering The option "Visible in HMI Engineering" applies to Siemens engineering tools. If you disable the option "Visible in HMI Engineering" (check mark not set), you can no longer configure the tag in WinCC (TIA Portal).
Page 672: Managing Write And Read Rights For A Complete Db
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server More information For information on how to coordinate write and read rights for CPU tags, refer to the section Coordinating write and read rights for CPU tags (Page 230). 11.3.2.3 Managing write and read rights for a complete DB Hiding DBs or DB contents for OPC UA clients...
Page 673: Coordinating Write And Read Rights For Cpu Tags
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Tip: Using the overview of all program blocks If you are using multiple data blocks, it is appropriate to use the detailed overview of the "Program blocks" folder for selective activation or deactivation of the OPC UA accessibility. Follow these steps: 1.
Page 674: Access Table
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Interaction between write and read rights If you have imported an OPC UA server interface and AccessLevel attributes are set in this OPC UA XML file, the write and read rights are defined by the following rule: The least extensive access rights for each setting apply.
Page 675: Consistency Of Cpu Tags
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server (x = don't care) 11.3.2.5 Consistency of CPU tags "AccessLevelEx" attribute extends access properties As of firmware version V2.6, the OPC UA server of the S7-1500 CPU supports not only the attribute "AccessLevel"...
Page 676 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Handling of the attribute in the server The "AccessLevelEx" attribute is only available in the OPC UA server. The attribute is not present in a node set file (XML export file). However, the attribute "AccessLevel", which is exported, includes the information from "AccessLevelEx", see next section.
Page 677: Write Accesses To Opc Ua Variables From S7-1500 Motion Control
"Good" is output, but the variable is not changed. Which values are valid for variables of the technology objects can be looked up in the docu mentation of the technology objects (https://support.industry.siemens.com/cs/ww/en/view/109751049). 11.3.2.7 Accessing OPC UA server data High performance in line with application OPC UA is designed for the transfer of a high volume of data within a short period of time.
Page 678: Minimumsamplinginterval Attribute
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Procedure for creating an array DB You can create arrays for example in global data blocks, in the instance data block of a function block or as an array DB . The following sections describe how to create an Array-DB. To create a data block with an array (array data block), follow these steps: 1.
Page 679: Export Opc Ua Xml File
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.2.9 Export OPC UA XML file Generating an OPC UA export file The OPC Foundation has specified a standard XML-based format for describing information models. It allows the information model of an OPC UA server to be provided to a client in advance, or information models can be downloaded to an OPC UA server.
Page 680: Configuring The Opc Ua Server
"OPC UA server access" function right. Information on the assignment of the "OPC UA server access" function right can be found in the Siemens Industry Online Support under the following entry ID: SIOS Entry ID 109954947 (https://support.industry.siemens.com/cs/us/en/view/109954947) Commissioning an OPC UA server...
Page 681: Application Name
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Settings remain stored If you have already enabled the server and made settings, those settings are not lost if the server is disabled. The settings are saved as before and are available when you enable the server again.
Page 682: Access To The Opc Ua Server
Internal and external OPC UA connection via the virtual Ethernet interface of the software controller V2.5 or higher (https://support.industry.siemens.com/cs/ww/en/view/109760541). Example for URLs (Uniform Resource Locator) that can be used to set up connections to the OPC UA server of the CPU: Figure 4-171 Display of the server addresses...
Page 683: Dynamic Ip Addresses
If the "Enable standard SIMATIC server interface" option is selected, the OPC UA server of the CPU provides the enabled PLC tags and server methods to the clients, as was specified by SIEMENS in the self-defined namespace. This option is selected in the default setting.
Page 684: General Settings Of The Opc Ua Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.3.3 General settings of the OPC UA server TCP port for OPC UA By default, OPC UA uses TCP port 4840. You can, however, select a different port. Entries from 1024 to 49151 are possible.
Page 685: Additional Information
Details on which ports are used by the various services for data transfer via TCP and UDP, and what are the points to note when using routers and firewalls can be found in the FAQ (https://support.industry.siemens.com/cs/ww/en/view/8970169). Backward compatible data type definitions according to OPC UA specification ≤ V1.03 The OPC UA specification (<= V1.03) defines mechanisms in order to read out data type...
Page 686: Settings Of The Server For Subscriptions
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.3.4 Settings of the server for subscriptions Subscription instead of cyclic queries An alternative to cyclic queries for a PLC tag (polling) is to monitor this value. Use a Subscription: The server informs the client if the value of PLC tags changes.
Page 687 For information on causes and remedies for status codes of OPC UA client that appear, see the list of error codes in the online help of STEP 7 (TIA Portal) or in the following FAQ (https://support.industry.siemens.com/cs/ww/en/view/109755860). The rules for subscriptions are available in section Rules for subscriptions (Page 364).
Page 688: Using The Transfersubscription Service
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.3.5 Using the TransferSubscription service Useful information on transferring subscriptions The OPC UA specification provides that OPC UA clients may transfer a subscription with its monitored items from one session to another session (see OPC 10000-4: UA Part 4: Services – in particular, "TransferSubscriptions'' section).
Page 689: Handling Client And Server Certificates
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Requirement A configuration for the S7-1500 OPC UA server is not required; the "TransferSubscription" service is provided on request of an OPC UA client. All S7-1500 CPUs as of firmware V3.1.4 support the transfer of subscriptions. Additional requirements: •...
Page 690 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The client user decides whether the server certificate is to be trusted. The user at the client side now has to decide whether the server certificate is to be trusted. If the user trusts the server certificate, the client stores the server certificate in its directory containing the trusted server certificates.
Page 691 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server certificates with tools, for example with OpenSSL or the certificate generator of the OPC Foundation: • The procedure for OpenSSL is described here: "Generating PKI key pairs and certificates yourself".
Page 692 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 16. Compile the project. 17. Load the configuration onto the S7-1500 CPU. Result: The server now trusts the client. If the server certificate is also considered trusted, the server and client can establish a secure connection.
Page 693 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server By default, a server certificate is created that uses SHA256 signing. The following security policies are enabled: • None Unsecured end point NOTE Disabling security policies you do not want If you have enabled all security policies in the secure channel settings of the S7-1500 OPC UA server (default setting) –...
Page 694 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server • Aes256_Sha256_RsaPss - Sign Secure endpoint, supports a range of algorithms for 256-bit encryption and 256-bit hashing. All certificates must use at least Sha256 signatures. This endpoint protects the integrity of the data by signing it.
Page 695: Generating Server Certificates With Step 7
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.3.7 Generating server certificates with STEP 7 The description below shows the procedure for generating new certificates with STEP 7 and applies in principle to various uses of the certificates. STEP 7 sets the appropriate purpose - in this case "OPC UA Client &...
Page 696 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Explanation of fields for certificate generation • CA Select whether the certificate is to be self-signed or signed by one of the CA certificates of the TIA Portal. The certificates are described under "Certificates with OPC UA". If you want to generate a certificate that is to be signed by one of the CA certificates of the TIA-Portal, the project must be protected and you must be logged in as a user with all the required function rights.
Page 697: User Authentication
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The following entry would also be valid: "IP: 192.168.178.151, IP: 192.168.1.1". The important thing here is that the IP addresses via which the OPC UA server of the CPU can be accessed are entered here. See "Access to the OPC UA server (Page 239)".
Page 698: Users And Roles With Opc Ua Function Rights
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server • Additional user administration via the security settings of the project For CPUs up to firmware version V3.0, the "Enable additional user management via project security settings" option is available. You can find this setting under the general OPC UA settings (CPU properties: OPC UA >...
Page 699 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Settings in the project tree > "Security settings" You access the central user settings and roles in the protected project in the project tree under "Security settings". This is where you centrally define users with user name, password and function rights.
Page 700 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 3. You will find the following function rights in the "Function rights" section: – OPC UA server access This function right applies on the OPC UA server of the S7-1500 CPU. Only when this option is selected, can the user with the role "PLC-opcua-role-all-inclusive"...
Page 701: Diagnostic Settings Of The Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.3.10 Diagnostic settings of the server Diagnostics You can specify the scope of the diagnostics of the OPC UA server in the CPU settings. To change the diagnostics scope, navigate to the "OPC UA > Server > Diagnostics" area. Figure 4-182 Diagnostic settings of OPC UA server Default setting The default setting is a diagnostics behavior that supports the most important diagnostics...
Page 702: Opc Ua Server Interface Configuration
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The required license type is displayed under "Properties > General > Runtime licenses > OPC-UA > Type of required license": Figure 4-183 OPC UA server Runtime licenses To confirm purchase of the required license, follow these steps: 1.
Page 703 11.3 Using the S7-1500 as an OPC UA server Additional information on SiOME is available here (https://support.industry.siemens.com/cs/ww/en/view/109755133). – When companion specifications refer to type definitions in dependent specifications, use the reference namespaces for this. You import reference namespaces as you would the actual companion specifications.
Page 704: Using Opc Ua Companion Specifications
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Example of user-defined server interface A CPU should control the production of workpieces. Production begins when a production job arrives from the higher-level control system. The production jobs are transferred via a server method: A control system transmits information on a workpiece by calling the server method in the CPU.
Page 705 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The following section uses the example of Euromap 77 to detail how to apply companion specifications in STEP 7 (TIA Portal) and create the necessary PLC tags. NOTE EUROMAP and the OPC Foundation have established the Joint Working Group "OPC UA Plastics and Rubber Machinery".
Page 706 Step 1: Create instances in SiOME The following section describes how to use the free program "SiOME", the "Siemens OPC UA Modeling Editor". With SiOME, you can create an OPC UA XML file, which describes the server interface (an information model).
Page 707 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The following description shows the work steps in SiOME 1.7.3. To use Euromap 77, create an XML file with an instance of "IMM_MES_InterfaceType". The object type must be instantiated in order for the information model of the specific machine to appear in the address space of the OPC UA server.
Page 708 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 9. Enter the name of a new namespace. The "YourCompany.org" namespace is used in the example. SiOME now also displays the new namespace: Figure 4-185 Display of the namespace in SiOME 10.
Page 709 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 16. Save the XML file. To do so, click the "Quick save" button in the "Information model" area: Figure 4-187 "Quick save" button in SiOME 17. Export the XML file. To do so, click the "Export XML"...
Page 710: Creating A Server Interface For Companion Specification
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Result In your STEP 7 project, you have created a tag for the Euromap 77 in the "IMM_Manufacturer_01234" data block. 11.3.4.3 Creating a server interface for companion specification For basic information on companion specifications, refer to the section "Using OPC UA companion specifications (Page 261)".
Page 711 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 6. In the "Import XML file" field, select an XML file that describes an information model. The "Using OPC UA companion specifications (Page 261)" section describes how to create such an XML file with the SiOME tool. The figure below shows a section from the information model: "IMM_MANUFACTURER_0123456"...
Page 712 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server NOTICE Checking the mapping of CPU local data on nodes of the OPC UA server interface When invalid assignments (mappings) exist in the server interface, they can result in incorrect read and write operations.
Page 713 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server • Data type The SIMATIC data type of the PLC tag (e.g. element of a data block) in the CPU, from which the value of an OPC UA node (UAVariable type) is read, or to which a value is assigned.
Page 714: Creating A User-Defined Server Interface
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Export interface You have the option of exporting the OPC UA server interface as an XML file. This XML file contains all data type definitions referenced by the server interface. To export the OPC UA server interface, click on the following icon in the toolbar of the OPC UA server interface editor: Figure 4-192 "Export interface"...
Page 715 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 6. Click on the triangle in front of "Program blocks" in the area "OPC UA elements" to open the "Program blocks" folder. STEP 7 displays the following table for editing: Figure 4-194 Editing the server interface The editor is divided into two areas.
Page 716 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server NOTICE Checking the mapping of CPU local data on nodes of the OPC UA server interface When invalid assignments (mappings) exist in the server interface, they can result in incorrect read and write operations.
Page 717 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Once a server interface has been defined, you can drag it to another CPU in the project tree. Figure 4-197 Disabling the visibility of the server interface Information on the server interface The "OPC UA Server Interface"...
Page 718 Type of the OPC UA node, for example BOOL, BYTE, INT. These node types were defined by Siemens, not by the OPC Foundation. For example, the OPC Foundation uses the Boolean node type for BOOL. BOOL is directly derived from Boolean.
Page 719: Consistency Check
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Consistency check You have the option to check the consistency of the server interface. During the consistency check, STEP 7 checks whether the OPC UA nodes of the server interface are each assigned to a suitable OPC UA element (identical data type) or whether the used element still exists in the CPU.
Page 720: Data Types For Companion Specifications
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.4.5 Data types for companion specifications Mapping of data types The table below shows the compatible SIMATIC data type for each OPC UA data type. Assign the data types as shown below (SIMATIC data type - OPC UA data type). Other assignments are not permitted.
Page 721: Localizedtext And Bytestring Data Types
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The figure shows an example of the declaration: When Selector = 1, Union takes a ByteArray; when Selector = 2, Union takes a WString. 11.3.4.6 LocalizedText and ByteString data types As of TIA Portal version V17 and S7-1500 CPU firmware version V2.9, the two OPC UA Built-in data types "LocalizedText"...
Page 722 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Procedure You will learn how to create a node of the type "LocalizedText" or "ByteString" with the interface editor and then have a SIMATIC data structure created automatically for this node in the paragraphs below.
Page 723: Using Additional Opc Ua Data Types For Companion Specifications
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.4.7 Using additional OPC UA data types for companion specifications Apart from the OPC UA data types listed in the section "Mapping of data types" and their correspondences on the SIMATIC side, there are the following OPC UA basic data types which you can also use: •...
Page 724 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Parameter S7 data type Meaning IdentifierType UDINT Type of identifier • 0: Numeric identifier • 1: String identifier • 2: GUID • 3: Opaque System data type "OPC_UA_QualifiedName" See the following table for the structure of the system data type "OPC_UA_QualifiedName": Name S7 data type Meaning...
Page 725: Dynamic Arrays
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.4.8 Dynamic arrays Useful information on dynamic arrays As of TIA Portal V19 and S7-1500 CPU FW version V3.1, you can use so-called "dynamic arrays" for your OPC UA server and OPC UA client interfaces. The following description explains the principle and functionality of the server interface.
Page 726 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Principle In order for OPC UA variables to be mapped to CPU tags of Array type, you use a structure or UDT with the new system data type "OPC_UA_ArrayBoundaries". The structure or UDT has the following structure elements and is structured as follows: •...
Page 727 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Name Data type Possible values / Description - - - Lower DInt -9 (lower index) - - - Upper DInt -8 (possible upper index val ues: -9..0) - - ArraySizeAct[1] OPC_UA_Boundaries Second dimension - - - Lower...
Page 728: Rules For Opc Ua Xml Files
OPC UA XML export of an S7-1500. NOTE Import blocked for namespace "http://www.siemens.com/simatic-s7-opcua" You cannot import server interfaces with the namespace "http://www.siemens.com/simatic- s7-opcua" to an S7-1500 CPU because this namespace is reserved for S7-1500 CPUs (standard SIMATIC server interface) and is not available for imports.
Page 729: Creating A Server Interface For Reference Namespace
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Integrity of the OPC UA XML files OPC UA XML files represent the server address space. These files are, for example, imported by you in the context of OPC UA Companion specifications as a server interface after adaptation to the application, loaded into the S7-1500 CPU and tested.
Page 730 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Example Euromap 77 (currently OPC 40077) You have added a server interface for the companion specification Euromap 77 (currently OPC 40077). The server interface uses object types defined in OPC UA DI as well as in Euromap 83 and Euromap 77 in their corresponding namespaces.
Page 731 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The figure below shows the dialog with the entries: Figure 4-203 Adding a reference namespace 8. Click "OK". STEP 7 (TIA) now generates the new server interface. You can find the server interface in the project tree of STEP 7 (TIA Portal) under "OPC UA Communication >...
Page 732: Generating Opc Ua Nodes Based On Local Data Mappings Of Fb Types And Udts
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.4.11 Generating OPC UA nodes based on local data mappings of FB types and UDTs If you want to make instance data from FBs or UDTs of the CPU accessible to OPC UA clients you can, as of TIA Portal version V17, have these instance data assignments automatically made.
Page 733 • A nodeset file (XML file) is available with OPC UA data type definitions that match the FB types or UDTs defined in user program (can be mapped). Use the "SiOME" tool to create your node set file (Siemens Industry Online Support). • The user program with the FB instances and UDT usages is available.
Page 734 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server In the "Interface name" field, adapt the name of the server interface to be created. A new server interface of the "Companion specification" type with this name is created during the compile.
Page 735: Notes On Configuration Limits When Using Server Interfaces
The configuration limits of the OPC UA server interfaces and the methods can be found in the technical specifications of the Equipment Manuals for the respective CPUs. Up-to-date technical specifications of the CPUs can be found on the Internet (https://support.industry.siemens.com/cs/ww/en/ps/td). A violation of configuration limits results in an error message. 11.3.5 Providing methods on the OPC UA server 11.3.5.1...
Page 736 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Rules for programming a method and runtime behavior • Make sure that the values returned by the OPC UA method are consistent with the input values provided by the OPC UA client. •...
Page 737 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Integrating the server method The diagram below shows how an OPC UA client (A) calls the server method "Cool": The CPU executes the instance "Cool1" of the server method "Cool" in the cyclic user program ⑥...
Page 738: Boundary Conditions For Using Server Methods
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server ⑤ Check whether the method has been completed or is still active ("busy"). Check whether the method has been completed. If it has, the output data of the method instance is forwarded to the OPC UA server and the method instance is notified that the method has been completed.
Page 739 CPU type. You can find this information in the equipment manuals of the corresponding CPUs or the latest technical specifications of the CPUs on the Internet (https://support.industry.siemens.com/cs/ww/en/ps/td). Error message when exceeded If the maximum number of server methods is exceeded, the OPC_UA_ServerMethodPre or OPC_UA_ServerMethodPost instructions report the error code 0xB080_B000 (TooManyMethods).
Page 740: Providing Alarms On The Opc Ua Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.6 Providing alarms on the OPC UA server 11.3.6.1 Useful information on alarms Alarms allow you to detect errors in process control in the automation system quickly, to localize them precisely, and to eliminate them. This leads to a significant reduction in downtimes in a plant.
Page 741 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Important information on the alarm types The following characteristics are significant to the differences in the behavior of alarms: • Do alarms have a state (e.g. are they incoming, outgoing - with the corresponding time stamps)? •...
Page 742 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Display of alarms in the TIA Portal During runtime, you have the option of viewing the alarms in the TIA Portal: The alarm display is located directly under the alarm editor ("Diagnostics" tab > "Alarm display" tab). The following applies to the state and acknowledgment behavior: •...
Page 743 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server After the activation of OPC UA Alarms and Conditions (CPU properties in the hardware configuration), the OPC UA address space of the S7-1500 CPU thus reflects the various alarm types (controller alarms) as described above: •...
Page 744: Opc Ua Events
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.6.2 OPC UA Events The basic concepts for alarm processing in OPC UA are expanded on here - the basic concept of "Events" is covered here. The terms used in the various parts of the OPC UA specification have been retained here.
Page 745 11.3 Using the S7-1500 as an OPC UA server The "SimaticEventType" type is defined in the SIMATIC namespace (http://www.siemens.com/simatic-s7-opcua). SimaticEventType has all properties of BaseEventType as well as the special properties which are an image of the field structure of SIMATIC alarms.
Page 746: Opc Ua Conditions And Opc Ua Alarms
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Assignment of Priority (SIMATIC) - Severity (OPC UA) The following table shows how the 17 priorities that you can assign to alarms in the SIMATIC environment are mapped to the 1000-level Severity with the OPC UA server of the S7-1500 CPU.
Page 747 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Properties of Alarms However, the properties of ConditionType are not sufficient to completely map the characteristics of SIMATIC alarms in the OPC UA server. From the ConditionType, which is derived from the BaseEventType, OPC UA defines further derived event types such as AcknowledgeableConditionType and AlarmConditionType.
Page 748 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Description of the event fields for SimaticAlarmConditionType The following table contains information about the fields of SimaticAlarmConditionType for stateful and acknowledgeable alarms, which are added to the event fields such as SimaticEventType.
Page 749: Activating Alarms And Conditions
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.6.4 Activating Alarms and Conditions Requirements • S7-1500 CPU firmware version V2.9 or higher. • Runtime license for OPC UA purchased according to the license specifications and set in the CPU properties. •...
Page 750: Subscribing To Events Of An Opc Ua Server
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.6.5 Subscribing to events of an OPC UA server Subscribing to all events via the "Server" node OPC UA servers provide events via the "Server" node and lower-level nodes. When OPC UA clients subscribe to the "Server"...
Page 751: Processing Associated Values Of Alarms
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server In the columns of the Event area, a selection of event fields is offered, for example, the event text (Message) and whether the alarm was acknowledged (A=Acknowledged). Special features of the display of alarms via the OPC UA server of the CPU The following once again summarizes the special features of the alarm display via OPC UA Alarms and Conditions for the current status.
Page 752 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Example of how values and placeholders are assigned through UaExpert 1. Make sure that you have selected all fields that you need in the UaExpert configuration. Note that each field that is not needed causes a communication load. Therefore, you should avoid a complete selection as shown in the example below.
Page 753: Simultaneous Receipt Of Alarms In Multiple Languages
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Mapping to SIMATIC data types The following assignment SIMATIC data type => OPC UA data type applies: Supported data types for SD_1 to SD_10 Mapping to OPC UA BOOL Boolean BBOOL Boolean...
Page 754 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Requirements • S7-1500 CPU as of firmware version 4.0 • The OPC UA client supports the LocaleIds "mul" and "qst" for multilingual texts. • The "Provide multilingual message texts corresponding to the active project languages in the device"...
Page 755 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server "t": [ ["de-DE","mein Text @1@ /2/"], ["en-US","my text @1@ /2/"] "r": [ ["@1@", "myCompany"] ["/2/", 1.2345] Resulting text: de-DE: "mein Text myCompany 1,2345" en-US: "my text myCompany 1.2345" Because the decimal number 1.2345 in the replacement section is not formatted as String, it can be written correctly in the different languages (with decimal point in en-US and with decimal comma in de-DE) –...
Page 756: Methods For Opc Ua Alarms And Conditions
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.6.8 Methods for OPC UA Alarms and Conditions The OPC UA specification Part 9 (OPC 10000-9: Alarms & Conditions) defines methods for OPC UA servers to enable OPC UA clients to react to state changes, for example. In the following, the methods are described that are supported by the OPC UA server of the S7-1500 CPU with their special features.
Page 757 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Calling the "Acknowledge" and "AddComment" methods Method calls in OPC UA use MethodId and ObjectId. In the case of an alarm object, ObjectId is the node ID for the instance of the alarm object. Since the address model of Simatic Alarms and Conditions does not provide instances for alarm objects, the OPC UA specification provides in this case that the OPC UA client uses the ConditionId as ObjectId.
Page 758 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server ConditionRefresh The ConditionRefresh method (MethodId: i=3875) has the following parameters: Parameter Data type Description [in] SubscriptionId Uint32 SubscriptionId of the subscription to be updated. Method Result Codes Result Code Description Bad_SubscriptionIdInvalid The SubscriptinId is not valid.
Page 759 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Method Result Codes Result Code Description Good Method was successfully executed. BadNodeIdUnknown Method was called with the wrong ConditionId (see notes on calling the methods "Acknowlege" and "AddComment"). BadEventIdUnknown Method was called with the wrong EventId.
Page 760: Handling Memory Limits For Opc Ua Alarms And Conditions
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.6.9 Handling memory limits for OPC UA Alarms and Conditions The OPC UA server of the S7-1500 CPU has product-specific limited memory capacity for the "Alarms and Conditions" function (see CPU specifications). Two memory pools for different categories of alarms are available: •...
Page 761 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Principle The following figure shows a simplified process for temporarily storing ProgramAlarms to make them available again at another time for the OPC UA Alarms and Condition System. The nodes mentioned in the caption are visible in the following image of the address model.
Page 762: Special Features
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Address model for Alarms and Conditions The following figure shows the nodes of the OPC UA Alarms and Conditions address model. Special features • When pending alarms go out or are acknowledged, they no longer enter the OCP UA Alarms and Conditions system area via the ConditionRefresh method.
Page 763 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server In the address space of the server, for example, the following nodes are available with diagnostic information: • ServerDiagnosticsSummary: Server diagnostics summary – CurrentSessionCount: Number of active sessions – SecurityRejectedSessionCount: Number of sessions rejected due to mismatching end point security settings between client and server •...
Page 764: Running Diagnostics For Opc Ua Servers In The Program
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server The SessionsDiagnosticsSummary node also shows the properties of the client application accessing the server within the session. Figure 4-208 Sessions diagnostics with the properties of the client application Diagnostics of the connection between client and server To diagnose the status of the connection during program runtime in the client, use the following instruction: OPC_UA_ConnectionGetStatus: Read connection status.
Page 765: Server State Transition Diagnostics
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.7.3 Server state transition diagnostics Information on the server state S7-1500 CPUs as of firmware version V2.8 are able to create an entry in the diagnostic buffer upon state changes of the OPC UA server. The diagnostic buffer displays the new state.
Page 766 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Server states and state transitions ①, ④ POWER ON or Load in RUN, if OPC UA relevant data could be affected. ② Loading the hardware configuration with deactivated OPC UA server. The server remains shut down.
Page 767: Session State Transition Diagnostics
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.7.4 Session state transition diagnostics Information on the session state S7-1500 CPUs as of firmware version V2.8 are able to create an entry in the diagnostic buffer for state changes of an OPC UA session. The diagnostic buffer displays the new state.
Page 768: Check For Security Events
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server 11.3.7.5 Check for security events If the CPU diagnostics detects a security event during the OPC UA communication, it can enter it in the diagnostic buffer. Requirements • S7-1500 CPUs as of firmware version 2.8 •...
Page 769 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Service fault If a service itself fails, the server returns a ServiceFault. In this case, the status code (Bad...) and the according session ID are entered in the diagnostics buffer. Example of limit violations If a service request exceeds a CPU-specific limit, for example, number of sessions, number of monitored items, number of subscriptions, etc., this diagnostics is entered in the diagnostics...
Page 770: Subscription Diagnostics
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Attribute Service Set Write Read Method Service Set Call Monitored Item Service Set CreateMonitoredItems ModifyMonitoredItems DeleteMonitoredItems SetMonitoringMode SetTriggering Subscription Service Set CreateSubscription ModifySubscription DeleteSubscriptions TransferSubscriptions Publish Republish SetPublishingMode 11.3.7.7 Subscription diagnostics Information about a subscription S7-1500 CPUs as of firmware version V2.8 are able to create an entry in the diagnostic buffer...
Page 771 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Subscription states and state transitions ① Subscription is generated and is then active. ② Status change is not entered in the diagnostic buffer because too many entries may be made in the diagnostic buffer depending on the amount of data.
Page 772 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Subscription: Error in the sampling times As of firmware V2.5 of the SIMATIC S7-1500 CPU, the OPC UA server can transmit the status code "GoodOverload" when using subscriptions, if an overload of the CPU occurs when sampling the items.
Page 773: Summarizing Diagnostics
61131-3 is as follows: "Sampling has slowed down due to resource limitations". ① Sampling job is skipped Figure 4-213 Subscription with error See also FAQ 109763090 (https://support.industry.siemens.com/cs/ww/en/view/109763090). More information You can find information about the server settings for subscriptions in the section Settings of the server for subscriptions (Page 243).
Page 774 OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Example An OPC UA client repeatedly "overloads" an S7-1500 CPU as OPC UA server with a sampling rate that the server cannot handle (overload). The "Summarize diagnostics in case of high message volume" setting is activated. A message appears in the diagnostics buffer for this diagnostic option.
Page 775: Principle Of Operation
OPC UA communication 11.3 Using the S7-1500 as an OPC UA server Principle of operation The CPU enters the first three events of an event type in the diagnostics buffer. It then ignores all subsequent diagnostics of this group. At the end of the monitoring time (interval), the CPU generates a group alarm in which it enters the diagnostics and the frequency of this diagnostics during the elapsed interval.
Page 776: Using The S7-1500 Cpu As An Opc Ua Client
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11.4 Using the S7-1500 CPU as an OPC UA client 11.4.1 Overview and requirements With STEP 7 (TIA Portal) Version V15.1 and higher, you can assign parameters and program an OPC UA client that can read PLC tags in an OPC UA server.
Page 777: Useful Information About The Client Instructions
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client Overview To use the editor and the connection parameter assignment, follow these steps: 1. First, specify a client interface. Add to this the PLC tags and PLC methods interface that you want to access ("First step (Page 339)").
Page 778 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client ① Instructions for preparation of method calls ② Method calls ③ Instructions for "clean-up" after completed method calls Figure 4-216 Run sequence for a method call in the OPC UA server Optional instructions (reading out the status of a connection / reading out node IDs of nodes with known hierarchy of the address space) •...
Page 779: Number Of Client Instructions That Can Be Used Simultaneously
> OPC UA > OPC UA client. Application example in Online Support This application example (https://support.industry.siemens.com/cs/ww/en/view/109762770) provides you with an S7 user block "OpcUaClient" that summarizes the most important functions of the OPC UA instructions, accelerates the implementation for you and simplifies the programming.
Page 780 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client OPC UA instruction Maximum number for Maximum number for Maximum number for CPU 1510SP (F) CPU 1507S (F) CPU 1511 (C/F/T/TF) 1505 (S/SP/SP F/SP T/SP TF) CPU 1517 (F/T/TF) CPU 1512C CPU 1515 (F/T/TF) CPU 1518 (F) CPU 1512SP (F) CPU 1515 SP PC (F/T/TF) CPU 1513 (F) CPU 1516 (F/T/TF)
Page 781: Example Configuration For Opc Ua
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11.4.4 Example configuration for OPC UA The following sections describe how you can use the client interfaces editor and the connection parameter assignment. The description is based on a specific example: Two S7-1500 CPUs operate in the system: One CPU serves as the OPC UA client and the other as the OPC UA server.
Page 782: Creating Client Interfaces
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 2. An S7-1516 CPU controls the interaction with other production lines. This CPU is named "Supervisor" in the example. The OPC UA client of this CPU is enabled. Using OPC UA, this CPU can read the NewProduct and ProductNumber tags, set the ProductionEnabled tag and call the OpenDoor method.
Page 783 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client In addition, STEP 7 creates the following data blocks: – Client_Interface_1_Configuration The data block already contains all system data types that are needed for the instructions of the OPC UA client. This data block is filled when you configure the connection to the OPC UA server.
Page 784 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 8. Create a read list in this client interface. To do this, follow these steps: – Click "Add new read list" in the left section of the editor. STEP 7 adds a new list named "ReadList_1".
Page 785 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 9. If you want assign new values to PLC tags, create a write list in this client interface. To do this, follow these steps: – Click "Add new write list" in the left section of the editor. STEP 7 adds a new list with the name "ReadList_1".
Page 786 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11. Compile the project. To do so, select the project and click the following button in the toolbar: STEP 7 compiles the project and updates the data blocks that belong to the "Productionline" client interface.
Page 787 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client • ProductionLine_Data A data block for the PLC tags that you have entered in the client interface editor. In the example, this data block is called "Productionline_Data". The figure below shows the data block.
Page 788 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client This is only successful, however, if the following requirements are met: • A connection exists to the OPC UA server of the CPU, which controls the production line. •...
Page 789: Determine Server Interface Online
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11.4.6 Determine server interface online With STEP 7 (TIA Portal) you can determine the interface of an OPC UA server online. This provides information on which tags of a connected OPC UA server you can read or set (write) with OPC UA clients.
Page 790 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client In the top right, enter the IP address of the OPC UA server whose server interface you want to determine online. 7. Click "Find selected server". STEP 7 establishes a connection to the OPC UA server and determines all security settings (server endpoints) that the server holds in readiness.
Page 791 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11. Click on the "Go online" button. When a secure connection is established, a message appears that you must accept the server certificate for the secure connection to be established. In the message window, you can display further details about the server certificate via a link.
Page 792: Using Multilingual Texts
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11.4.7 Using multilingual texts In the client interface editor, you are also importing texts that can be displayed in different languages with the OPC UA XML files (information models). Multilingualism is optional, and each node can be defined differently regarding the languages it offers.
Page 793: Rules For The Access To Structures
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client You can then apply the nodes in the corresponding lists (read list, write list, method list) with drag and drop. You cannot change the language in the lists (read list, write list, method list). Applying the displayed description texts as comment in PLC data types When you compile the program, STEP 7 automatically creates PLC data types (UDTs) for each read list, for each write list and for inputs or outputs of each method.
Page 794 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client Example of an error-free assignment of the structure elements In the imported node set file (XML export), the structure is defined as follows: The structure mapped in the read list matches, both in the order and in the assigned data types, the corresponding nodes of the node set file.
Page 795: Using Connection Parameter Assignment
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11.4.9 Using connection parameter assignment 11.4.9.1 Creating and configuring connections With the instructions for OPC UA clients, you create a user program that exchanges data with an OPC UA server. A series of system data types are required for this. To simplify your work with these system data types, a connection parameter assignment for OPC UA clients is available starting in STEP 7 (TIA Portal) Version 15.1.
Page 796 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 3. Enter a path within the OPC UA server to restrict access to this path. The information is optional. However, some servers only establish a connection if a server path is specified. When you specify a path, it is automatically entered at the "ServerEndpointUrl"...
Page 797 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client The following settings are possible: • No security • Basic128Rsa15 • Basic256 • Basic256Sha256 To configure a secure connection, you must observe the following items: • A certificate is required for the client for a secure connection. •...
Page 798: Setting Languages
More information What causes the connection to an OPC UA server to fail? FAQ. (https://support.industry.siemens.com/cs/ww/en/view/109766709) 11.4.9.2 Handling of the client certificates of the S7-1500 CPU Where does the client certificate come from? If you are using the OPC UA client of an S7-1500 CPU (OPC UA client enabled), you can create certificates for these clients with STEP 7 V15.1 and higher as described in the following...
Page 799 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client Certificate of the OPC UA client of the S7-1500 CPU A secure connection between the OPC UA server and an OPC UA client is only established if the server classifies the certificate of the client as trusted.
Page 800 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 2. Announcing the client certificate to the server You have to make the client certificate available to the server to allow a secure connection to be established. To do this, follow these steps: 1.
Page 801: User Authentication
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 11.4.9.3 User authentication In the OPC UA client interface of the S7-1500, you can set what authentication is required for a user of the OPC UA client wishing to access the server. To do so, you must select the corresponding client interface in the project tree of the requested S7-1500 CPU under "OPC UA communication >...
Page 802: Using A Configured Connection
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client "No Security" security policy and authentication via user name and password You can set the following combination: Security policy = "No Security" and authentication via user name and password. •...
Page 803 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client Order of the OPC UA instructions The following figure shows the order in which the OPC UA instructions are called in a user program in order to use these instructions to read or write PLC tags: ①...
Page 804 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client 4. Click the toolbox symbol in the editor for FBD or LAD. The symbol is located in the heading of the instruction: If you are using the editor for STL or SCL: Click the small green rectangle below the first character of the instance name: The example (Page 338) uses "#OPC_UA_Connect_Instance"...
Page 805 OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client STEP 7 now automatically interconnects all parameters of the "OPC_UA_NodeGetHandleList" instruction: If you want to write data to an OPC UA server, select the write list you want to use under "Data access >...
Page 806: Supported Instructions
OPC UA communication 11.4 Using the S7-1500 CPU as an OPC UA client Select the client interface that you want to use. The example uses the "ProductionLine" client interface. STEP 7 now automatically interconnects all parameters of the "OPC_UA_Disconnect" instruction. Supported instructions For the following instructions, STEP 7 automatically supplies the parameters if you are using a client interface and a configured connection to an OPC UA server:...
Page 807: Tips And Recommendations
/ publishing interval of 1 second. You can find more information in the FAQ 109755846 (https://support.industry.siemens.com/cs/us/en/view/109755846). • Select the same sampling and publishing intervals for the OPC UA client and for the OPC UA server.
Page 808: Rules For The User Program
OPC UA communication 11.5 Tips and recommendations 11.5.2 Rules for the user program User programs for OPC UA The following rules apply to user programs: • If your application allows it and the communication load is high, you should set a minimum time for cycle OBs.
Page 809: Master Copies For Opc Ua Communication
OPC UA communication 11.5 Tips and recommendations 11.5.3 Master copies for OPC UA communication Master copies for the OPC UA interfaces Interfaces of OPC UA servers and OPC UA clients that you want to use multiple times can be stored either in the project library or in a global library. Master copies in the project library can only be used within the project.
Page 810 OPC UA communication 11.5 Tips and recommendations More information For information on how to create a user-defined server interface, refer to the section Creating a user-defined server interface (Page 271). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 811: Addressing Via Dhcp
Addressing via DHCP Communication Function Manual, 11/2024, A5E03735815-AM...
Page 812 Addressing via DHCP In order to provide future-proof, efficient and flexible automation, more and more components from the production area support IT standards. Worldwide Ethernet standards, integrated communication and versatility make IT-supported automation an economical solution for your requirements. Functional expansions of the communication options of the S7-1500 CPUs in this direction give you more freedom for the possible uses of your system or machine.
Page 813: Areas Of Application
Addressing via DHCP 12.1 Principle of address assignment via DHCP Areas of application • Use of the S7-1500 CPU in a managed IT environment • Adding new devices in a modular manufacturing structure 12.1 Principle of address assignment via DHCP Requirement configuration The following requirements must be met so that a PROFINET interface of the S7-1500 CPU can obtain IP address parameters via a DHCP server:...
Page 814 Addressing via DHCP 12.1 Principle of address assignment via DHCP The IP address parameters and options are stored in the load memory of the CPU. After a general reset or restart of the CPU, the IP address parameters and options are obtained again via DHCP.
Page 815: Dhcp With Dns
Addressing via DHCP 12.2 DHCP with DNS 12.2 DHCP with DNS As of STEP 7 V17, the S7-1500 CPU supports the host name and domain address parameters used in name-based communication (DNS). For specific communication services, name-based addressing via the complete name consisting of host name and domain, is useful: •...
Page 816 Addressing via DHCP 12.2 DHCP with DNS • Local assignment of host name and domain You can configure the host name and domain in STEP 7 or assign them in the user program. NOTE Validity of the data obtained from DHCP If you change the host name and/or domain in the user program, then all data obtained via DHCP (IP suite, host name, domain, NTP server, DNS server) becomes invalid and is retrieved again from DHCP server.
Page 817 Addressing via DHCP 12.2 DHCP with DNS well as the host name to the DHCPv4 server. The DHCP server supplies the domain option to the CPU. Figure 4-239 Configure host name, obtain domain name via DHCP For this configuration, you must first activate the host name and domain configuration in STEP 7.
Page 818 Addressing via DHCP 12.2 DHCP with DNS Assign host name in the user program To assign the host name in the user program, follow these steps: 1. Select the S7-1500 CPU in STEP 7. 2. In the properties of the CPU, navigate to "Advanced configuration" > "Host and domain name"...
Page 819: Activate Dhcp
Addressing via DHCP 12.3 Activate DHCP Rules for maximum lengths of host name, domain and client ID Note the following maximum lengths in bytes. One byte corresponds to one character: • Host name: Maximum 63 bytes • Domain: Maximum 252 bytes •...
Page 820: Configuring The Client Id
Addressing via DHCP 12.4 Configuring the client ID 12.4 Configuring the client ID The client ID The S7‑1500 CPU always identifies itself to a DHCP server with the client ID (DHCP option 61). The client ID is interface specific. The S7-1500 CPU supports the following two operating modes with regard to the client ID: •...
Page 821: Get Addresses Of The Dns Servers Via Dhcp
Addressing via DHCP 12.5 Get addresses of the DNS servers via DHCP Adapting the client ID during runtime You can use the "CommConfig" instruction to adapt the client ID via the user program. Call the instruction. The DATA parameter must point to a UDT "Conf_ClientId" or a UDT "Conf_ClientId_Opaque".
Page 822: Get Addresses Of The Ntp Servers Via Dhcp
Addressing via DHCP 12.7 Obtain host and domain name via DHCP 12.6 Get addresses of the NTP servers via DHCP Requirements • You have activated the address assignment via DHCP for at least one interface of the S7-1500 CPU. Obtaining addresses from NTP servers via DHCP To obtain the addresses of up to four NTP servers via DHCP, follow these steps: 1.
Page 823 Addressing via DHCP 12.7 Obtain host and domain name via DHCP Obtaining a domain via DHCP To obtain the domain via DHCP, follow these steps: 1. Select the S7-1500 CPU in STEP 7. 2. In the properties of the CPU, navigate to "Advanced configuration" > "Host and domain name" > "Host and domain name configuration"...
Page 824: Routing
Routing 13.1 Overview of the routing mechanisms of S7-1500 CPUs The following table gives an overview of the routing mechanisms of the S7-1500 CPU. Routing mechanism Description Applications Section S7 routing S7 routing is the transfer of data Download user programs S7 routing (Page 382) beyond S7 subnet boundaries.
Page 825: S7 Routing
A firewall does not recognize the IP address of the sender during S7 routing when the sender is located outside the S7 subnet adjacent to the firewall. An overview of the devices that support the "S7 routing" function is provided in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/584459). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 826 Routing 13.2 S7 routing S7 routing for online connections With the PG/PC, you can reach devices beyond S7 subnets, for example to do the following: • Download user programs • Download a hardware configuration • Execute test and diagnostics functions In the following figure, CPU 1 is the S7 router between S7 subnet 1 and S7 subnet 2.
Page 827 Routing 13.2 S7 routing S7 routing for HMI connections You have the option of setting up an S7 connection from an HMI to a CPU via different subnets (PROFIBUS and PROFINET or Industrial Ethernet). In the following figure, CPU 1 is the S7 router between S7 subnet 1 and S7 subnet 2.
Page 828 • For information on HMI communication, refer to the section HMI communication (Page 125). • You can find more information on S7 routing and TeleService adapters when you search the Internet using the following links: – Device manual Industrial Software Engineering Tools TS Adapter IE Basic (https://support.industry.siemens.com/cs/us/en/view/51311100) – Downloads for the TS Adapter (https://support.industry.siemens.com/cs/us/en/ps/16006/dl) Communication Function Manual, 11/2024, A5E03735815-AM...
Page 829: Ip Forwarding
Routing 13.3 IP forwarding 13.3 IP forwarding Forwarding of IP packets with IP forwarding IP forwarding is a function of devices to forward IP packets between two connected IP subnets. Enable/disable the IP forwarding function in STEP 7. When IP forwarding is enabled, the S7‑1500 CPU forwards received IP packets not addressed to the CPU to locally connected IP subnets or to a configured router.
Page 830: Ip Route Table
Routing 13.3 IP forwarding Requirements for using IP forwarding • S7‑1500 CPU as of firmware version V2.8 • Number of Ethernet interfaces: – The CPU has at least two Ethernet interfaces. – Or the CPU has one Ethernet interface, and a CP 1543-1 as of firmware version V2.2 provides the other Ethernet interface.
Page 831 Routing 13.3 IP forwarding Figure 4-247 Sample configuration This example configuration results in the following IP routing table for the CPU. Table 4-29 IP route table of the CPU Network destination Interface Gateway 0.0.0.0/0 10.10.0.10 10.10.0.1 192.168.1.0/24 192.168.1.1 192.168.2.0/24 192.168.2.1 10.10.0.0/24 10.10.0.10 For IP communication between the PG/PC and the HMI device, you need to set up additional IP routes to the IP subnet of the HMI device both in the PC and in the IP router.
Page 832 Routing 13.3 IP forwarding In an IP router, you set up additional routes, e.g. via a web interface. Set up the following route for this example: • Destination IP subnet: 192.168.2.0 • Subnet mask: 255.255.255.0 • Gateway: 10.10.0.10 Communication Function Manual, 11/2024, A5E03735815-AM...
Page 833 Routing 13.3 IP forwarding Restrictions You cannot configure any additional IP routes other than the router ("Standard Gateway") for an S7-1500 CPU. The network destination is either a connected IP subnet, or the network destination can be reached via exactly one configurable router. Because the S7‑1500 CPU does not support additional IP routes, you cannot build bi-directional IP router cascades.
Page 834 Routing 13.3 IP forwarding IP forwarding via the interface of a CP IP forwarding also works via the interface of a CP. For this you have to activate the "Access to PLC via communication module" function for this CP in the CPU. How you enable the "Access to PLC via communication module"...
Page 835 Separate the CPU-related IP subnets from the remote IP subnets with a firewall. For example, use the SCALANCE S security modules with integrated firewall. This application example (https://support.industry.siemens.com/cs/ww/en/view/22376747) describes how to protect an automation cell with a firewall using the SCALANCE S602 V3 and SCALANCE S623 security modules.
Page 836: Data Record Routing
Routing 13.4 Data record routing Enabling/disablng IP forwarding To enable IP forwarding, proceed as follows: 1. Select the CPU in the network view of STEP 7 (TIA Portal). 2. In the properties of the CPU of the Inspector window, navigate to "General" > "Advanced Configuration"...
Page 837: Additional Information
Additional information • The differences that exist between "normal" routing and data record routing are described in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/7000978). • Whether or not the CPU, CP or CM you are using supports data record routing can be found in the relevant manuals.
Page 838: Virtual Interface For Ip-Based Applications
Routing 13.5 Virtual interface for IP-based applications 13.5 Virtual interface for IP-based applications As of firmware version 2.8, the S7‑1500 CPU offers the option of reaching its IP-based applications, such as OPC UA, not only via its local (PN) interfaces, but also via the interfaces of communications processors in the same station.
Page 839 Routing 13.5 Virtual interface for IP-based applications Compared to conventional interfaces, the virtual interface has the following restrictions: • No access to the web server over the virtual interface. • Online backup is not possible via a connected programming device with the TIA Portal. •...
Page 840 Routing 13.5 Virtual interface for IP-based applications Once the IP address is entered, it is shown in the properties dialog of the OPC UA server in the list of server addresses. These settings provide the CPU with the new W1 virtual interface, via which the CPU services described above, such as the OPC UA server, can be accessed via a communications module.
Page 841 Routing 13.5 Virtual interface for IP-based applications Settings in the communications module (CP 1543‑1 as of FW version V3.0) Starting with firmware version V3.0 you can use the CP internal firewall to secure the data traffic via the virtual interface. To activate the firewall in the communications module, follow these steps in the protected project: 1.
Page 842: Connection Resources
Connection resources 14.1 Connection resources of a station Introduction Some communications services require connections. Connections occupy resources in the automation system (station). The connection resources are made available to the station by the CPUs, communications processors (CPs) and communications modules (CMs). Connection resources of a station The connection resources available depend on the CPUs, CPs and CMs being used and must not exceed a maximum number per station.
Page 843 Connection resources 14.1 Connection resources of a station The figure below shows an example of how individual components make connection resources available to an S7-1500 station. ① Available connection resources of the station, of which Reserved connection resources of the station A + B Connection resources of CPU 1518 Connection resources of communications module CM 1542‑1...
Page 844 Connection resources 14.1 Connection resources of a station Connection resources of a sta 1511C 1511 1515 1517 1518 tion 1512C 1516 1513 Connection resources of the CPU Max. additionally usable connec tion resources by plugging in CMs/CPs Additional connection resources CM 1542-1 Additional connection resources CP 1543-1...
Page 845: Allocation Of Connection Resources
Connection resources 14.2 Allocation of connection resources More information Information on the connection resources of the S7-1500R/H redundant system is available in the section Connection resources of the redundant system S7-1500R/H (Page 424). 14.2 Allocation of connection resources Overview - occupation of connection resources The following figure shows how different connections occupy the resources of the S7-1500.
Page 846 Connection resources 14.2 Allocation of connection resources Connection resources for HMI communication With HMI communication, the occupation of connection resources in the station depends on the HMI device being used. Table 4-31 Maximum occupied connection resources for different HMI devices HMI device Maximum occupied connection resources of the station per HMI connection Basic Panel...
Page 847 Connection resources 14.2 Allocation of connection resources Connection resources for routing To transfer data beyond S7 subnets ("S7 routing"), an S7 connection is established between two CPUs. The S7 subnets are connected via gateways known as S7 routers. CPUs, CMs and CPs in S7‑1500 are S7 routers.
Page 848 CPU acknowledges the instruction to establish the connection with an error. S7-1500 and S7-300 comparison You will find a comparison of how the communication resources of the S7-1500 and S7-300 are managed in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/109747092). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 849: Display Of The Connection Resources
Connection resources 14.3 Display of the connection resources 14.3 Display of the connection resources Display of the connection resources in STEP 7 (offline view) You can display the connection resources of an automation system in the hardware configuration. You will find the connection resources in the Inspector window in the properties of the CPU.
Page 850 Connection resources 14.3 Display of the connection resources The warning triangle in the column of the dynamic station resources is displayed because the sum of the maximum available connection resources of CPU, CP and CM (= 310 connection resources) exceeds the station limit of 256. NOTE Available connection resources exceeded STEP 7 signals the exceeding of the station-specific connection resources with a warning.
Page 851 You can display the connection resources not only in STEP 7, but also with a browser that displays the relevant page of the Web server. You will find information on displaying connection resources in the Web server in the Web Server (https://support.industry.siemens.com/cs/us/en/view/59193560)function manual. Communication Function Manual, 11/2024, A5E03735815-AM...
Page 852: Diagnostics And Fault Correction
Diagnostics and fault correction 15.1 Connection diagnostics Connections table in the online view After selecting a CPU in the Devices & networks editor of STEP 7, you will see the status of your connections displayed in the online view of the connections table. Figure 4-261 Online view of the connections table After selecting the connection in the connections table, you obtain detailed diagnostic information in the "Connection information"...
Page 853: Additional Information
When you program the T_DIAG instruction, you can evaluate diagnostic information about the configured and programmed connections of the CPU using the user program. Additional information You will find the description of the web server functionality in the function manual Web serv er (https://support.industry.siemens.com/cs/us/en/view/59193560). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 854: Emergency Address
Diagnostics and fault correction 15.2 Emergency address 15.2 Emergency address If you cannot reach the CPU via the IP address, you can set a temporary emergency address (emergency IP) for the CPU. Via this emergency address, you can re-establish the connection with a CPU in order to load a device configuration with a valid IP address.
Page 855: Communication With The Redundant System S7-1500R/H
• Web server (only via Web API) • Support of the CP 1543‑1 communications processor as central plugged module (see also S7‑1500R/H System Manual (https://support.industry.siemens.com/cs/us/en/view/109754833)) Restrictions for communication with the S7‑1500R/H redundant system • Open User Communication: – no configured connections –...
Page 856: System Ip Addresses For R/H Cpus
Communication with the redundant system S7-1500R/H 16.1 System IP addresses for R/H CPUs 16.1 System IP addresses for R/H CPUs Introduction In addition to the device IP addresses of the CPUs, the S7‑1500R/H redundant system also supports these system IP addresses: •...
Page 857 Communication with the redundant system S7-1500R/H 16.1 System IP addresses for R/H CPUs Communication via the system IP addresses X2 and X3 If the CPUs of the redundant S7‑1500R/H system have two or three PROFINET interfaces, it is preferable to use the PROFINET interface X2 or X3 for communication with other devices. The following figure shows a configuration in which the communication partners are connected via the respective PROFINET interfaces X2 with the CPUs of the S7‑1500R/H redundant system.
Page 858 Communication with the redundant system S7-1500R/H 16.1 System IP addresses for R/H CPUs Communication via the system IP address X1 The following diagram shows a configuration where the communication partners are connected with a switch to the PROFINET ring of the S7‑1500R/H redundant system. The PROFINET ring connects the communication partners with the respective PROFINET interfaces X1 of the two CPUs.
Page 859 Communication with the redundant system S7-1500R/H 16.1 System IP addresses for R/H CPUs Communication via the system IP addresses X1, X2, and X3 You can use one system IP address for each PROFINET interface of the redundant S7‑1500R/H system. PROFINET devices which are connected to X1 interfaces of the CPUs communicate via the system IP address X1.
Page 860 Communication with the redundant system S7-1500R/H 16.1 System IP addresses for R/H CPUs You can find more information on configuration scenarios with Y‑switches in the S7-1500R/H Redundant System (https://support.industry.siemens.com/cs/ww/en/view/109754833) System Manual. IP forwarding via system IP addresses If you use the system IP addresses as gateway/default routes for IP routes through the S7-1500R/H redundant system, IP packets are forwarded even if a CPU fails.
Page 861 Communication with the redundant system S7-1500R/H 16.1 System IP addresses for R/H CPUs Enable system IP addresses Requirements: • STEP 7 from V15.1 • S7‑1500R/H redundant system with two CPUs, e.g. two 1513R-1 PN CPUs If the CPUs of the S7‑1500R/H redundant system have two PROFINET interfaces (X1 and X2), then you can use a system IP address for both PROFINET interfaces.
Page 862: System Ip Addresses For Communications Processors
You can find more information about the "RH_CTRL" instruction in the online help for STEP 7. You can find information about configuring the system IP address for the W1 virtual interface and the virtual MAC address in the Redundant System S7‑1500R/H (https://support.industry.siemens.com/cs/us/en/view/109754833) System Manual. Communication Function Manual, 11/2024, A5E03735815-AM...
Page 863 Communication with the redundant system S7-1500R/H 16.2 System IP addresses for communications processors Advantages of expansion with CP 1543‑1 communications processors If you expand your redundant system with CP 1543‑1 communications processors, additional communications interfaces become available. Use this advantage for a CPU 1513R-1 PN with only one PROFINET interface, e.g.
Page 864 Communication with the redundant system S7-1500R/H 16.2 System IP addresses for communications processors IP forwarding via system IP addresses If you use the system IP addresses as gateway/default routes for IP routes through the redundant S7‑1500R system, IP packets are forwarded even if a CP fails. NOTE Primary-backup switchover in S7‑1500H systems with an active backplane bus If there is a failure of a CP in an S7‑1500H system with an active backplane bus, no primary-...
Page 865 Communication with the redundant system S7-1500R/H 16.2 System IP addresses for communications processors Assigning the system IP address to the W1 virtual interface of R/H CPUs Starting with STEP 7 V19, it is possible to assign a system IP address to the W1 virtual interface of R/H-CPUs.
Page 866: Improved Accessibility By Switching The System Ip Address
More information A description of the program-controlled switching of the system IP address can be found under the special instructions for redundant systems S7-1500R/H in the System Manual S7-1500R/H (https://support.industry.siemens.com/cs/us/en/view/109754833). 16.4 Response to Snycup Response of communication connections via the system IP address in the system state SYNCUP •...
Page 867: Response To Primary-Backup Switchover
Communication with the redundant system S7-1500R/H 16.6 Connection resources of the redundant system S7-1500R/H 16.5 Response to primary-backup switchover Response of communication connections via the system IP address during a primary‑backup switchover • Running instances of the instructions TSEND and TRCV are stopped and return the status 80C4 (temporary communication error).
Page 868 Communication with the redundant system S7-1500R/H 16.6 Connection resources of the redundant system S7-1500R/H Allocation of connection resources Communication connections occupy communication resources in the S7‑1500R/H redundant system. Each communication connection to the redundant system S7 1500R/H occupies connection resources in the S7 1500R/H station. The S7-1500R/H station comprises the hardware setup of both CPUs of the redundant S7-1500R/H system.
Page 869: Hmi Communication With The Redundant System S7-1500R/H
Communication with the redundant system S7-1500R/H 16.7 HMI communication with the redundant system S7-1500R/H 16.7 HMI communication with the redundant system S7-1500R/H 16.7.1 HMI connection via the system IP address Requirements • A S7-1500R/H redundant system, e.g. CPU 1513R‑1PN • System IP address is enabled •...
Page 870 With help of scripts in the HMI configuration, the connection of the failed CPU are switched automatically to the still running CPU. A description to this procedure can be found in the following FAQ (https://support.industry.siemens.com/cs/us/en/view/109781687). Communication Function Manual, 11/2024, A5E03735815-AM...
Page 871: Open User Communication With The Redundant System S7-1500R/H
Communication with the redundant system S7-1500R/H 16.8 Open User Communication with the redundant system S7-1500R/H 16.8 Open User Communication with the redundant system S7-1500R/H Introduction S7‑1500R/H systems as of FW version V3.1 also support Secure Open User Communication (Secure OUC). If you extend an S7‑1500R/H system as of FW version V3.1 with CP 1543‑1 communications processors, you can also use Secure OUC via these connected CPs.
Page 872 Communication with the redundant system S7-1500R/H 16.8 Open User Communication with the redundant system S7-1500R/H 16.8.1 Setting up the connection of the Open User Communication with the redundant S7-1500R/H system Open User Communication via integrated PROFINET interfaces of the CPU The S7‑1500R/H redundant system can communicate with other devices via Open User Communication.
Page 873 Communication with the redundant system S7-1500R/H 16.8 Open User Communication with the redundant system S7-1500R/H Requirements • A redundant S7‑1500R/H system as TCP client, e.g. 2 CPUs 1513‑1PN • System IP address of the PROFINET interface X1 is enabled • Connection partner as TCP server, e.g. CPU 1516‑3 PN/DP •...
Page 874 Communication with the redundant system S7-1500R/H 16.8 Open User Communication with the redundant system S7-1500R/H Figure 4-278 S7-1500R/H: Assigning parameters to the TSEND_C instruction in STEP 7 4. In "Partners" under "End point:" select the CPU 1516‑3PN/DP as the communication partner. 5. In "Partners" under "Interface:" select the PROFINET interface X2 of the CPU 1516‑3PN/DP. 6.
Page 875 Figure 4-280 OUC‑connection via a device IP address More information You can find more information on system states in the S7‑1500R/H (https://support.industry.siemens.com/cs/ww/en/view/109754833) system manual. You can find more information on the configuration and parameter assignment of your PROFINET IO system in the PROFINET Function Manual (https://support.industry.siemens.com/cs/ww/en/view/49948856).
Page 876 Communication with the redundant system S7-1500R/H 16.8 Open User Communication with the redundant system S7-1500R/H 16.8.2 Open User Communication with CP 1543-1 communications processors Introduction You can use both Open User Communication (OUC) as well as Secure OUC via the CP 1543‑1 communications processors.
Page 877 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system Creating a connection via CPs You can create the connection as for an integrated PROFINET interface of the S7‑1500R/H redundant system. However, you have to adapt the connection parameters accordingly. Select the CP 1543‑1 communications processor to be used in the "Interface"...
Page 878 S7-1500 automation system can be found in the section "Application planning > Restrictions" in the S7-1500R/H redundant system System Manual (https://support.industry.siemens.com/cs/ww/en/view/109754833). You can find a description of how to configure an OPC UA server (e.g. creating server interfaces) in the OPC UA communication (Page 162) section or in the information system of the TIA Portal.
Page 879 • The accuracy with which higher-priority alarms interrupt a cycle OB, for example, decreases. Example: The "Jitter" for a cyclic interrupt increases. • Otherwise, the basic rules from the following document apply: Function Manual "Cycle and Response Times" (https://support.industry.siemens.com/cs/us/en/view/59193558). CAUTION Thorough testing of the maximum cycle time during the commissioning phase...
Page 880 You can find additional and up-to-date information on using the OPC UA server with S7-1500R/H systems in the following entry: FAQ How do you use the OPC UA server in an S7-1500 R/H system? (https://support.industry.siemens.com/cs/ww/en/view/109822965) 16.9.2 Transparent Mode (transparent Redundancy)
Page 881 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system Behavior when restoring redundancy (SYNCUP > RUN-Redundant) If the initial state of the redundant system is restored after a failover, e.g. after replacing the faulty CPU, the system performs a SYNCUP. During SYNCUP, the OPC UA servers are restarted in both CPUs.
Page 882 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system 16.9.3 Non-transparent Mode (non-transparent Redundancy) In the following, details on non-transparent redundancy are explained. In this operating mode, OPC UA provides the following information for a client: •...
Page 883: Service Level
Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system The following figure from the specification OPC 10000-4: Services shows the steps that the client goes through when it receives the signal to switch to the "Alternate server" due to a low ServiceLevel value for the "Source server".
Page 884 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system Application of non-transparent redundancy If a client accesses the OPC UA server via different, i.e. independent subnets, transparent redundancy using the system IP address is not possible. The following figure shows a configuration with an H system that is connected to a client via two subnets.
Page 885 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system variable, which contains an array of servers (EndpointUrlList) together with information on which redundant network paths exist for each server (NetworkPaths). You can find a detailed description of the relevant nodes with their references below the VendorServerInfo node in the OPC UA specification (OPC 10000‑5: Information Model).
Page 886 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system Node Contents Accessible data in the RUN-Redund Accessible data in the RUN-Solo system <configured ant system state state name> <PLC 1> Information via R/H CPU Server interface data (identical for Client is connected with: with redundancy ID 1...
Page 887 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system OperatingMode R/H system R/H CPU 17 (STOP - no de-energized/substitute value switch for outputs) 18 (RUN - de-energized/substitute value switch for out puts) 19 (Program test) 20 (Run program test) 8 (RUN) x (primary;...
Page 888 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system 16.9.5 Updated instructions for server methods To implement server methods in an S7-1500 CPU, use the "OPC_UA_ServerMethodPre" and "OPC_UA_ServerMethodPost" instructions. Details of the new version V1.1 of these two instructions are explained below.
Page 889 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system Sequence of the user program The two "OPC_UA_ServerMethodPre" and "OPC_UA_ServerMethodPost" instructions are asynchronous instructions that do not have a "REQ input" that triggers the start of the respective instruction.
Page 890: Example Program
Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system Compatibility between version V1.0 and V1.1 of the instructions There are the following differences between version V1.0 and V1.1 with regard to the server instructions: •...
Page 891 Communication with the redundant system S7-1500R/H 16.9 Using an OPC UA server in an S7-1500R/H system STATUS_POST : DWord; END_VAR BEGIN #OPC_UA_ServerMethodPre_Instance(Done => #DONE_PRE, Busy => #BUSY_PRE, Error => #ERROR_PRE, Status => #STATUS_PRE, UAMethod_Called => #UAMethod_Called, UAMethod_InParameters := #UAMethod_InParameters); //Method is called IF #UAMethod_Called AND NOT #ERROR_PRE THEN (* Functionality: InParameters are valid...
Page 892 Industrial Ethernet Security with CP 1543-1 All-round protection - the task of Industrial Ethernet Security With Industrial Ethernet Security, individual devices, automation cells or network segments of an Ethernet network can be protected. Data transfer can also be protected by a combination of different security measures: •...
Page 893: Additional Information
The firewall and VPN groups protective functions can be applied to the operation of single devices, multiple devices, or entire network segments. Additional information An overview with links to the most important contributions on Industrial Security is available in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/92651441). 17.1 Firewall Tasks of the firewall The purpose of the firewall functionality is to protect networks and stations from outside influences and disturbances.
Page 894: Ntp Client
Industrial Ethernet Security with CP 1543-1 17.3 NTP client 17.2 Logging Functionality For test and monitoring purposes, the security module has diagnostics and logging functions. • Diagnostics functions These include various system and status functions that you can use in online mode. •...
Page 895 Industrial Ethernet Security with CP 1543-1 17.5 VPN 17.4 SNMP Functionality Like the CPU, the CP 1543‑1 supports the transfer of management information using the Simple Network Management Protocol (SNMP). To achieve this, an "SNMP agent" is installed on the CP/CPU that receives and responds to the SNMP queries. Information about the properties of devices capable of SNMP is contained in so-called MIB files (Management Information Base) for which the user needs to have the appropriate rights.
Page 896 Introduction Safety instructions SIMATIC Industrial cybersecurity S7-1500, ET 200MP, ET 200SP, ET 200AL, ET 200pro, ET 200eco PN Description PROFINET with STEP 7 Parameter assignment/addressing Function Manual Diagnostics and maintenance Functions PROFINET with the redundant S7-1500R/H system 11/2024 A5E03444486-AP...
Page 898 Table of contents Introduction............................Function manuals documentation guide................1.1.1 Information classes Function Manuals................14 1.1.2 Basic tools........................1.1.3 S7 Port Configuration Tool (S7-PCT).................. 18 1.1.4 S7 Failsafe Configuration Tool (S7-FCT)................18 1.1.5 MultiFieldbus Configuration Tool (MFCT)................1.1.6 SIMATIC Technical Documentation..................20 Safety instructions..........................
Page 899 Table of contents 5.2.3 Assigning a device name and IP address................61 5.2.4 Assign device name via communication table..............66 5.2.5 Permitting changes to the device name and IP address directly on the device..... 69 Configuring an IO device through hardware detection............70 Specifying the router for a PROFINET IO device..............
Page 900 Table of contents 7.2.9 Boundary conditions when using I-devices................ 144 7.2.10 Configuring PROFIenergy with I-devices................145 7.2.11 Enabling/disabling I-device in the user program of the I-device CPU........147 Shared device........................152 7.3.1 Useful information on shared devices................152 7.3.2 Shared device and assigned IO controllers in the common project........155 7.3.3 Configuring a shared device in a common project..............
Page 901 Table of contents 7.7.6.3 Operating several CPUs in isochronous mode..............243 7.7.6.4 Programming manual synchronization................245 Direct data exchange......................249 7.8.1 Introduction........................249 7.8.2 Configuring direct data exchange between two S7-1500 CPUs.......... 252 7.8.3 Configuring direct data exchange between multiple IO controllers........254 Device replacement without exchangeable medium............
Page 902 Table of contents PROFINET with the redundant S7-1500R/H system................321 Media redundancy in the redundant S7-1500R/H system........... 322 H-Sync Forwarding......................322 System redundancy S2...................... 324 System redundancy R1...................... 326 Switched S1 device......................328 Main differences between IO device with system redundancy S2, R1 and standard IO ..
Page 903: Introduction
Introduction Purpose of the documentation This Function Manual provides an overview of the PROFINET communications system together with SIMATIC STEP 7. STEP 7 is integrated into the high-performance, graphical Totally Integrated Automation Portal (TIA Portal), the integration platform for all automation software tools. This Function Manual supports you in planning a PROFINET system. The manual is structured into the following subject areas: •...
Page 904 You implement IRT isochronous mode between Function Manual SIMATIC S7‑1500/S7‑1500T Syn S7‑1500 CPUs as of FW version V4.0 in multiple chronous operation functions projects through use of PN/PN couplers as of FW (https://support.industry.siemens. version V6.0. com/cs/ww/en/view/109817888) PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 905 Introduction What's new in the PROFINET Function Manual, 11/2023 edition compared to 11/2022 edition Function What are the customer benefits? Where can I find this information? Implementation of You read which configuration options for proto Section PROFINET Security Class 1 (Page 38) PROFINET Security cols and processes in STEP 7 V19 have been Class 1...
Page 906 Introduction What's new in the PROFINET Function Manual, Edition 05/2021 compared to Edition 11/2018 Function What are the customer benefits? Where can I find this information? MRP interconnection The MRP interconnection procedure is an exten Section MRP interconnection (Page 198) sion of MRP.
Page 907 Introduction What's new in the PROFINET Function Manual, version 12/2017 compared to version 09/2016 This manual (version 12/2017) encompasses the following new functions compared to the previous version (version 09/2016): Function Applications Your benefits Specifying the router You can specify the IP address of a router for In the past, it was only possible to specify a router for a PROFINET IO each IO device.
Page 908 Industry Mall The Industry Mall is the catalog and order system of Siemens AG for automation and drive solutions on the basis of Totally Integrated Automation (TIA) and Totally Integrated Power (TIP).
Page 909: Function Manuals Documentation Guide
ET 200SP, ET 200AL and ET 200eco PN distributed I/O systems is arranged into three areas. This arrangement enables you to access the specific content you require. You can download the documentation free of charge from the Internet (https://support.industry.siemens.com/cs/ww/en/view/109742705). Basic information The system manuals and Getting Started describe in detail the configuration, installation, wiring and commissioning of the SIMATIC S7‑1500, SIMATIC Drive Controller, ET 200MP,...
Page 910 • SIMATIC Drive Controller (https://support.industry.siemens.com/cs/de/en/view/109772684/en) • Motion Control (https://support.industry.siemens.com/cs/de/en/view/109794046/en) • ET 200SP (https://support.industry.siemens.com/cs/de/en/view/73021864) • ET 200eco PN (https://support.industry.siemens.com/cs/ww/en/view/109765611) Manual Collections The Manual Collections contain the complete documentation of the systems put together in one file. You will find the Manual Collections on the Internet: •...
Page 911: Basic Tools
With the TIA Selection Tool , you can generate a complete order list from your product selection or product configuration. You can find the TIA Selection Tool on the Internet. (https://support.industry.siemens.com/cs/ww/en/view/109767888) SIMATIC Automation Tool You can use the SIMATIC Automation Tool to perform commissioning and maintenance activities on various SIMATIC S7 stations as bulk operations independent of TIA Portal.
Page 912 You can find SIEMENS PRONETA Basic on the Internet: (https://support.industry.siemens.com/cs/ww/en/view/67460624) SIEMENS PRONETA Professional is a licensed product that offers you additional functions. It offers you simple asset management in PROFINET networks and supports operators of automation systems in automatic data collection/acquisition of the components used through various functions: •...
Page 913: S7 Port Configuration Tool (S7-Pct)
SIMATIC S7-PCT The Port Configuration Tool (PCT) is a PC-based software for the parameter assignment of Siemens IO-Link Master modules and IO-Link devices from any manufacturer. You integrate IO-Link-devices using the standardized device description "IODD", which you get from the respective device manufacturer. S7-PCT supports version 1.0 and V1.1 of the IODD.
Page 914 • Microsoft C++ Redistributable for x86-systems (you can find the installation data for download on the Internet. (https://aka.ms/vs/15/release/vc_redist.x86.exe)) The download of the tool and further information as well as documentation on the individual functions of the MFCT can be found on the Internet. (https://support.industry.siemens.com/cs/de/en/view/109773881) PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 915: Simatic Technical Documentation
Online Support: Industry Online Support International https://support.industry.siemens.com/cs/ww/en/view/109742705 Watch this short video to find out where you can find the overview directly in Siemens Industry Online Support and how to use Siemens Industry Online Support on your mobile device: Quick introduction to the technical documentation of automation products per video ( https://support.industry.siemens.com/cs/us/en/view/109780491...
Page 916: Application Examples
Manuals, characteristics, operating manuals, certificates • Product master data You can find "mySupport" on the Internet. (https://support.industry.siemens.com/My/ww/en) Application examples The application examples support you with various tools and examples for solving your automation tasks. Solutions are shown in interplay with multiple components in the system - separated from the focus on individual products.
Page 917: Safety Instructions
Safety instructions General security information Note the security-relevant information provided in the corresponding system manual. You can find information relevant to cybersecurity in the section Industrial cybersecurity (Page 23). PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 918: Industrial Cybersecurity
Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends that product updates are applied as soon as they are available and that the latest product versions are used. Use of product versions that are no longer supported, and failure to apply the latest updates may increase customer’s exposure to...
Page 919: Cybersecurity-Related Information In This Manual
Security-relevant notes on ... Section PROFINET Security Class 1 PROFINET Security Class 1 (Page 38) You can find security-related information on communication-specific topics, e.g. information on protocols in the Communication (https://support.industry.siemens.com/cs/us/en/view/59192925) Function Manual. PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 920: Description
Description Introduction to PROFINET What is PROFINET IO? Within the framework of Totally Integrated Automation (TIA), PROFINET IO is the logical further development of: • PROFIBUS DP, the established fieldbus and • Industrial Ethernet PROFINET IO is based on 20 years of experience with the successful PROFIBUS DP and combines the normal user operations with the simultaneous use of innovative concepts of Ethernet technology.
Page 921 Description 4.1 Introduction to PROFINET Implementation of PROFINET in SIMATIC PROFINET is implemented in SIMATIC as follows: • We have implemented communication between field devices in SIMATIC with PROFINET IO. • Installation technology and network components are available as SIMATIC NET products. •...
Page 922: Profinet Terms
(http://www.profibus.com) of the "PROFIBUS & PROFINET International" PROFIBUS user organization, which is also responsible for PROFINET. Additional information can be found on the Internet (http://www.siemens.com/profinet). Overview of the most important documents and links A compilation of the most important PROFINET application examples, FAQs and other contributions in the Industry Online Support is available in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/108165711).
Page 923 Description 4.1 Introduction to PROFINET PROFINET IO devices The following graphic shows the general names used for the most important devices in PROFINET. In the table below the graphic you can find the names of the individual components in the PROFINET IO context. Number PROFINET Explanation ①...
Page 924 Description 4.1 Introduction to PROFINET IO communication via PROFINET IO The inputs and outputs of distributed I/O devices are read and written by means of PROFINET IO using what is referred to as IO communication. The following figure provides an overview of IO communication by means of PROFINET IO. IO controller - IO controller communication via PN/PN coupler IO controller - I-device communication IO controller - IO-device communication...
Page 925: Basic Terminology Of Communication
I/O area to one or more partners. The direct data exchange is based on PROFINET with IRT and isochronous mode. The data exchange takes place via transfer areas. See also Communication (http://support.automation.siemens.com/WW/view/en/59192925) Network security (Page 49) Functions (Page 121) 4.1.2...
Page 926 Description 4.1 Introduction to PROFINET Transparent data access Access to process data from different levels of the factory is supported by PROFINET communication. By using Industrial Ethernet, standard mechanisms of communication and information technology such as OPC/XML can now be used along with standard protocols such as UDP/TCP/IP and HTTP in automation engineering.
Page 927: Update Time
Description 4.1 Introduction to PROFINET Update time The update time is a time interval. IO controller and IO device/I-device exchange IO data cyclically in the IO system within this time interval. The update time can be configured separately for each IO device and determines the interval at which output data is sent from the IO controller to the IO device (output module/submodule) as well as input data from the IO device to the IO controller (input module/submodule).
Page 928: Additional Information
Description 4.1 Introduction to PROFINET Additional information For information on real-time communication, refer to the section Real-Time Communication (RT) (Page 202). 4.1.3 PROFINET interface Overview PROFINET devices of the SIMATIC product family have one or more PROFINET interfaces (Ethernet controller/interface). The PROFINET interfaces have one or more ports (physical connection options).
Page 929 Description 4.1 Introduction to PROFINET Three examples illustrate the rules for identifying PROFINET interfaces: Table 4-36 Examples for identifying PROFINET interfaces Sample labeling Interface number Port number X2 P1 X1 P2 X1 P1 R 1 (ring port) Representation of PROFINET Interfaces in the Topology Overview in STEP 7 You can find the PROFINET interface in the topology overview in STEP 7.
Page 930 Description 4.1 Introduction to PROFINET Schematic Representation of a PROFINET Interface with Integrated Switch The following schematic diagram shows the PROFINET interface with integrated switch and its ports for all PROFINETdevices. Figure 4-286 PROFINET interface with integrated switch Functional differences of the PROFINET interfaces PROFINET interfaces can provide different functions.
Page 931 You can find information on the number and functionality of the interfaces of a PROFINET device in the documentation for the specific PROFINET device. PROFINET communication services are described in the Communication function manual (http://support.automation.siemens.com/WW/view/en/59192925). In the Network security (Page 49) section you can find components that are used to protect networks against hazards.
Page 932: Implementation Of The Profinet Device Model In Simatic
Description 4.1 Introduction to PROFINET 4.1.4 Implementation of the PROFINET device model in SIMATIC Slots and modules A PROFINET device can have a modular and compact structure. A modular PROFINET device consists of slots into which the modules are inserted. The modules have channels which are used to read and output process signals.
Page 933: Profinet Security Class 1
Description 4.2 PROFINET Security Class 1 Representation of PROFINET Device Model in the Device View of STEP 7 The following figure shows the representation of the PROFINET device model in the device view of STEP 7, based on the example of a distributed I/O system ET 200MP: Figure 4-288 PROFINET device model in the device view of STEP 7 PROFINET Security Class 1 Introduction...
Page 934 Description 4.2 PROFINET Security Class 1 If IO devices support the configuring of SNMP, the PROFINET interface of the higher-level IO controller synchronizes the SNMP settings in the device properties of the IO devices by default. Changes to the SNMP settings are also automatically synchronized. Alternatively, you can change the default behavior in the module properties of IO devices and set your own SNMP settings.
Page 935: Setting Up Profinet
More information You can find detailed information on SNMP in the Communication (https://support.industry.siemens.com/cs/us/en/view/59192925) Function Manual. For information on how to configure SNMP in your PROFINET network, see section Configuring the SNMP (Page 312). For information on how to configure DCP in your PROFINET network, see section Configuring DCP (Page 318).
Page 936: Active Network Components
Description 4.3 Setting up PROFINET Physical connections of industrial networks The networking of PROFINET devices in industrial systems is generally possible in 2 different physical ways: • Connected line – By means of electrical pulses via copper cables – By means of optical pulses via fiber-optic cables •...
Page 937 "IRT PROFINET IO switch". To select appropriate switches, we recommend the SIMATIC NET Selection Tool on the Inter net (http://support.automation.siemens.com/WW/view/en/39134641). Switches of the SCALANCE product family Use the switches of the SCALANCE product family if you want to use the full scope of PROFINET.
Page 938: Cabling Technology
Ethernet Fast Connect RJ45 plugs using the cut-and-clamp method. For more information on installation, refer to the installation instructions in the "SIMATIC NET Industrial Ethernet Net work Manual" (http://support.automation.siemens.com/WW/view/en/8763736). NOTE A maximum of four plug-in pairs are allowed between two switches per Ethernet path.
Page 939 Description 4.3 Setting up PROFINET Simple method for the prefabrication of fiber-optic cables The FastConnect FO cabling system is available for the easy, fast and error-free prefabrication of fiber-optic cables. The glass-fiber optic cable consists of: • FC FO Termination Kit for SC and BFOC plug (cleave tool, Kevlar scissors, buffer grip, fiber remains container) •...
Page 940 Applies for fiber-optic cables only See also PROFINET interface (Page 33) Assembly Instructions for SIMATIC NET Industrial Ethernet (http://support.automation.siemens.com/WW/view/en/27069465) PROFINET Installation Guideline (http://www.profibus.com/nc/download/installation- guide/downloads/profinet-installation-guide/display/) PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 941: Wireless Design
Description 4.3 Setting up PROFINET 4.3.3 Wireless design 4.3.3.1 Basics What is Industrial Wireless LAN? In addition to data communication in accordance with the IEEE 802.11 standard, the SIMATIC NET Industrial Wireless LAN provides a number of enhancements which offer significant benefits for industrial customers. IWLAN is particularly suitable for demanding industrial applications that require reliable wireless communication.
Page 942: Application Examples
Description 4.3 Setting up PROFINET Application examples • Communication with mobile subscribers (mobile controllers and devices, for example), conveyor lines, production belts, translation stages , and rotating machines • Wireless coupling of communication segments for fast commissioning or cost-effective networking where routing of wires is extremely expensive (e.g. public streets, railroad lines) •...
Page 943: Tips On Assembly
Description 4.3 Setting up PROFINET Range With SCALANCE W (access points), wireless networks can be set up indoors and outdoors. Multiple access points can be installed to create large wireless networks in which mobile subscribers are transferred seamlessly from one access point to another (roaming). As an alternative to a wireless network, point-to-point connections of Industrial Ethernet segments can also be set up over large distances (several hundred meters).
Page 944: Additional Information
Additional information More information about SCALANCE W Industrial Wireless LAN components can be found in the manual SIMATIC NET SCALANCE W-700 (http://support.automation.siemens.com/WW/view/en/42784493). More information about wired data transmission can be found in the manual SIMATIC NET Twisted Pair and Fiber Optic Networks (http://support.automation.siemens.com/WW/view/en/8763736).
Page 945: Protective Measures
Description 4.3 Setting up PROFINET Definition of security Generic term for all the measures taken to protect against: • Loss of confidentiality due to unauthorized access to data • Loss of integrity due to manipulation of data • Loss of availability due to destruction of data, for example, through faulty configuration and denial-of-service attacks Threats Threats can arise from external and internal manipulation.
Page 946: Network Components And Software
Description 4.3 Setting up PROFINET • Authentication (identification) of the devices The security modules identify each other over a safe (encrypted) channel using authentication procedures. It is therefore impossible for unauthorized parties to access a protected segment. • Encrypting the data traffic The confidentiality of data is ensured by encrypting the data traffic.
Page 947: Application Example
Description 4.3 Setting up PROFINET 4.3.4.3 Application example Data security at the office and production levels The following graphic contains an application example with protected areas at different levels of the company created using SCALANCE S and the security client. The protected areas are highlighted in light gray.
Page 948 • In the Industrial Ethernet Security (http://support.automation.siemens.com/WW/view/en/56577508) manual • In the SCALANCE S and SOFTNET Security Client (http://support.automation.siemens.com/WW/view/en/21718449) manual You can find general information on industrial security concepts, functions and news on the Industrial Security website (http://www.siemens.com/industrialsecurity). PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 949: Parameter Assignment/Addressing
Parameter assignment/addressing To set up an automation system, you will need to configure, assign parameters and interlink the individual hardware components. In STEP 7, the work needed for this is undertaken in the device, topology and network view. Configuring "Configuring" is understood to mean arranging, setting and networking devices and modules within the device, topology or network view.
Page 950: Assigning An Io Device To An Io Controller
Parameter assignment/addressing 5.1 Assigning an IO device to an IO controller Assigning an IO device to an IO controller PROFINET IO System A PROFINET IO system is comprised of a PROFINET IO controller and its assigned PROFINET IO devices. After these devices have been placed in the network or topology view, STEP 7 assigns default values for them.
Page 951: Device Name And Ip Address
Parameter assignment/addressing 5.2 Device name and IP address Checking the assignment You can find an overview of the communication relationships in the "IO communication" tab in the tabular area of the network view. This table is context-sensitive for selection in the graphic area: •...
Page 952: Device Name
Parameter assignment/addressing 5.2 Device name and IP address In STEP 7 You can find the device name and the IP address under "Ethernet addresses" in the properties of the PROFINET interface in the Inspector window. Figure 4-293 Device name and IP address in STEP 7 The function, the assignment and the changing of the device name and the IP address are described in the following sections.
Page 953: Device Number
Parameter assignment/addressing 5.2 Device name and IP address Structured device names The device name is automatically assigned by default for PROFINET devices S7‑1200, S7‑1500, ET 200MP, ET 200SP and ET 200AL when these are configured in STEP 7. The device names are formed from the name of the CPU or the name of the interface module. For devices with several PROFINET interfaces, the name of the interface is enhanced, for example, "plc_1.profinet-interface_2"...
Page 954: Ip Address
When you configure the option "IP address from DHCP server" for a PROFINET interface, this interface does no longer support the PROFINET IO functionality. For more information on addressing by a DHCP server, please refer to the Communication (http://support.automation.siemens.com/WW/view/en/59192925) function manual. PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 955: Default Router
Parameter assignment/addressing 5.2 Device name and IP address Default router The default router is used when data has to be forwarded via TCP/IP or UDP to a partner located outside the local network. In STEP 7, the default router is named Router. You can activate the use of a router in the Inspector window of a CPU with the "Use router"...
Page 956: Assigning A Device Name And Ip Address
Reading out an IP address in the user program You can read out the IP address of a PROFINET device in the user program of a S7‑1500 CPU. You can find information in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/82947835). 5.2.3 Assigning a device name and IP address...
Page 957 Parameter assignment/addressing 5.2 Device name and IP address • Using a memory card: If your PROFINET device is equipped for a memory card (Micro Memory Card/SIMATIC memory card), plug this into your programming device/PC and save the hardware configuration together with the configured IP address on this memory card. Then plug the memory card into the PROFINET device.
Page 958 Parameter assignment/addressing 5.2 Device name and IP address Procedure: Changing the device name using properties of the PROFINET interface You can change the PROFINET name via the properties of the PROFINET interface. This is useful when the PROFINET device has not received its previous name from the automatic generation, for example, in the case of a migration.
Page 959 Parameter assignment/addressing 5.2 Device name and IP address Procedure: Changing the IP address To change the IP address, follow these steps: 1. In the network or device view of the STEP 7 hardware and network editor, select the PROFINET interface of a PROFINET device. 2.
Page 960 PROFINET device of the SIMATIC device family. Additional information You can find a detailed description of the operation and functions of the display of the S7‑1500 CPUs in the system manual S7‑1500, ET 200MP (http://support.automation.siemens.com/WW/view/en/59191792). PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 961: Assign Device Name Via Communication Table
Parameter assignment/addressing 5.2 Device name and IP address 5.2.4 Assign device name via communication table Introduction You can assign the device names of PROFINET IO devices configured offline to the devices online. You can do this in the table area of the network view in the table "I/O communication".
Page 962: General Procedure
Parameter assignment/addressing 5.2 Device name and IP address General procedure To assign PROFINET device names, you must first detect the IO devices available online. With this procedure, it matters whether the MAC addresses are known or unknown. This results in a general procedure in two steps: 1.
Page 963 Parameter assignment/addressing 5.2 Device name and IP address Intermediate result After the check, the result is displayed for every device in the table. Online data found is automatically entered in the table and the check box "Assign device" is set to "checked" in the rows in which a MAC address was entered or found online.
Page 964: Importing And Exporting Data
Parameter assignment/addressing 5.2 Device name and IP address Importing and exporting data Using the import and export button, you can import or export the data of the I/O communication table for the online assignment: • When you export, the currently displayed data of the table is exported to a CSV file. Using the filter function of the table, you can select which data will be exported.
Page 965: Configuring An Io Device Through Hardware Detection
For information on the "T_CONFIG" instruction and on downloading to the target system, refer to the STEP 7 online help. A free Download (https://support.industry.siemens.com/cs/ww/en/view/109776941) of the Primary Setup Tool (PST) can be found on the Internet. On this Internet page, you will also find a list of devices for which the PST is approved.
Page 966 Parameter assignment/addressing 5.3 Configuring an IO device through hardware detection Procedure To detect one or more existing IO devices in STEP 7 and add them to the project, follow these steps: 1. In STEP 7, navigate to "Online" > "Hardware detection". 2. Click "PROFINET devices from network...". STEP 7 opens the "Hardware detection of PROFINET devices"...
Page 967: Specifying The Router For A Profinet Io Device
Parameter assignment/addressing 5.4 Specifying the router for a PROFINET IO device Specifying the router for a PROFINET IO device Introduction You always require a router (also referred to as a "Standard Gateway") when the PROFINET device has to communicate with a node whose IP addresses lie outside the own IP subnet. If the PROFINET device sends an IP packet to an IP address outside its own IP subnet, the IP packet first goes to the configured router.
Page 968 Parameter assignment/addressing 5.4 Specifying the router for a PROFINET IO device Further information about the "User router" setting You have the possibility to configure the use of a router including IP address of the router in the "IP protocol" section of the settings for the PROFINET interface (Ethernet addresses). Rules Observe the following rules if you want to configure a router for the PROFINET interface of an IO controller:...
Page 969 Parameter assignment/addressing 5.4 Specifying the router for a PROFINET IO device Configuration example: Configuring a router for an IO device The following example shows a configuration in which you configure a router at the IO device so that the IO device reaches IP addresses in the higher-level network. Figure 4-302 Configuration example: Configuring a router for an IO device You have a CPU 1516‑3PN/DP.
Page 970: Configuring Topology
Parameter assignment/addressing 5.5 Configuring topology Configuring the router for the IO controller Requirements: You use the "Set IP address in the project" option for the PROFINET interface. Follow these steps to configure a router for the IO controller in STEP 7: 1.
Page 971 Parameter assignment/addressing 5.5 Configuring topology Line All the communication devices are connected in a linear bus topology. In PROFINET, the linear bus topology is implemented with switches that are already integrated into the PROFINET devices. Therefore, the linear bus topology at PROFINET is merely a special form of tree / star topology.
Page 972 Parameter assignment/addressing 5.5 Configuring topology Example for topology The following example shows a combination of different topologies. Number Meaning ① S7-1500 as IO controller ② S7-300 as IO controller ③ Industrial WLAN with SCALANCE W ④ SCALANCE X 307‑3 with seven electrical and three optical ports ⑤...
Page 973 (http://www.profibus.com/nc/download/installation-guide/downloads/profinet-installation- guide/display/) of the PROFIBUS User Organization when planning your PROFINET topology. For more detailed information, see the SIMATIC NET Twisted Pair and Fiber Optic Networks (http://support.automation.siemens.com/WW/view/en/8763736) manual. You can find basic information in the Communication with SIMATIC (http://support.automation.siemens.com/WW/view/en/1254686) manual. PROFINET with STEP 7...
Page 974: Topology View In Step 7
Parameter assignment/addressing 5.5 Configuring topology 5.5.1 Topology view in STEP 7 Introduction The topology view is one of three working areas of the hardware and network editor. You undertake the following tasks here: • Displaying the Ethernet topology • Configuring the Ethernet topology •...
Page 975 Parameter assignment/addressing 5.5 Configuring topology Table area • Topology overview: This displays the Ethernet or PROFINET devices with their appropriate ports and port connections in a table. This table corresponds to the network overview table in the network view. • Topology comparison: Here you can import devices and port interconnections automatically through offline/online comparison or extended Offline/Online comparison into STEP 7.
Page 976: Interconnecting Ports In The Topology View
Parameter assignment/addressing 5.5 Configuring topology 5.5.2 Interconnecting ports in the topology view Requirement You are in the graphic view of the topology view. Procedure To interconnect ports in the topology view, follow these steps: 1. Place the pointer of the mouse on the port you want to interconnect. 2.
Page 977: Interconnecting Ports - Inspector Window
Parameter assignment/addressing 5.5 Configuring topology 5.5.3 Interconnecting ports - Inspector window Interconnecting ports in the Inspector window To interconnect ports, follow these steps: 1. In the device or network view, select the PROFINET device or PROFINET interface. 2. In the Inspector window, navigate to the port property "Port interconnection". When the PROFINET interface is selected, you can find this setting in the Inspector window as follows: "Properties >...
Page 978 Parameter assignment/addressing 5.5 Configuring topology Automatic assignment of a PNIO device A PNIO device identified online is automatically assigned to a configured device if the following properties of the two devices match up: • Article no. • Type • PROFINET device name No automatic assignment In the following situations, no automatic assignment is possible: •...
Page 979: Apply The Port Interconnections Identified Online Manually To The Project
Parameter assignment/addressing 5.5 Configuring topology 5.5.5 Apply the port interconnections identified online manually to the project Requirements You have run an offline/online comparison in the topology view. The result of this is that at least one device identified online was automatically assigned to a configured device, but that there are differences relating to the interconnection.
Page 980: Include The Devices Identified Online Manually In The Project
Parameter assignment/addressing 5.5 Configuring topology 5.5.6 Include the devices identified online manually in the project Requirements You have run an offline/online comparison in the topology view. The result of this is that at least one device identified online could not be assigned to any configured device. Procedure To adopt one more devices identified online in the project manually, follow these steps: 1.
Page 981: Diagnostics And Maintenance
Diagnostics and maintenance LEDs for diagnostics on PROFINET Each port of a PROFINET interface of a SIMATIC device has one LED. The following table shows a summary of the meaning of these LEDs in the S7‑1500, ET 200MP, ET 200SP and ET 200AL systems. Table 4-39 S7‑1500, ET 200MP, ET 200SP, ET 200AL: LEDs for diagnostics on PROFINET LED image Meaning...
Page 982: Diagnostics Mechanisms Of Profinet Io
The following sections provide basic information on using diagnostics via PROFINET IO. You can find a detailed description of the system diagnostics for S7‑1500, ET 200MP, ET 200SP and ET 200AL in the Diagnostics (http://support.automation.siemens.com/WW/view/en/59192926) function manual. PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 983 Diagnostics and maintenance 6.1 Diagnostics mechanisms of PROFINET IO Accessing the status of an IO device with a PG/PC or an HMI device If you are connected to the Industrial Ethernet via a PG/PC with STEP 7 or an HMI device, you can also call up diagnostics information online.
Page 984: Diagnostics Levels In Profinet Io
Diagnostics and maintenance 6.1 Diagnostics mechanisms of PROFINET IO 6.1.1 Diagnostics levels in PROFINET IO Concept The IO device sends all error messages that occur to the IO controller. The scope and volume of diagnostics information varies according to the level of diagnostics data evaluation and the PROFINET devices you are using.
Page 985 Which PROFINET nodes support the extended PROFINET diagnostics? An overview of the PROFINET nodes that support extended PROFINET diagnostics and of what you have to configure is provided in this FAQ (https://support.industry.siemens.com/cs/ww/en/view/23678970). PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 986: Diagnostics Via The Display Of The S7-1500 Cpus
Diagnostics and maintenance 6.2 Diagnostics via the display of the S7-1500 CPUs Diagnostics via the display of the S7-1500 CPUs Display The S7‑1500 CPU has a display and operating keys. The display of the CPU shows you the control and status information in different menus. You use operating keys to navigate through the menus and make a variety of settings in the process.
Page 987 "DiagnosticRefresh". Figure 4-314 Display of alarms Figure 4-315 Display of alarm message Additional information You can find the description of the operation and functions of the display in the SIMATIC S7‑1500 Display Simulator (http://www.automation.siemens.com/salesmaterial- as/interactive-manuals/getting-started_simatic-s7-1500/disp_tool/start_de.html). PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 988: Diagnostics Via Web Server
Diagnostics and maintenance 6.3 Diagnostics via Web server Diagnostics via Web server The CPUs belonging to the S7 family have their own integrated Web server with a wide range of functions. The following diagnostics options are available to you: • Start page with general CPU information •...
Page 989 Diagnostics and maintenance 6.3 Diagnostics via Web server Set topology and actual topology - graphic view Requirements for displaying the set and actual topology: • You have configured the PROFINET ports in the topology editor of the hardware and network editor of STEP 7. •...
Page 990 Diagnostics and maintenance 6.3 Diagnostics via Web server Meaning of the colored connections in the set/actual topology: Table 4-40 Meaning of the colored connections in the set/actual topology: Connection Meaning Set topology Actual topology green The current actual connection matches the configured set detected connections connection.
Page 991 The tabular view of the actual topology and the status overview of the PROFINET devices in the project are possible. You can find these views, additional topology examples, and detailed information on the operation and the functions of the Web server in the Web server (http://support.automation.siemens.com/WW/view/en/59193560) manual. PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 992: Online Diagnostics With Step 7
Diagnostics and maintenance 6.4 Online diagnostics with STEP 7 Online diagnostics with STEP 7 For PROFINET, you have the following options to evaluate diagnostics in STEP 7: • Online & diagnostics - Devices & networks • Online & diagnostics - diagnostics of PROFINET ports Online &...
Page 993: Extended Maintenance Concept
Figure 4-319 Diagnostics of PROFINET ports in STEP 7 Additional information You can find information on the system diagnostics for S7‑1500, ET 200MP, ET 200SP and ET 200AL in the Diagnostics (http://support.automation.siemens.com/WW/view/en/59192926) function manual and online help for STEP 7. Extended maintenance concept Extended maintenance concept The PROFINET interfaces with integrated switch of the SIMATIC devices support the four-level diagnostics concept in accordance with PROFINET specification Version V2.3 or higher with...
Page 994 Diagnostics and maintenance 6.5 Extended maintenance concept Diagnostic status Symbol Severity of the error Maintenance Green wrench required Maintenance Yellow wrench demanded Red wrench PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 995 Diagnostics and maintenance 6.5 Extended maintenance concept Diagnostic status Symbol Severity of the error The aim of the diagnostics concept is the early detection and elimination of potential faults - before they cause a production outage. Other status information is defined in addition to the Good (no fault) and Bad (fault) status information for a PROFINET device.
Page 996 Diagnostics and maintenance 6.5 Extended maintenance concept Example: Maintenance demanded for a PROFINET cable The following graphic illustrates how diagnostics information is exchanged when the transmission quality on the optical cable decreases due to ageing, for example. In this example, the scenario is considered after a maintenance required has already been diagnosed.
Page 997: Diagnostics Of The Network Topology
• LLDP-PNIO-MIB, standardized in the international standard IEC 61158-6-10 You will find the MIBs for ET 200 interface modules and couplers with PROFINET interface in this product note (https://support.industry.siemens.com/cs/ww/en/view/109770525). Detecting the network topology LLDP (Link Layer Discovery Protocol) is a protocol that is used to detect the closest neighbor.
Page 998: Diagnostics In The User Program
Diagnostics and maintenance 6.7 Diagnostics in the user program Use of SNMP in the SIMATIC NET environment SNMP-compliant devices from the SIMATIC NET family can be monitored and operated via a conventional standard Internet browser. The management system known as web-based management offers a wide range of device-specific information (network statistics, status of redundant supply, for example).
Page 999 Diagnostics and maintenance 6.7 Diagnostics in the user program Addressing levels of diagnostics data records Diagnostics and configuration data is evaluated at the following addressing levels: • Device level • AR (Application Relation) • API (Application Process Identifier) • Slot •...
Page 1000 The finished functions are freely adaptable and can therefore be used universally. The "LPNDR" block library with an example project can be found on the Internet (https://support.industry.siemens.com/cs/ww/en/view/109753067). PROFINET with STEP 7 Function Manual, 11/2024, A5E03444486-AP...
Page 1001: Evaluate Diagnostics In The User Program
Diagnostics and maintenance 6.7 Diagnostics in the user program 6.7.2 Evaluate diagnostics in the user program Diagnostics in the user program For PROFINET IO, a cross-vendor structure of data records with diagnostics information applies. Diagnostics information is created only for channels on which a fault has occurred. With PROFINET, there are two basic ways to obtain diagnostics information.
Page 1002 Diagnostics and maintenance 6.7 Diagnostics in the user program 2. Evaluation of interrupts When the error OB (OB 82) is called, the OB's start information provides you with information on the cause and location of the error. Detailed information on the error event can be obtained in the error OB using the instruction "RALRM"...
Page 1003: Maintenance
Diagnostics and maintenance 6.8 Maintenance Maintenance 6.8.1 I&M data (identification and maintenance) Definition and properties Identification and maintenance data (I&M) is information saved to module memory in order to provide support when: • Checking the plant configuration • Locating hardware changes in a plant Identification data (I data) is module information (some of which may be printed on the module housing) such as the order and serial number.
Page 1004: Asset Management
Diagnostics and maintenance 6.8 Maintenance Where do I specify which I&M data is downloaded to which PROFINET IO devices? You specify which I&M data you want to download to which PROFINET IO devices in the "Load preview" dialog. You will find the following alternatives in the drop-down list of the "Identification and maintenance data (I&M)"...
Page 1005: Application Examples
Diagnostics and maintenance 6.8 Maintenance Assets general and asset management data records Assets are components (hardware and software / firmware) of a machine, for example a laser welding machine, or a plant. A large number of these device components can already be identified through tried-and- tested I&M functions or corresponding data records (I&M0 to I&M5) in the PROFINET context: The device itself as well as its modules and submodules.
Page 1006: Further Information
Diagnostics and maintenance 6.8 Maintenance Reading asset management data The asset management record has the index 0xF880 and is read with standard PROFINET mechanisms by the user of the records, for example a tool or program for evaluating these data. A user program in the S7-1500 IO controller, for example, can read out the AMR of an IO device with the RDREC instruction (Index 0xF880).