Siemens CP 1243-7 LTE, S7-1200 TeleControl, CP 1243-7 LTE-EU, CP 1243-7 LTE-US Operating Instructions Manual

Download

Page 1

___________________

SIMATIC NET

S7-1200 - TeleControl CP 1243-7 LTE

Operating Instructions

CP 1243-7 LTE-EU CP 1243

04/2017

C79000

Preface

Application and properties

LEDs and connectors

Installation, connecting up, commissioning

Configuration

Program blocks

Diagnostics and upkeep

Technical specifications

Dimension drawings

Approvals

Accessories

Documentation references

-7 LTE-US

-G8976-C381-03

Page 2

Siemens AG Division Process Industries and Drives Postfach 48 48 90026 NÜRNBERG GERMANY

C79000-G8976-C381-03

Ⓟ

Legal information

Warning notice system

DANGER

indicates that death or severe personal injury will result if proper precautions are not taken.

WARNING

indicates that death or severe personal injury may result if proper precautions are not taken.

CAUTION

indicates that minor personal injury can result if proper precautions are not taken.

NOTICE

indicates that property damage can result if proper precautions are not taken.

Qualified Personnel

personnel qualified

Proper use of Siemens products

WARNING

Siemens products may only be used for the applications described in the catalog and in the relevant technical

ambient conditions must be complied with. The information in the relevant documentation must be observed.

Trademarks

Disclaimer of Liability

This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are graded according to the degree of danger.

If more than one degree of danger is present, the warning notice representing the highest degree of danger will be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to property damage.

The product/system described in this documentation may be operated only by task in accordance with the relevant documentation, in particular its warning notices and safety instructions. Qualified personnel are those who, based on their training and experience, are capable of identifying risks and avoiding potential hazards when working with these products/systems.

Note the following:

documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems. The permissible

All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.

We have reviewed the contents of this publication to ensure consistency with the hardware and software described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the information in this publication is reviewed regularly and any necessary corrections are included in subsequent editions.

for the specific

05/2017 Subject to change

Page 3

Preface

Validity of this manual

This document contains information on the following product:

● CP 1243-7 LTE-EU Article number 6GK7 243-7KX30-0XE0 Hardware product version 2 Firmware version V3.0 Communications processor for connection of the SIMATIC S7-1200 via LTE, UMTS or GSM mobile wireless networks, European standard

● CP 1243-7 LTE-US

Article number 6GK7 243-7SX30-0XE0 Hardware product version 2 Firmware version V3.0 Communications processor for connection of the SIMATIC S7-1200 via LTE- or UMTS mobile wireless networks, North American standard (AT&T certified)

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Figure 1 CP 1243-7 LTE

Behind the top hinged cover of the module housing, next to the article number you will see the hardware product version printed as a placeholder "X" (for example X 2 3 4). In this case, "X" would be the placeholder for hardware product version 1.

You will find the firmware version of the CP as supplied behind the top hinged cover of the housing to the left below the LED field.

You will find the IMEI under the lower hinged cover of the housing.

Page 4

Preface

Abbreviations/acronyms

CP / submodule / module

TCSB

Mobile wireless network

Purpose of the manual

New in this issue

Replaced manual issue

Current manual release on the Internet

●

Simplified designation of the CP 1243-7 LTE-EU / CP 1243-7 LTE-USCP 1243-7 LTE-EU / CP 1243-7 LTE-US

●

TeleControl Server Basic V3, OPC server for telecontrol communication

●

The mobile wireless network(s) that support or use the relevant CP.

The precise standards and frequency bands which the two CPs support can be found in the sections Connecting the S7-1200 to a mobile wireless network (Page 11) and Technical specifications (Page 133).

This manual describes the properties of these modules and supports you when installing and commissioning the device.

The necessary configuration steps are described in the form of an overview.

You will also find instructions for operation and information about the diagnostics options of the device.

● New hardware product version 2

● New functions in the firmware version named above include:

– Sending messages even without telecontrol communication

– Changed behavior during time-of-day synchronization, see section Time-of-day

– Extended diagnostic functions

● Functional improvement of data point configuration as of STEP 7 V14 SP1. see section Data point configuration (Page 76).

● Editorial revision

Edition 05/2016

synchronization (Page 47).

You will also find the current version of this manual on the Internet pages of Siemens Industry Online Support at the following address:

Link: (https://support.industry.siemens.com/cs/ww/en/ps/15924/man)

CP 1243-7 LTE

4 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 5

Preface

Required experience

Cross references

Sources of information and other documentation

License conditions

Note Open source software

Read the license conditions for open source software carefully before using the product.

Security information

To install, commission and operate the CP, you require experience in the following areas:

● Automation engineering

● Setting up the SIMATIC S7-1200

● SIMATIC STEP 7 Basic / Professional

● Data transfer via mobile wireless networks and Internet

In this manual there are often cross references to other sections.

To be able to return to the initial page after jumping to a cross reference, some PDF readers support the command <Alt>+<left arrow>.

You will find an overview of further reading and references in the Appendix of this manual.

You will find license conditions in the following document on the supplied data medium:

● OSS_CP124x7_86.pdf

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, systems, machines and networks.

In order to protect plants, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art industrial security concept. Siemens’ products and solutions only form one element of such a concept.

Customer is responsible to prevent unauthorized access to its plants, systems, machines and networks. Systems, machines and components should only be connected to the enterprise network or the internet if and to the extent necessary and with appropriate security measures (e.g. use of firewalls and network segmentation) in place.

Additionally, Siemens’ guidance on appropriate security measures should be taken into account. For more information about industrial security, please visit Link: (http://www.siemens.com/industrialsecurity)

Siemens’ products and solutions undergo continuous development to make them more secure. Siemens strongly recommends to apply product updates as soon as available and to

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 6

Preface

Firmware

Recycling and disposal

SIMATIC NET glossary

Training, Service & Support

always use the latest product versions. Use of product versions that are no longer supported, and failure to apply latest updates may increase customer’s exposure to cyber threats.

To stay informed about product updates, subscribe to the Siemens Industrial Security RSS Feed under Link: (http://www.siemens.com/industrialsecurity)

The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device.

The product is low in pollutants, can be recycled and meets the requirements of the WEEE directive 2012/19/EU "Waste Electrical and Electronic Equipment".

Do not dispose of the product at public disposal sites. For environmentally friendly recycling and the disposal of your old device contact a certified disposal company for electronic scrap or your Siemens contact.

Keep to the local regulations.

You will find information on returning the product on the Internet pages of Siemens Industry Online Support: Link: (https://support.industry.siemens.com/cs/ww/en/view/109479891)

Explanations of many of the specialist terms used in this documentation can be found in the SIMATIC NET glossary.

You will find the SIMATIC NET glossary here:

● SIMATIC NET Manual Collection or product DVD

The DVD ships with certain SIMATIC NET products.

● On the Internet under the following address:

Link: (https://support.industry.siemens.com/cs/ww/en/view/50305045)

You will find information on Training, Service & Support in the multi-language document "DC_support_99.pdf" on the data medium supplied with the documentation.

CP 1243-7 LTE

6 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 7

Preface ................................................................................................................................................... 3

1 Application and properties ..................................................................................................................... 11

2 LEDs and connectors ............................................................................................................................ 27

3 Installation, connecting up, commissioning ............................................................................................ 33

4 Configuration ........................................................................................................................................ 41

1.1 Connecting the S7-1200 to a mobile wireless network ........................................................... 11

1.2 Communications services ....................................................................................................... 13

1.3 Other services and properties ................................................................................................. 15

1.4 Security functions .................................................................................................................... 16

1.5 Configuration limits and performance data ............................................................................. 18

1.6 Requirements for operation .................................................................................................... 20

1.7 Configuration examples .......................................................................................................... 22

2.1 Opening the housing ............................................................................................................... 27

2.2 LEDs ....................................................................................................................................... 28

2.3 Electrical connectors ............................................................................................................... 31

2.3.1 Power supply .......................................................................................................................... 31

2.3.2 Wireless interface ................................................................................................................... 32

3.1 Important notes on using the device ....................................................................................... 33

3.1.1 Notices on use in hazardous areas ........................................................................................ 33

3.1.2 Notes on use in hazardous areas according to ATEX / IECEx .............................................. 34

3.1.3 Notices regarding use in hazardous areas according to UL HazLoc ..................................... 35

3.2 Installing the CP and commissioning ...................................................................................... 35

3.3 Notes on operation .................................................................................................................. 40

4.1 Security recommendations ..................................................................................................... 41

4.2 Configuration in STEP 7 ......................................................................................................... 44

4.3 Information required for configuration ..................................................................................... 45

4.4 Time-of-day synchronization ................................................................................................... 47

4.5 Communication types ............................................................................................................. 50

4.6 Mobile wireless communications settings ............................................................................... 51

4.7 Ethernet interface (X1) ............................................................................................................ 53

4.7.1 Access to the Web server ....................................................................................................... 56

4.8 Partner stations ....................................................................................................................... 57

4.8.1 Partner stations > Telecontrol server ...................................................................................... 57

4.8.2 Acknowledgment ..................................................................................................................... 60

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 8

Table of contents

5 Program blocks .................................................................................................................................... 105

4.8.3 Connection establishment ...................................................................................................... 60

4.8.4 Partner for inter-station communication ................................................................................. 61

4.9 DNS configuration .................................................................................................................. 62

4.10 Communication with the CPU ................................................................................................ 62

4.11 Security .................................................................................................................................. 65

4.11.1 CP identification ..................................................................................................................... 66

4.11.2 Firewall ................................................................................................................................... 67

4.11.2.1 Notation for the source IP address (advanced firewall mode) ............................................... 67

4.11.2.2 Firewall settings for configured connection connections via a VPN tunnel ........................... 67

4.11.3 Authorized phone numbers .................................................................................................... 67

4.11.4 E-mail configuration ............................................................................................................... 68

4.11.5 Log settings - Filtering of the system events ......................................................................... 69

4.11.6 VPN ........................................................................................................................................ 69

4.11.6.1 VPN (Virtual Private Network) ................................................................................................ 69

4.11.6.2 Addressing the CP when using VPN ..................................................................................... 70

4.11.6.3 Creating a VPN tunnel for S7 communication between stations ........................................... 70

4.11.6.4 Communications partners in a VPN group ............................................................................ 72

4.11.6.5 Connection to the telecontrol server ...................................................................................... 73

4.11.6.6 CP as passive subscriber of VPN connections ...................................................................... 73

4.11.6.7 SYSLOG ................................................................................................................................ 73

4.11.7 Certificate manager ................................................................................................................ 74

4.11.8 Handling certificates ............................................................................................................... 74

4.12 Data point configuration ......................................................................................................... 76

4.12.1 Data point configuration ......................................................................................................... 76

4.12.2 Datapoint types ...................................................................................................................... 83

4.12.3 Syntax of the data point names ............................................................................................. 84

4.12.4 Process image, type of transmission, event classes, triggers ............................................... 84

4.12.5 Status IDs of data points ........................................................................................................ 87

4.12.6 Data point index ..................................................................................................................... 88

4.12.7 Read cycle ............................................................................................................................. 89

4.12.8 "Trigger“ tab ........................................................................................................................... 90

4.12.9 Threshold value trigger .......................................................................................................... 91

4.12.10 Analog value preprocessing ................................................................................................... 93

4.12.11 Partner stations: Configuring the inter-station communication .............................................. 99

4.12.11.1 Options for specifying the communications partner ............................................................... 99

4.13

Messages ............................................................................................................................. 100

4.14 Permitted characters in the configuration ............................................................................ 103

5.1 Program blocks for OUC ...................................................................................................... 105

5.2 Programming SMS messages via OUC .............................................................................. 107

5.3 TC_CONFIG for changing configuration data of the CP ...................................................... 110

5.4 IF_CONF: SDT for the configuration data of the CP ............................................................ 113

CP 1243-7 LTE

8 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 9

Table of contents

6 Diagnostics and upkeep ...................................................................................................................... 119

7 Technical specifications ...................................................................................................................... 133

A Dimension drawings ............................................................................................................................ 137

B Approvals ............................................................................................................................................ 139

C Accessories ........................................................................................................................................ 147

D Documentation references .................................................................................................................. 151

Index................................................................................................................................................... 153

6.1 Diagnostics options ............................................................................................................... 119

6.2 Processing status of messages ............................................................................................ 122

6.3 Loading firmware .................................................................................................................. 124

6.4 Module replacement ............................................................................................................. 127

6.5 TeleService ........................................................................................................................... 127

6.5.1 Configuration of the TeleService access .............................................................................. 127

6.5.2 Establishment of a TeleService connection .......................................................................... 129

7.1 General technical specifications ........................................................................................... 133

7.2 Technical specifications - wireless interface (CP 1243-7 LTE-EU) ...................................... 134

7.3 Technical specifications - wireless interface (CP 1243-7 LTE-US) ...................................... 135

7.4 Pin assignment of the socket for the external power supply ................................................ 136

C.1 Antenna ................................................................................................................................. 147

C.2 TS Gateway .......................................................................................................................... 147

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 10

Table of contents

CP 1243-7 LTE

10 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 11

1.1

Connecting the S7-1200 to a mobile wireless network

Mobile wireless standards, frequency bands

CP 1243-7 LTE-EU

CP 1243-7 LTE-US

Changing the mobile wireless standard if the network is not available

National approvals

The CP is intended for use in industrial environments.

Using the CP, the S7-1200 SIMATIC controller can be connected to mobile wireless networks of the following standards:

●

The CP supports the following mobile wireless standards:

– LTE

– UMTS

– GSM

●

The CP is certifies by AT&T supports the following mobile wireless standards:

– LTE

– UMTS

– GSM

You will find the supported frequency bands in the section Technical specifications (Page 133).

Unless explicitly stated differently in the following manual, the telecontrol communication relates to connections to a telecontrol server with the application TCSB (TeleControl Server Basic V3).

If the establishment of a connection via a mobile wireless network with the LTE standard fails, the CP attempts to dial in to an available network with the next lower mobile wireless standard. The following fallback behavior applies:

● CP 1243-7 LTE-EU: LTE → UMTS → GSM

● CP 1243-7 LTE-US: LTE → UMTS → GSM (if network exists)

This is only possible if the corresponding mobile wireless standard is enabled in the configuration of the CP.

In countries in which the CP is approved, you will find this on the Internet on the pages of Siemens Industry Online Support. You will find the link in the section Approvals (Page 139).

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 12

Application and properties

Communication types

Telecontrol communication

Inter-station communication

Direct communication

IP-based WAN communication via mobile wireless networks

GPRS / EDGE

Note No CDMA

The CP is not suitable for GSM networks in which the code multiplex method Division Multiple Access" (CDMA) is used.

UMTS / HSPA

1.1 Connecting the S7-1200 to a mobile wireless network

The CP allows the following types of WAN communication:

●

WAN communication between S7-1200 stations and the telecontrol server (TCSB) in the master station

●

Communication between stations and the master station (telecontrol communication)

●

Direct inter-station communication between stations (Open User Communication) via program blocks

The CP allows WAN communication from remote stations with a master station, communication between stations via a master station (inter-station communication) and direct communication between stations.

The CP supports the following services for communication via the mobile wireless network or via the mobile wireless network and the Internet:

● Data services

Transfer of process data via mobile wireless networks with the following standards:

–

(General Packet Radio Service)

The packet-oriented services for data transmission GPRS/EDGE are handled via the GSM network.

"Code

–

(Universal Mobile Telecommunications System) / (High Speed Packet Access)

UMTS allows significantly higher transmission speeds than GSM.

HSPA is a further development of UMTS and once again allows higher transmission speeds.

– LTE

(Long Term Evolution)

Mobile wireless specification with a higher transmission speed than UMTS.

CP 1243-7 LTE

12 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 13

Application and properties

1.2

Communications services

Telecontrol communication

1.2 Communications services

● SMS

(Short Message Service)

The CP can send and receive SMS messages.

● E-mail

The CP can send e-mails via mobile wireless and the Internet.

The CP is intended for use in an industrial environment. The following applications are supported by the CP:

The following applications are possible if telecontrol communication is enabled in the configuration of the CP.

● Communication with a control center

Remote S7-1200 stations communicate via the mobile wireless network and the Internet with a telecontrol server in the master station. The telecontrol server communicates with a higher-level control system using the integrated OPC server function.

● Event-driven sending of messages using SMS or e-mail

Via the mobile wireless network, the CP sends SMS messages to mobile phones or emails to PCs with an Internet connection.

Both types of messages are configured in telecontrol communication in STEP 7. The use of program blocks is not necessary.

For information on the configuration, refer to sections E-mail configuration (Page 68) and Messages (Page 100).

● Inter-station communication between S7-1200 stations via the telecontrol server

In this application, the CP establishes a connection to the telecontrol server via the mobile wireless network. The telecontrol server forwards the messages to the destination station.

For this communications service, the CP and TCSB use their own protocol on OSI layer 7 that among other things supports certain security functions, see section Security functions (Page 16).

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 14

Application and properties

Direct communication via Open User Communication (OUC)

S7 communication

TeleService via the mobile wireless network

1.2 Communications services

The program blocks of Open User Communication provide the CP with the following communication options:

● Communication between S7-1200 stations via the mobile wireless network

For this, the CP must be assigned a fixed IP address, see section Other services and properties (Page 15).

● SMS and e-mail messages via the mobile wireless network

– Sending and receiving SMS messages on mobile phones or S7 stations

– Sending e-mails to PCs with an Internet connection

In contrast to the two corresponding services of telecontrol communication (see above), to transfer SMS messages/e-mails via OUC, program blocks need to be used, see section Program blocks for OUC (Page 105).

You will find examples of applications in the section Configuration examples (Page 22).

Reading / writing data from / to a CPU via the mobile wireless network is possible if S7 communication is enabled in the configuration of the CP.

The following instructions are supported:

● PUT / GET

You will find details on the program blocks in the information system of STEP 7

For S7 communication, the CP requires a fixed IP address, see section Other services and properties (Page 15).

TeleService is possible if the online functions are enabled in the configuration of the CP.

A TeleService connection can be established between an engineering station (PC with STEP 7) and a remote S7-1200 station via the mobile wireless network and the Internet.

You can use the TeleService connection for the following purposes:

● Downloading project or program data from the STEP 7 project to the station

● Querying diagnostics data on the station

You will find application examples of the structure in the section Configuration examples (Page 22).

For more detailed information, refer to section Establishment of a TeleService connection (Page 129).

CP 1243-7 LTE

14 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 15

Application and properties

1.3

Other services and properties

Data point configuration

IP configuration

Time-of-day synchronization

Access to the Web server of the CPU

Data buffering: Storage of event data

Data transfer is on request or triggered

1.3 Other services and properties

●

Due to the data point configuration in STEP 7, programming program blocks in order to transfer the process data is unnecessary. The individual data points are processed oneto-one in the control system.

●

The CP is assigned a dynamic or a fixed IP address by the mobile wireless network provider:

– Dynamic IP address

When using telecontrol communication, the mobile wireless network provider generally assigns the CP a dynamic IP address. You set this in STEP 7 in the parameter group "Ethernet interface > Ethernet addresses".

– Fixed IP address

To use S7 communication or to receive data via Open User Communication, the CPU must be reachable via a fixed IP address. In this case, enter the fixed IP address assigned by the mobile wireless network provider in the same parameter group.

●

The CP supports various methods of time-of-day synchronization. You will find information in the section Time-of-day synchronization (Page 47).

For information on the format of the time stamp, refer to the section Datapoint types (Page 83).

●

With the aid of the Web server of the CPU, you can read out module data from the station.

●

If a connection fails, the CP can buffer the data of events of different classes and transfer them bundled to the telecontrol server.

●

The telecontrol communication with TCSB is triggered in two ways:

– After a request by TCSB or an OPC client connected to TCSB

– Triggered by various selectable criteria

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 16

Application and properties

Logging status data and its transfer to the telecontrol server

Analog value processing

Diagnostics SMS message

1.4

Security functions

Security functions of the telecontrol protocol

TeleControl Basic

Encrypted telecontrol communication

Authorized phone numbers

Telecontrol password

STARTTLS / SMTPS

NTP (secure)

HTTPS

1.4 Security functions

e. g.

– Data volumes transferred

– ID of the wireless cell in the area of the station

– GSM signal strength

– Communication status

etc.

●

Analog values can be preprocessed on the CP according to various methods.

●

At the request of a mobile phone, the CP sends an SMS message with diagnostics data to this mobile phone.

The CP supports the following security functions:

●

–

As an integrated (unconfigurable) security function, the TeleControl Basic protocol encrypts the data for transfer.

You configure the interval of the key exchange between the CP and telecontrol server in STEP 7 in the parameter group "Ethernet interface (X1) > Advanced options > Transmission settings".

–

To authorize nodes allowed to establish a connection to the CP (e.g. mobile phones), an authorized phone number is configured for each subscriber.

–

To authenticate the CP with the telecontrol server

●

For the secure transfer of e-mails

●

For secure transfer during time-of-day synchronization with telecontrol communication disabled

●

For secure access to the Web server of the CPU

CP 1243-7 LTE

16 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 17

Application and properties

Note Plants with security requirements - recommendation

Use the following option:

•

Industrial Ethernet Security - Security functions of the CP

Firewall

Communication made secure by IPsec tunnels (VPN)

Logging

1.4 Security functions

If you have systems with high security requirements, use the secure protocols

NTP (secure) and HTTPS.

If you connect to public networks, you should use the firewall. Think about the services

you want to allow access to the station via public networks. By using the "bandwidth limitation" of the firewall, you can restrict the possibility of flooding and DoS attacks.

The following security functions can be used independently of telecontrol communication.

With Industrial Ethernet Security, individual devices, automation cells or network segments of an IP-based network can be protected. The data transfer via the CP can be protected from the following attacks by a combination of different security measures:

● Data espionage

● Data manipulation

● Unauthorized access

Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces of the CPU.

As a result of using the CP as a security module, the following additional security functions are accessible to the S7-1200 station on the interface to the external network:

●

– IP firewall with stateful packet inspection (layer 3 and 4)

– Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)

– Limitation of the transmission speed ("Bandwidth limitation")

– Global firewall rules

●

VPN tunnel communication allows the establishment of a secure IPsec tunnel for communication with a security module.

The CP can be put together with other modules to form VPN groups during configuration. IPsec tunnels (VPN) are created between all security modules of a VPN group. All internal nodes of these security modules can communicate securely with each other through these tunnels.

●

To allow monitoring, events can be stored in log files that can be read out using the configuration tool or can be sent automatically to a Syslog server.

For information on configuring the security functions, refer to the section Auto-Hotspot.

You will find further information on the functionality and configuration of the security functions in the information system of STEP 7 and in the manual /5/ (Page 152).

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 18

Application and properties

1.5

Configuration limits and performance data

Number of simultaneous connections for telecontrol communication

Number of simultaneous TeleService connections

Number of simultaneous connections for S7 communication and Open User Communication

Number of connections to NTP servers

Number of possible partners for inter-station communication

1.5 Configuration limits and performance data

● 1 reserved connection for user data exchange with the telecontrol server

● Max. 1 TeleService connection

A maximum total of 22 connection resources for S7 communication and Open User Communication (OUC)Open User Communication (OUC)

The maximum number can be divided up as follows into:

● S7 connections: Maximum 8

– (PUT/GET)

● OUC connections Maximum 8

– TCP connections

– ISO-on-TCP connections

– UDP connections

● Additional free resources for S7 or OUC connections: Maximum 6

● Max. 1 connection to an NTP server

● Max. 13 CPs as partners for inter-station communication

Of which:

– Sending

Max. 3 partners

Note: In total along with the telecontrol server it is possible to send to max. 4 partners. The send buffer would divide itself up proportionately with 4 partners, i.e. 16000 event messages for each partner.

– Receiving

Max. 10 partners

● Partners can be S7-1200 CPs with data point configuration and use of the protocol "TeleControl Basic".

CP 1243-7 LTE

18 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 19

Application and properties

User data

Number of data points for the data point configuration

Frame memory (send buffer)

Messages: E-mail / SMS

IPsec tunnel (VPN)

Firewall rules

1.5 Configuration limits and performance data

With the connection types listed below, the user data of a frame represent a consistent data area in terms of the time of transfer.

User data per frame with the various connection types:

● For TCP connections: Max. 8192 bytes

● For ISO-on-TCP connections: Max. 1452 bytes

● For UDP connections: Max. 1472 bytes

With frames of telecontrol communication, the individual values of the data points are time stamped.

The maximum number of configurable data points is 200.

The CP has a frame memory (send buffer) for data points configured as an event.

The send buffer has a maximum size of 64 000 events divided into equal parts for all configured communications partners. The size of the frame memory can be set in STEP 7. See also section Process image, type of transmission, event classes, triggers (Page 84).

Up to 10 messages can be configured in STEP 7 and sent as e-mails or SMS messages.

Maximum number of characters that can be transferred per SMS message: 160 ASCII characters including any value sent at the same time

Maximum number of characters that can be transferred per e-mail: 256 ASCII characters including any value sent at the same time

An IPsec tunnel can be established for secure communication with another Security module.

The maximum number of firewall rules in advanced firewall mode is limited to 256.

The firewall rules are divided up as follows:

● Maximum 226 rules with individual addresses

● Maximum 30 rules with address ranges or network addresses

(e.g. 140.90.120.1 - 140.90.120.20 or 140.90.120.0/16)

● Maximum 128 rules with limitation of the transmission speed ("Bandwidth limitation")

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 20

Application and properties

1.6

Requirements for operation

Hardware requirements

Configuration software

Program blocks for Open User Communication and S7 communication

1.6 Requirements for operation

Apart from the CP. the following hardware is required in the S7-1200:

● CP

The requirement for the firmware version V3 of the CP is a CP with hardware product version 2.

● A CPU with firmware version as of V3

The full functionality of the CP is only available with a CPU as of V4.2.

● An external antenna for the CP

Use only the antenna from the accessories program for the CP, refer to the appendix Antenna (Page 147).

● For telecontrol communication, a PC with an Internet connection is required for the telecontrol server in the master station.

● If you intend to use TeleService via mobile wireless, a TeleService gateway with Internet access is required for configurations without a telecontrol server. This is a PC on which the "TS Gateway" software is installed, see appendix TS Gateway (Page 147).

To use the full range of functions the following configuration tool is required to configure the module:

STEP 7 Basic V14.0 + SP1

For Open User Communication and S7 communication, program blocks are required, see section Communications services (Page 13).

CP 1243-7 LTE

20 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 21

Application and properties

Software for telecontrol communication and TeleService

Requirements for using mobile wireless services

1.6 Requirements for operation

The CP is configured in "Telecontrol" mode.

● For the telecontrol communication

The telecontrol server requires the "TCSB" (TeleControl Server V3) software in the master station.

● For TeleService

For TeleService a switching station is required between the CP and the engineering station (with STEP 7 in the version specified above).

This is either the telecontrol server or a TeleService gateway:

– When using telecontrol communication, the telecontrol server is the switching station.

– To use TeleService without a telecontrol server, the "TS Gateway" software is required

for the TeleService gateway.

The software and the manual describing it are on the DVD that ships with the CP.

For the documentation of the application, see /4/ (Page 152) or /3/ (Page 152) in the References.

● Local availability of a mobile wireless network in the range of the station.

● A contract with a suitable mobile wireless network provider

The contract must allow the transfer of data.

IP address:

– For communication with the telecontrol server, a private (fixed) or public (dynamic) IP

address assigned by the mobile wireless network provider can be used.

– For direct communication between S7 stations (S7 communication and Open User

Communication via T blocks) the mobile wireless network provider must assign a fixed IP address to the CP and forward the frames to the destination nodes.

● The SIM card and PIN belonging to the mobile wireless contract

The SIM card is inserted in the CP.

With mobile wireless contracts in which the network provider does not assign a PIN, no PIN is necessary for the configuration of the CP.

● Access point (Access Point)

For the transition between the mobile wireless network and Internet you require an access point. The name of the access point (APN) and the access data are configured for the CP in STEP 7.

Generally the mobile wireless network providers make an access point available.

Note the information on APNs in the section Auto-Hotspot.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 22

Application and properties

1.7

Configuration examples

SMS messages and e-mails

SMS

E-mails

1.7 Configuration examples

Below, you will find configuration examples for stations with a CP 1243-7 LTE.

Figure 1-1 Sending messages by SMS from an S7-1200 station

The CP can send SMS messages to a mobile phone or a configured S7-1200 station and receive from these nodes. The mechanisms for this are as follows:

● SMS messages generated and sent as the result of an event.

For a description of the configuration, refer to the sections Data point configuration (Page 76) and Messages (Page 100).

● SMS messages that are sent or received due to calling the corresponding program blocks of Open User Communication.

You will find information on the blocks in the section Program blocks for OUC (Page 105), you will find the description of the programming in the STEP 7 information system.

● Using a mobile phone, a diagnostics SMS can be requested, see section Diagnostics options (Page 119).

For all mobile phones that send SMS messages to the CP, the authorize phone number must be specified in the STEP 7 configuration of the CP (parameter group "Security > Authorized phone number").

The CP can send e-mails to a PC with an Internet connection or a mobile phone. The mechanisms for this are as follows:

● E-mails generated and sent as the result of an event.

For a description of the configuration, refer to the sections Data point configuration (Page 76), Messages (Page 100) and E-mail configuration (Page 68).

CP 1243-7 LTE

22 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 23

Application and properties

Telecontrol by a control center

1.7 Configuration examples

● E-mails sent as a result of calling the program block TMAIL_C.

You will find information on the blocks in the section Program blocks for OUC (Page 105), you will find the description of the programming in the STEP 7 information system.

If you want to use the secure transfer of e-mails, the CP must have the current time of day.

Figure 1-2 Communication between S7-1200 stations and a control center

In the telecontrol applications, the CP communicates with a telecontrol server with an Internet connection via the mobile wireless network. The "TeleControl Server Basic V3" (TCSB) application is installed on the telecontrol server in the master station. This results in the following use cases:

● Communication between a station and a control room with OPC client

The station communicates with the telecontrol server. Using its integrated OPC server, the telecontrol server exchanges data with the OPC client of the control room.

The OPC client and telecontrol server can be located on a single computer, for example when TCSB is installed on a control center computer with WinCC.

● Inter-station communication via a control center

Inter-station communication is possible with S7 stations equipped with a suitable telecontrol CP: CP 1243-1, CP 1242-7 GPRS V2, CP 1243-7 LTE

To allow inter-station communication, the telecontrol server forwards the messages of the sending station to the receiving station.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 24

Application and properties

Direct communication between stations

TeleService via the mobile wireless network

TeleService with telecontrol server

1.7 Configuration examples

Figure 1-3 Direct communication between two S7-1200 stations

In this configuration, two SIMATIC S7-1200 stations communicate directly with each other using the CP via the mobile wireless network. Each CP has a fixed IP address. The relevant service of the network provider must allow this.

In TeleService via the mobile wireless network, an engineering station on which STEP 7 is installed communicates via the mobile wireless network and the Internet with the CP in the S7-1200.

Since the firewall of the network provider is normally closed for connection requests from the outside, a switching station between the remote station and the engineering station is required. This switching station can be a telecontrol server or, if there is no telecontrol server in the configuration, a TeleService gateway.

The connection runs via the telecontrol server.

● The engineering station and telecontrol server are connected via the Intranet (LAN) or Internet.

● The telecontrol server and remote station are connected via the Internet and via the mobile wireless network.

The engineering station and telecontrol server can also be the same computer; in other words, STEP 7 and TCSB are installed on the same computer.

CP 1243-7 LTE

24 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 25

Application and properties

TeleService with TeleService gateway (via LAN)

1.7 Configuration examples

Figure 1-4 TeleService via the mobile wireless network in a configuration with telecontrol server

The connection between the engineering station and S7 station is via the TeleService gateway.

The engineering station is connected to the TeleService gateway via LAN.

Figure 1-5 TeleService via the mobile wireless network with TeleService gateway, connection via LAN

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 26

Application and properties

TeleService with TeleService gateway (via the Internet)

1.7 Configuration examples

The connection between the engineering station and S7 station is via the TeleService gateway.

The engineering station is connected to the TeleService gateway via the Internet.

Figure 1-6 TeleService via the mobile wireless network with TeleService gateway, connection via

the Internet

CP 1243-7 LTE

26 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 27

2.1

Opening the housing

Location of the display elements and the electrical connectors

Opening the housing

The LEDs for the detailed display of the module statuses are located behind the upper cover of the module housing.

The socket for the power supply is located on the top of the module.

The connector for the external antenna is located on the bottom of the module.

The compartment for inserting the SIM card is located behind the upper hinged cover of the module.

Open the upper or lower cover of the housing by pulling it down or up as shown in the illustration. The covers extend beyond the housing to give you a grip.

Figure 2-1 Opening the housing

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 28

LEDs and connectors

2.2

LEDs

LEDs of the module

LED / colors

Name

Meaning

red/green

LED / colors

Name

Meaning

red/green

green

yellow / green

green

Note LED colors when the module starts up

When the module starts up, all its LEDs are lit for a short time. Multicolored LEDs display a color mixture. At this point in time, the colo

Display of the operating and communication status

2.2 LEDs

The CP has the following LEDs for displaying the status:

● "DIAG" LED on the front panel

The "DIAG" LED that is always visible shows the basic statuses of the module.

● LEDs below the upper cover of the housing

These LEDs provide further details on the module status.

Table 2- 1 LED on the front panel

Table 2- 2 LEDs below the upper cover of the housing

DIAG Basic status of the module

NETWORK Status of the connection to the mobile wireless network

CONNECT Status of the connection to the master station

SIGNAL QUALITY Signal quality of the mobile wireless network

VPN Status of the VPN connection

r of the LEDs is not clear.

The LED symbols in the following tables have the following significance:

CP 1243-7 LTE

28 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 29

LEDs and connectors

Symbol LED status

OFF

ON (steady light)

Flashing

Not relevant

DIAG

NETWORK

CONNECT

SIGNAL

QUALITY

green)

VPN

Meaning

Display of the basic statuses of the module

red

green

flashing red

Connection to the mobile wireless network

mobile wireless network

wireless network

2.2 LEDs

Table 2- 3 Meaning of the LED symbols

(red / green)

flashing red

The LEDs indicate the operating and communications status of the module according to the following scheme:

(red / green)

- - - - Running (RUN) without error

(green)

(yellow /

Power OFF

Startup

- - Errors:

• Invalid CP configuration or

• CP type does not match the configuration data on the CPU.

- - - Missing SIM card

- - - Missing or incorrect PIN

- - - Existing connection to the service in the

- - - No connection to the service in the mobile

- - Backplane bus error

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 30

LEDs and connectors

DIAG

NETWORK

CONNECT

SIGNAL

QUALITY

green)

VPN

Meaning

Connection to communications partners

green

Quality of the mobile wireless connection

flashing red

VPN connections

Loading firmware

green.

2.2 LEDs

(red / green)

flashing

green

flashing

(red / green)

(green)

(yellow /

- - Connection established to at least one partner, CPU in RUN

- - Connection established to at least one partner, CPU in STOP

- - No partner reachable, CPU in RUN

- - No partner reachable, CPU in STOP

- - Telecontrol configuration exists, partner not reachable, CPU in RUN mode

- - Telecontrol configuration exists, partner not reachable, CPU in STOP mode

- - -

- - - -

- -

- Good network (-73 ... ≥ -51 dBm)

- Medium strength network (-89 ... -74 dBm)

- Weak network (-109 ... -90 dBm)

- No network (≤ -110 dBm)

- Missing external power supply

VPN connection established

No VPN connection established

No VPN connection configured on the CP

Loading firmware. The "DIAG" LED flashes alternating red and

30 Operating Instructions, 04/2017, C79000-G8976-C381-03

CP 1243-7 LTE

Page 31

LEDs and connectors

DIAG

NETWORK

CONNECT

SIGNAL

QUALITY

green)

VPN

Meaning

green

2.3

Electrical connectors

2.3.1

Power supply

2.3 Electrical connectors

(red / green)

flashing

flashing red

(red / green)

(green)

(yellow /

Firmware was successfully loaded.

• Error loading firmware or

• Internal error of the CP; remedy: Power OFF → ON

The 3-pin socket for the external 24 V DC power supply is located on the top of the module. The matching plug ships with the product.

You will find the pin assignment of the socket in section Pin assignment of the socket for the external power supply (Page 136).

Figure 2-2 Socket for the 24 V DC power supply

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 32

LEDs and connectors

2.3.2

Wireless interface

Wireless interface for the mobile wireless network

More detailed information on the electrical connections

2.3 Electrical connectors

An extra antenna is required for communication in the mobile wireless network. This is connected via the SMA socket of the CP. The SMA socket is located behind the lower front cover of the CP.

You will find the antenna permitted in the section Accessories (Page 147).

For technical information on the electrical connections, refer to the section Technical specifications (Page 133).

CP 1243-7 LTE

32 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 33

3.1

Important notes on using the device

Safety notices on the use of the device

Overvoltage protection

NOTICE

Protection of the external power supply

3.1.1

Notices on use in hazardous areas

WARNING

EXPLOSION HAZARD

WARNING

Note the following safety notices when setting up and operating the device and during all associated work such as installation, connecting up or replacing the device.

If power is supplied to the module or station over longer power cables or networks, the coupling in of strong electromagnetic pulses onto the power supply cables is possible. This can be caused, for example by lightning strikes or switching of higher loads.

The connector of the external power supply is not protected from strong electromagnetic pulses. To protect it, an external overvoltage protection module is necessary. The requirements of EN61000-4-5, surge immunity tests on power supply lines, are met only when a suitable protective element is used. A suitable device is, for example, the Dehn Blitzductor BVT AVD 24, article number 918 422 or a comparable protective element.

Manufacturer: DEHN+SOEHNE GmbH+Co.KG Hans Dehn Str.1 Postfach 1640 D-92306 Neumarkt, Germany

DO NOT OPEN WHEN ENERGIZED.

The device may only be operated in an environment with pollution degree 1 or 2 (see IEC 60664-1).

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 34

Installation, connecting up, commissioning

WARNING

EXPLOSION HAZARD

WARNING

EXPLOSION HAZARD

WARNING

3.1.2

Notes on use in hazardous areas according to ATEX / IECEx

WARNING

Requirements for the cabinet/enclosure

3.1 Important notes on using the device

The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a Limited Power Source (LPS).

This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 / VDE 0805-1 must be connected to the power supply terminals. The power supply unit for the equipment power supply must comply with NEC Class 2, as described by the National Electrical Code (r) (ANSI / NFPA 70).

If the equipment is connected to a redundant power supply (two separate power supplies), both must meet these requirements.

DO NOT CONNECT OR DISCONNECT EQUIPMENT WHEN A FLAMMABLE OR COMBUSTIBLE ATMOSPHERE IS PRESENT.

SUBSTITUTION OF COMPONENTS MAY IMPAIR SUITABILITY FOR CLASS I, DIVISION 2 OR ZONE 2.

When used in hazardous environments corresponding to Class I, Division 2 or Class I, Zone 2, the device must be installed in a cabinet or a suitable enclosure.

To comply with EU Directive 94/9 (ATEX95), the enclosure or cabinet must meet the requirements of at least IP54 in compliance with EN 60529.

CP 1243-7 LTE

34 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 35

Installation, connecting up, commissioning

WARNING

3.1.3

Notices regarding use in hazardous areas according to UL HazLoc

WARNING

EXPLOSION HAZARD

3.2

Installing the CP and commissioning

Prior to installation and commissioning

WARNING

Read the system manual "S7-1200 Programmable Controller"

3.2 Installing the CP and commissioning

If the cable or conduit entry point exceeds 70 °C or the branching point of conductors exceeds 80 °C, special precautions must be taken. If the equipment is operated in an air ambient in excess of 50 °C, only use cables with admitted maximum operating temperature of at least 80 °C.

Take measures to prevent transient voltage surges of more than 40% of the rated voltage. This is the case if you only operate devices with SELV (safety extra-low voltage).

DO NOT DISCONNECT WHILE CIRCUIT IS LIVE UNLESS AREA IS KNOWN TO BE NON-HAZARDOUS.

This equipment is suitable for use in Class I, Division 2, Groups A, B, C and D or nonhazardous locations only.

This equipment is suitable for use in Class I, Zone 2, Group IIC or non-hazardous locations only.

Prior to installation, connecting up and commissioning, read the relevant sections in the system manual "S7-1200 Programmable Controller", refer to the documentation in the Appendix.

When installing and connecting up, keep to the procedures described in the system manual "S7-1200 Programmable Controller".

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 36

Installation, connecting up, commissioning

Configuration

Inserting the SIM card

Note Inserting and removing the SIM card

Do not insert or remove the SIM card while the CP is operating.

Step

Execution

Notes and explanations

Turn off the power supply to the station.

gently pressing the release pin.

Turn on the power supply to the station.

3.2 Installing the CP and commissioning

One requirement for the commissioning of the CP is the completeness of the STEP 7 project data (see below). You should also read the section "Configuration (Page 41)".

Prior to installation, insert the SIM card in the CP.

Release the slide for the SIM card on the

bottom of the CP behind the lower cover by

Remove the slide from the housing.

Insert the SIM card in the slide as illustrated.

Push the slide back into the housing, where

it locks gently in place.

CP 1243-7 LTE

36 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 37

Installation, connecting up, commissioning

Dimensions for installation

S7-1200 devices

Width A

Width B *

CPU 1211C, CPU 1212C

90 mm

45 mm

CPU 1214C

110 mm

55 mm

RTD, 4 I/Os

RTD, 8 I/Os

CM 1241 RS232 / CM 1241 RS485

30 mm

15 mm

CM 1242-5 (PROFIBUS slave)

CP 124x-7

30 mm

15 mm

* Width B: The distance between the edge of the housing and the center of the hole in the DIN rail mounting clip

DIN rail mounting clips

3.2 Installing the CP and commissioning

Figure 3-1 Dimensions for installation of the S7-1200

Table 3- 1 Dimensions for installation (mm)

CPU (Examples) Signal modules (Examples)

Communications interfaces

(Examples)

8 or 16 digital I/Os 2, 4 or 8 analog I/Os Thermocouple, 4 or 8 I/Os

16 analog I/Os

CM 1243-5 (PROFIBUS master)

All CPUs, SMs, CMs and CPs can be installed on the DIN rail in the cabinet. Use the pull-out DIN rail mounting clips to secure the device to the rail. These mounting clips also lock into place when they are extended to allow the device to be installed in a switching panel. The inner dimension of the hole for the DIN rail mounting clips is 4.3 mm.

45 mm 22.5 mm

70 mm 35 mm

30 mm 15 mm

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 38

Installation, connecting up, commissioning

Procedure for installation and commissioning

NOTICE

Installation location

Installation of the rack

Installation position of the CP

Note Connection with power off

Only wire up the S7

Note Power supply from the power outputs of the CPU

The external power supply of the CP must be supplied via the power outputs of the CPU.

Keep within the maxim

You will find data relating to the current consumption and power loss of the CP in the section General technical specifications

3.2 Installing the CP and commissioning

The module must be installed so that its upper and lower ventilation slits are not covered, allowing adequate ventilation. Above and below the device, there must be a clearance of 25 mm to allow air to circulate and prevent overheating.

Remember that the permitted temperature ranges depend on the position of the installed device. You will find the permitted temperature ranges in the section General technical specifications (Page 133).

Horizontal installation of the rack

Vertical installation of the rack

-1200 with the power turned off.

um load of the power outputs of the CPU.

(Page 133).

CP 1243-7 LTE

38 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 39

Installation, connecting up, commissioning

Note Turning off the station when plugging/pulling the CP

Do not only turn off the power supply to the CP. Always turn off the power supply for the entire station.

Step

Execution

Notes and explanations

The slots to the left of the CPU are permitted.

Secure the DIN rail.

output of the CPU.

in the socket on the top of the CP.

socket for the external power supply (Page 136).

CP.

Notice

Turn on the power supply.

them closed during operation.

3.2 Installing the CP and commissioning

Table 3- 2 Procedure for installation and connecting up

Mount the CP on the DIN rail and connect it to

the module to its right.

Secure the power supply wires to the power

Secure the wires of the power supply to the

plug supplied with the CP and insert the plug

Connect the antenna to the SMA socket of the

• Protect the antenna connector using suitable overvoltage protection equipment if the antenna cable is long- er than 30 m.

• Protect the antenna connector with suitable lightning protection if you install the antenna outdoors.

• If you install several CPUs close to each other, keep to a minimum clearance of 50 cm between the anten-

nas.

Close the front covers of the module and keep

The remaining steps in commissioning involve

downloading the STEP 7 project data.

Use a 35 mm DIN rail.

The pinning is shown beside the socket on the top of the housing. You will also find this in the section Pin assignment of the

Lower surface of the CP

The STEP 7 project data of the CP is transferred when you load to the station. To load the station, connect the engineering station on which the project data is located to the Ethernet interface of the CPU.

You will find more detailed information on loading in the following sections of the STEP 7 online help:

• "Loading project data"

• "Using online and diagnostics functions"

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 40

Installation, connecting up, commissioning

3.3

Notes on operation

CAUTION

Minimum clearance to the device

NOTICE

Closing the front panels

3.3 Notes on operation

The device may only be operated when the distance between the device (or antenna) and user is at least 20 cm.

To ensure interference-free operation, keep the front panels of the module closed during operation.

CP 1243-7 LTE

40 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 41

4.1

Security recommendations

General

Physical access

APNs from mobile wireless providers.

Keep to the following security recommendations to prevent unauthorized access to the system.

● You should make regular checks to make sure that the device meets these recommendations and other internal security guidelines if applicable.

● Evaluate your plant as a whole in terms of security. Use a cell protection concept with suitable products.

● Do not connect the device directly to the Internet. Operate the device within a protected network area.

● Keep the firmware up to date. Check regularly for security updates of the firmware and use them.

● Check regularly for new features on the Siemens Internet pages.

– Here you will find information on network security:

Link: (http://www.siemens.com/industrialsecurity)

– Here you will find information on Industrial Ethernet security:

Link: (http://w3.siemens.com/mcms/industrial-communication/en/ie/industrial-ethernet-

security/Seiten/industrial-security.aspx)

– You will find an introduction to the topic of industrial security in the following

publication:

Link: (http://w3app.siemens.com/mcms/infocenter/dokumentencenter/sc/ic/InfocenterLangu

agePacks/Netzwerksicherheit/6ZB5530-1AP020BA4_BR_Network_Security_en_112015.pdf)

Restrict physical access to the device to qualified personnel.

If you configure an APN of the network provider for the mobile wireless CP, then - depending on the APN being used - it is possible that the CP can be reached publically on the Internet.

Remember this security risk when selecting the APN.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 42

Configuration

Security functions of the product

Passwords

Protocols

Secure and non-secure protocols

4.1 Security recommendations

Use the options for security settings in the configuration of the product. These includes among others:

● Protection levels

– Configure a protection level of the CPU.

You will find information on this in the information system of STEP 7.

● Security function of the communication

– Enable the Security functions of the CP.

– Use the secure Open User Communication via the appropriate program blocks.

– Disable access to the Web server of the CPU (CPU configuration) and on the CP.

● Protection of the passwords of program blocks

Protect the passwords stored in data blocks for the program blocks from being viewed. The procedure is described in the STEP 7 information system.

If you want to change parameters, for example a password, in a DB later, remember the following; The contents of a DB with know-how protection are no longer visible and can only be changed via the source or by direct assignment of parameters.

● Logging function

Enable the function in the Security configuration and check the logged events regularly for unauthorized access.

● Define rules for the use of devices and assignment of passwords.

● Regularly update the passwords to increase security.

● Only use passwords with a high password strength. Avoid weak passwords for example

"password1", "123456789" or similar.

● Make sure that all passwords are protected and inaccessible to unauthorized personnel.

See also the preceding section for information on this.

● Do not use one password for different users and systems.

● Only activate protocols that you require to use the system.

● Use secure protocols when access to the device is not prevented by physical protection

measures.

The NTP protocol provides a secure alternative with NTP (secure).

CP 1243-7 LTE

42 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 43

Configuration

Table: Meaning of the column titles and entries

Protocol / function

Port number (protocol)

Default of the port

Port status

Authentication

Protocol / function

Port number (protocol)

Default of the port

Port status

Authentication

S7 and online connections bled.

HTTP

HTTPS

443 (TCP)

Closed

Open after configuration

Yes

4.2 Configuration in STEP 7

The following table provides you with an overview of the open ports on this device.

●

Protocols that the device supports.

●

Port number assigned to the protocol.

●

– Open

The port is open at the start of the configuration.

– Closed

The port is closed at the start of the configuration.

●

– Open

The port is always open and cannot be closed.

– Open according to configuration

The port is open if it has been configured.

– Open (login, when configured)

As default the port is open. After configuring the port, the communications partner needs to log in.

●

Specifies whether or not the protocol authenticates the communications partner during access.

102 (TCP) Open when the

80 (TCP) Closed Open after configuration Yes

function is ena-

Open after configuration No

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 44

Configuration

4.2

Configuration in STEP 7

Configuring communication with the CPU (data point configuration)

Overview of the configuration steps in STEP 7

Note Changing the project number or station number for the entire STEP 7 project

If you change the p parameter group for a telecontrol CP, these parameters are changed for all CPs in the STEP 7 project.

4.2 Configuration in STEP 7

You configure the modules, networks and connections in an engineering station in SIMATIC STEP 7. You will find the required version in the section Requirements for operation (Page 20).

You can configure a maximum of three CMs/CPs per station. If you insert several CPs in an S7-1200, you can, for example, establish redundant communications paths.

CP communication is not programmed using program blocks but configured using data points.

One requirement for data point configuration is the programming of the assigned CPU and the input and output data of the station. To assign the user data to be transferred (input/output data) to the data points, you need to create PLC tags.

Notes:

● No Ethernet network needs to be created for the communication via the mobile wireless network.

● A telecontrol server or a TeleService- gateway cannot be configured in STEP 7.

Follow the steps below when configuring:

1. Create a STEP 7 project.

2. Insert the required SIMATIC stations.

3. Program the CPUs and the relevant inputs and outputs.

4. Create PLC tags for the input and output data to be transferred in the CPUs.

5. Insert the CPs in the relevant stations.

6. Configure the CPs including the data points and any messages (e-mail / SMS).

roject number or the station number in the "CP identification"

7. If required, program the program blocks for S7 communication and Open User Communication.

CP 1243-7 LTE

44 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 45

Configuration

4.3

Information required for configuration

General information

Note Configured PIN and PIN on the SIM card must match.

If you enter the PIN of the SIM card of the CP incorrectly during STEP 7 configuration and download the station, the CP stores the wrong PIN. An incorrectly entered PIN is transferred by the CP only once so that the SIM card is not locked.

If you change the PIN of the SIM card externally to the incorrectly configured PIN (new PIN of the SIM card = incorrectly entered PIN in STEP checking it.

4.3 Information required for configuration

8. Save and compile the project.

9. Download the project data to the stations.

Using the "Download to device" function, the STEP 7 project data including the configuration data of the CPs is downloaded to the relevant CPU.

You will find further information on the individual steps in the following sections and in the help system of STEP 7.

To configure and commission the CP and the connected telecontrol system, the following information is required:

The following information is required for the STEP 7 configuration of the CP:

● Own phone number of the CP (required for TeleService)

● Authorized phone numbers

Call numbers of the nodes that can instigate connection establishment by the CP with an SMS message or call.

● APN

Name of the access point (APN) from the mobile wireless network to the Internet

(information from the mobile wireless network provider)

● APN user name

User name for the access point of the mobile wireless network provider

● APN password

Password for the access point of the mobile wireless network provider

● Node number of the SMS master station (SMSC) when using SMS

● PIN of the SIM card

7), the CP rejects this PIN again without

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 46

Configuration

Note Solution after entering an incorrect PIN:

To avoid incorrectly entered PIN. Procedure:

•

– Reload the station.

Information required for telecontrol communication

CP parameter for configuring the telecontrol server

4.3 Information required for configuration

the PIN being rejected by the CP again, use a PIN that is different from the

If the PIN of the SIM card was not changed:

– Configure the PIN in STEP 7 with the PIN of the SIM card. – Reload the station.

If the original PIN of the SIM card was changed externally to the PIN that was previously

incorrectly entered in STEP 7: – Change the PIN of the SIM card externally to a new PIN that has not yet been

incorrectly configured in STEP 7.

– Change the configured PIN in STEP 7 to the newly assigned PIN of the SIM card.

The following information is required for the STEP 7 configuration of the CP:

● Address of the telecontrol server

– IP address

– Name of the telecontrol server that can be resolved by DNS

– IPT listener port of the telecontrol server. Default setting: 55097

If only connections with TCSB are used (no direct communication), a dynamic IP address can be assigned to the CP by the Internet service provider.

For addressing a redundant TCSB system, refer to the section Partner stations > Telecontrol server (Page 57).

● DNS server address(es)

You require the DNS server address if you address the telecontrol server using a name that can be resolved by DNS and the DNS is not operated by the network provider. You configure DNS in the parameter group "DNS configuration":

– If you do not specify an address, the DNS server address is obtained automatically

from the network provider (recommended procedure).

– If you want to use a different DNS server, enter its IP address. In this case, DNS

servers of the network provider are not taken into account.

The following parameters from the STEP 7 configuration of the CP are also required for the configuration of the telecontrol server:

● Address and port of the telecontrol server

CP 1243-7 LTE

46 Operating Instructions, 04/2017, C79000-G8976-C381-03

● Project number

Page 47

Configuration

Address and authentication information for communication with TCSB

4.4

Time-of-day synchronization

Synchronization method of the CP

Note Time-of-day synchronization of the CP

With applications that require time synchronize the time of day of the CP regularly. If you do not synchronize the time of day of the CP regularly, there may be deviations of several seconds per day in the time information of the CP.

With security functions enabled, you

Note Recommendation for setting the time

Synchronization with a external clock at intervals of approximately 10 seconds is recommended. This achieves as small a deviation as possible between the internal time and the absolute time.

4.4 Time-of-day synchronization

● Station number

● Slot of the CP

● Telecontrol password

● Authorized phone numbers

The following information is required for the STEP 7 configuration of the CP for communication with TCSB:

● Parameters in the "Partner stations" parameter group

– Partner IP address

Fixed IP address of the DSL router via which the telecontrol server is connected to the Internet.

– Partner port (port number of the listener port of TCSB)

● Parameters in the "CP identification" parameter group ("Security" parameter group)

– Project number

– Station number

– Password (for authentication)

-of-day synchronization (e.g. telecontrol), you need to

need to enable time-of-day synchronization.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 48

Configuration

Time from partner

NTP

NTP (secure)

Time from the CPU

Parameter groups for time-of-day synchronization

Ethernet interface

Security

4.4 Time-of-day synchronization

The CP supports the following methods of time-of-day synchronization:

●

The CP adopts the time-of-day from the communications partner in the master station.

Only when telecontrol communication is enabled.

●

The time of day is synchronized by an NTP server in the connected network.

The method can also be used when the telecontrol communication is enabled.

With CPs as of firmware version V3, the address of the NTP server can also be entered as a URL, e.g. <ntp.server.com>. For this a DNS server is required.

●

The secure method NTP (secure) uses symmetrical keys according to the hash algorithms MD5 or SHA-1.

On the CP you specify the servers used.

You configure NTP servers of the type NTP (secure) in the global security settings of STEP 7.

●

As of V4.2, the CPU synchronizes all CMs/CPs of the station with a synchronization cycle of 10 seconds.

Parameters of the CPU: If for the CPU the option "CPU synchronizes the modules of the device" is enabled, all smart modules of the station (CPs with of firmware ≥ V2.1.77) are synchronized with the CPU time in a synchronization cycle of 10 seconds.

You can configure time-of-day synchronization in the following parameter groups:

●

Here you create the configuration under the following conditions:

– Telecontrol communication is disabled.

– The security functions are disabled.

●

Here you create the configuration under the following condition:

– The security functions are enabled.

CP 1243-7 LTE

48 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 49

Configuration

Dependence of the synchronization method on the use of the CP

Telecontrol communication disabled, security disabled

Telecontrol communication disabled, security enabled

Telecontrol communication and security enabled

Time-of-day synchronization with the S7-1200

Note Recommendation: Time-of-day synchronization only by 1 module

Only have the time of day of the station from an external time source synchronized by a single module so that a consistent time of day is maintained within the station.

When the CPU takes the time from the CP

Time-of-day synchronization of the CPU

NTP

Time from CP

4.4 Time-of-day synchronization

Depending on the use of the telecontrol communication or the security functions, the following synchronization methods can be selected:

●

– NTP

– Time from the CPU

●

– NTP

– NTP (secure)

– Time from the CPU

●

– Time from partner

– NTP

– NTP (secure)

– Time from the CPU

When using an external time source, the S7-1200 station can obtain the current time of day both via the CPU as well as via a CP.

With the S7-1200 there is no forwarding of the time of day from the station to the subnet.

The following synchronization methods are possible for the CPU:

●

Only this option can be configured actively for the CPU:

, disable time-of-day synchronization of the CPU.

●

The CPU adopts the time of day from a CP of the station if time forwarding from the CP to the CPU is enabled (see below).

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 50

Configuration

Forwarding the time from the CP to the CPU

Note Forwarding the time to the CPU

Depending on the firmware version of the modules involved, the time forwarded to the CPU in different ways:

•

CP firmware ≤ V2.1.6x

CP firmware ≥ V2.1.77 and CPU firmware ≥ V4.2

4.5

Communication types

4.5 Communication types

-of-day of the CP is

Optional forwarding of the CP time to the CPU using a PLC tag Obligatory forwarding of the CP time to the CPU via the backplane bus

The forwarding of the CP time to the CPU depends on the firmware version of the CP and the CPU. Note the following behaviour.

●

With this firmware version the CP can make the time-of-day available to the CPU as an option via a PLC tag. When this PLC tag is read cyclically by the CPU, the CPU adopts the CP time.

In the parameter group "Communication with the CPU", you can set whether or not the current time of day of the CP will be made available to the CPU via a PLC tag. For TLC tags, see parameter group "Communication with the CPU" of the CP.

●

If both modules in the station have the named firmware versions, the time of day of the CP is automatically forwarded to the CPU.

Since the CPU automatically adopts the CP time, you no longer require the forwarding option using the PLC tag.

If for the CPU the option "CPU synchronizes the modules of the device" is enabled in "PROFINET interface > Time synchronization", all smart modules of the station are synchronized with the CPU time.

In this parameter group, you enable the communication type of the CP.

To minimize the risk of unauthorized access to the station via mobile wireless, you need to enable the communications services that the CP will execute individually. You can enable all options but at least one option should be enabled.

CP 1243-7 LTE

50 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 51

Configuration

"Communication types" parameter group

Enable telecontrol communication

Activate online functions

Enabling S7 communication

Enabling SMS

4.6

Mobile wireless communications settings

"Mobile wireless settings"

CP phone number

Activate PIN

4.6 Mobile wireless communications settings

●

Enables communication with a Telecontrol server on the CP.

To use telecontrol communication, the you also need to enable the security functions.

To use TeleService via the mobile wireless network you need to enable this function.

●

Enables access to the CPU for the online functions via the CP (diagnostics, loading project data etc.). If the function is enabled, the engineering station can access the CPU via the CP.

If the option is disabled, you have no access to the CPU via the CP with the online functions. Online diagnostics of the CPU with a direct connection to the interface of the CPU however remains possible.

To use TeleService via the mobile wireless network you need to enable this function.

●

Enables the functions of S7 communication with a SIMATIC S7 on the CP.

If you configure S7 connections to the relevant station, and these run via the CP, you will need to enable this option on the CP.

●

On the CP enable the receipt and sending of SMS meesages.

The function can be enabled regardless of whether telecontrol communication is enabled.

Open User Commmunication does not need to be enabled since you then need to create the relevant program blocks. Unintended access to the CP is therefore not possible.

In this parameter group you configure the following parameters:

●

Telephone number of the CP

●

If your service provider requires a PIN, enable this option.

●

PIN of the SIM card

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 52

Configuration

Enable data services

Note Subsequent disabling

If you have already used data services in operation and then disable them later, you need to reload the configuration data and change the CPU to STOP and then RUN.

GPRS (2G) / UMTS (3G) / LTE

SMSC

Note Permanent storage of the SMSC number

If you configure an SMSC number, the CP no longer accesses the SMSC data of the SIM card. This is also the case if you delete the SMSC number from the configuration again.

Recommendation: When you configure an SMS service provider located on the SIM card. If you want to use it again later, you can then use the SMSC of your provider again by configuring the SMSC number.

"APN settings"

4.6 Mobile wireless communications settings

●

Activates the use of the data services in the mobile wireless network for the CP

●

Enable the mobile wireless service(s) you want to use. You can enable individual mobile wireless services or all of them.

●

Phone number of the SMS center (Short Message Service Center)

The box has the following options:

– No number

As default, the CP adopts the SMSC data of the service provider directly from the inserted SIM card. if you want to use the SMSC number of the SIM card, leave the box empty.

– Configured number

If you want to use a different SMSC, enter the phone number of this SMSC.

Note the following:

C number, first note down the SMSC number of your

In this parameter group, you configure the data of the access point. You require the APN to send e-mails.

Note the information on security in the section Requirements for operation (Page 20).

By entering your country in the "Country" box, you can select one of the preset APNs from the drop-down list.

CP 1243-7 LTE

52 Operating Instructions, 04/2017, C79000-G8976-C381-03

Alternatively configure the APN manually.

The CP supports APNs with IPv4 and IPv6 addresses.

Page 53

Configuration

"List of preferred networks"

"TeleService settings"

4.7

Ethernet interface (X1)

The Ethernet interface

Ethernet addresses

Dynamic IP address

Fixed IP address from the mobile wireless network provider

Time-of-day synchronization

4.7 Ethernet interface (X1)

User names and passwords can contain up to 64 characters. You will find the characters permitted in the section Permitted characters in the configuration (Page 103).

In this parameter group, you specify the dial-in behavior of the CP into various mobile wireless networks.

In this parameter group, you specify the connection parameters for the TeleService server(s).

You will find an overview of configuration for TeleService and more information on this topic in the section TeleService (Page 127).

The CP does not have a physical Ethernet interface.

In STEP 7, the Ethernet interface is used as a placeholder for the configuration of various address and monitoring parameters.

Enter you configure IP address of the CP and, if applicable, the network connection.

If you enable security functions, for example when using telecontrol communication, for reasons of consistency you need to network the CP. To do this create any Ethernet network.

●

Enable this option if the CP is assigned the IP address dynamically by the network provider.

●

Enable this option if you have a mobile wireless contract with which the network provider assigns the CP a fixed IP address.

This is necessary when using S7 communication and receiving data via Open User Communication.

For the configuration of the time-of-day synchronization read the section Time-of-day synchronization (Page 47).

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 54

Configuration

Advanced options > TCP connection monitoring

TCP connection monitoring time

The parameter below the Ethernet interface

The parameter below "Partner stations"

TCP keepalive monitoring time

The parameter below the Ethernet interface

The parameter below "Partner stations"

4.7 Ethernet interface (X1)

The settings made here apply globally to all configured TCP connections of the CP. If telecontrol communication is enabled, this is the connection to the telecontrol server.

Note the option of overwriting the general value configured here for individual communications partners, refer to the section Partner stations (Page 57).

(Note: The settings made here do not apply to connections programmed for Open User Communication with the program blocks.)

●

Function: If there is no data traffic within the TCP connection monitoring time, the CP sends a keepalive to the communications partner.

Default setting: 180 s. Permitted range: 1...65535 s.

–

The monitoring time is configured for the Ethernet interface globally for all TCP connections. The parameter is preset to 180 seconds as default.

–

The parameter "TCP connection monitoring time" occurs again with the individual partners in the parameter group "Connection to partner". This parameter applies only to the individual partner. The value of 180 seconds preset on the Ethernet interface is adopted for the individual partners.

If for any reason you want to change the value of the TCP connection monitoring time for individual partners, you can adapt the value for every partner individually in "Partner stations". If. for example, you want to check the connection at shorter intervals, reduce the value. If disruptions or delays occur often when transferring in your mobile wireless network, it may be advisable to increase the value.

●

After sending a keepalive, the CP expects a reply from the communications partner within the keepalive monitoring time. If the CP does not receive a reply within the configured time, it terminates the connection.

Default setting: 180 s. Permitted range: 1...65535 s.

–

The monitoring time is configured for the Ethernet interface as a global setting for all TCP connections.

–

As with the TCP connection monitoring time, the value of "Partner stations" can be adapted for each partner individually.

CP 1243-7 LTE

54 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 55

Configuration

Advanced options > Transmission settings

Connection establishment delay

Note

If the partner cannot be reached, connection establishment via the mobile wireless network can take several minutes. This may depend on the particular network and current network load.

Depending on your contract, costs may result from each connection establishment attempt.

Send monitoring time

4.7 Ethernet interface (X1)

●

The settings made here apply to the connection to the telecontrol server.

The reconnection delay is the waiting time between repeated attempts to establish the connection by the CP when the telecontrol server is not reachable or the connection has aborted.

This waiting time avoids continuous connection establishment attempts at short intervals if there are connection problems.

A basic value is configured for the waiting time before the next connection establishment attempt. Starting at the basic value, the current waiting time is doubled after every 3 unsuccessful retries up to a maximum value of 900 s.

Default setting: 10 s. Permitted range of values for the basic value: 10...300 s

Example: A configured basic value 20 results in the following intervals (waiting times) between the attempts to re-establish a connection:

– three times 20 s

– three times 40 s

– three times 80 s

– etc. up to max. 900 s

●

Time for the arrival of the acknowledgment from the partner (Telecontrol server) after sending unsolicited frames. The time is started after sending an unsolicited frame. If no acknowledgement has been received from the partner when the connection monitoring time elapses, the frame is repeated up to three times. After three unsuccessful attempts, the connection is terminated and re-established.

Default setting: 60 s. Permitted range: 1...65535 s.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 56

Configuration

Watchdog monitoring time

Key exchange interval

4.7.1

Access to the Web server

Access to the Web server of the CPU

4.7 Ethernet interface (X1)

●

With the watchdog cycle, the CP checks the connection to the telecontrol server. The watchdog cycle is the interval without data exchange between the CP and telecontrol server after which the CP sends a watchdog frame to the telecontrol server. The watchdog cycle is only configured with TCSB (parameter "Keepalive monitoring time"). The value configured in TCSB is transferred by the telecontrol server to the CP the first time the connection is established.

Each time the CP transfers data to TCSB and receives the acknowledgment from the telecontrol server, the CP starts the watchdog cycle. When the watchdog cycle has expired the CP sends a watchdog frame to the telecontrol server.

After sending a watchdog frame, the CP starts the watchdog monitoring time within which the CP expects a reply from the telecontrol server. If the CP does not receive a reply from the Telecontrol server within the monitoring time, it terminates and re-establishes the connection.

Default setting: 30 s. Permitted range: 0...65535 s. If you enter 0 (zero), the function is disabled.

●

Here, you enter the interval in hours after which the key is exchanged again between the CP and the telecontrol server. The key is a security function of the telecontrol protocol used by the CP and TCSB V3.

Default setting: 8 s. Permitted range: 0...65535 s. If you enter 0 (zero), the function is disabled.

The Web server of the S7-1200 station is located in the CPU. Via the CP, you have access to the Web server of the CPU.

From a PC you can access the Web server of the station via TCSB if the PC is connected to the telecontrol server via LAN.

For the requirements, refer to the manual Auto-Hotspot.

With slow transmission paths between telecontrol server and station, make sure that you set the update time of the Web browser suitably low.

CP 1243-7 LTE

56 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 57

Configuration

4.8

Partner stations

4.8.1

Partner stations > Telecontrol server

Partner stations > "Telecontrol server"

Partner number

Station address

Partner stations > "Telecontrol server > "Connection to partner"

Partner IP address

Connection monitoring

4.8 Partner stations

The parameter group is only displayed when telecontrol communication is enabled.

●

The partner number for the telecontrol server is assigned automatically by the system if telecontrol communication is enabled.

●

The station address of the telecontrol server is assigned automatically by the system if telecontrol communication is enabled.

●

IP address or host name (FQDN) of the telecontrol server. This can, for example, also be the FQDN of a DynDNS service.

If the CP is connected to a TCSB redundancy group (TCSB V3), here configure the public IP address of the DSL router via which the telecontrol server can be reached from the Internet. Set the port forwarding on the DSL router so that the public IP address (external network) is led to the virtual IP address of the TCSB server PCs (internal network). The station does not therefore receive any information telling it which of the two computers of the redundancy group it is connected to.

●

When the function is enabled, the connection to the communications partner (telecontrol server) is monitored by sending keepalive frames.

The TCP connection monitoring time is set for all TCP connections of the CP in the parameter group of the Ethernet interface. The setting applies to all TCP connections of the CP.

Here in the parameter group "Partner stations > Telecontrol server", the globally set TCP connection monitoring time can be set separately for the telecontrol server. The value set here overwrites the global value for the telecontrol server that was set in the "Ethernet interface (X1) > Advanced options > TCP connection monitoring" parameter group.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 58

Configuration

TCP connection monitoring time

The parameter below the Ethernet interface

The parameter below "Partner stations"

TCP keepalive monitoring time

The parameter below the Ethernet interface

The parameter below "Partner stations"

Connection mode

4.8 Partner stations

●

Function: If there is no data traffic within the TCP connection monitoring time, the CP sends a keepalive to the communications partner.

Default setting: 180 s. Permitted range: 1...65535 s.

The monitoring time is specified at a higher level for the Ethernet interface as the default for all configured TCP connections, see also section Ethernet interface (X1) (Page 53).

You will find information on the acknowledgment of messages in the section "Acknowledgment (Page 60)".

–

The monitoring time is configured for the Ethernet interface globally for all TCP connections. The parameter is preset to 180 seconds as default.

–

●

If the value configured here differs from the value configured in the Ethernet interface parameter group, the monitoring time of the "Partner stations" parameter group is used.

Default setting: 10 s. Permitted range: 1...65535 s.

–

The monitoring time is configured for the Ethernet interface as a global setting for all TCP connections.

–

As with the TCP connection monitoring time, the value of "Partner stations" can be adapted for each partner individually.

●

In the "Permanent" connection mode, there is a permanent connection to the communications partner.

The CP only supports this connection mode.

For information on connection establishment, refer to the section "Connection establishment (Page 60)".

CP 1243-7 LTE

58 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 59

Configuration

Connection establishment

Partner port

Partner stations > "Telecontrol server" > "Advanced settings"

Report partner status

4.8 Partner stations

●

Specifies the communications partner that establishes the connection (always the CP).

●

Number of the listener port of the telecontrol server.

●

If the "Report partner status" function is enabled, the CP signals the status of the communication to the remote partner.

– Bit 0 of "PLC tag for partner status" (data type WORD) is set to 1 if the partner can be

reached.

– Bit 1 is set to 1 if all the paths to the remote partner are OK (useful with redundant

paths).

– Bits 2-3 indicate the status of the send buffer (frame memory).

The following values are possible:

- 0: Send buffer OK

- 1: Send buffer threatening to overflow (more than 80 % full).

- 3: Send buffer has overflowed (fill level 100 % reached).

As soon as the fill level drops below 50%, bits 2 and 3 are reset to 0.

Bits 4 to 15 of the PLC tags are not used and do not need to be evaluated in the program.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 60

Configuration

4.8.2

Acknowledgment

Acknowledgment of frames

Telecontrol communication

Inter-station communication

Direct communication (Open User Communication)

4.8.3

Connection establishment

Note Connection interrupted by the mobile wireless network provider

When using mobile wireless services, remember that existing connections can be interrupted by mobile wireless network providers for maintenance purposes.

4.8 Partner stations

The receipt of a frame is monitored and acknowledged in different ways. The mechanisms differ depending on the type of communication:

●

Frames received from TCSB are acknowledged immediately by the CP.

Frames sent by the CP are acknowledged by TCSB.

●

Received frames are acknowledged immediately by the CP. The acknowledgment frame is forwarded by the telecontrol server to the destination CP.

For sent frames, this applies in the opposite direction.

●

The successful sending and receipt of frames is indicated by status displays of the program blocks.

With TCP segments, the protocol-specific acknowledgement mechanisms are used.

● Connection to the telecontrol server

The connection to the telecontrol server is always established by the CP.

If a connection established by the CP is interrupted, the CP automatically attempts to reestablish the connection. Note the settings for re-establishing the connection in STEP 7, refer to the section Ethernet interface (X1) (Page 53).

● Connections with direct communication (Open User Communication) and S7 communication

Connections are established as soon as the corresponding program blocks are called on the CPU.

This also applies to the situation when a different S7 station sends data. In this case, the corresponding receive blocks are called by the receiving station.

CP 1243-7 LTE

60 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 61

Configuration

4.8.4

Partner for inter-station communication

Inter-station communication

Partner

Project

Station number

Slot

Send buffer

Access ID

4.8 Partner stations

In this table, you specify the communications partners of the CP for inter-station communication. The communications partner is a CP in the partner S7 station.

Connections for inter-station communication run via the telecontrol server.

Note the special features when configuring the data points for inter-station communication in the section Partner stations: Configuring the inter-station communication (Page 99).

The partner number is assigned by the system. It is required during data point configuration to assign data points to their communications partners.

You specify the partner CP for inter-station communication with the parameters "Project", "Station" and "Slot".

Here, enter the project number of the CP in the partner station.

You will find the parameter in the parameter group "Security > CP identification" on the partner CP.

Here, enter the station number of the CP in the partner station.

You will find the parameter in the parameter group "Security > CP identification" on the partner CP.

Here, enter the slot number of the CP in the partner station.

You will find the parameter in the parameter group "General" on the partner CP.

Activate the option for enabling inter-station communication.

When enabled, the frames are stored in the send buffer (frame memory) of the CP if the connection is disturbed. Note that the capacity of the send buffer is shared by all communications partners.

The access ID of the partner CP is displayed here.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 62

Configuration

4.9

DNS configuration

Configuring DNS servers

4.10

Communication with the CPU

Cycle idle time

Max. number of write jobs

4.9 DNS configuration

The Access ID (DWORD) is formed from the hexadecimal values of project number, station number and slot:

Bits 0 to 7: Slot

Bits 8 to 20: Station number

Bits 21 to 31: Project number

Configure a DNS server that can be reached in the network if the module itself or a communications partner is to be reachable using a host name. The communications partners also include NTP servers configured via an FQDN.

Configuration options:

● No configuration of a DNS server

If you do not specify an address, DNS server addresses are obtained automatically from the provider of the mobile wireless network (recommended procedure). The requirement is that the network provider operates a DNS server in the network.

● Configuration of a DNS server

If you want to use a different DNS server, enter its IP address. In this case, DNS servers of the network provider are not taken into account.

The addresses of the DNS servers can be configured in the IPv4 or IPv6 format.

The parameter group is displayed as soon as telecontrol communication is enabled.

Using the first three parameters you specify settings for the cyclic access of the CP to the CPU. You will find information on the structure of the scan cycle in the section Read cycle (Page 89).

●

Waiting time between two scan cycles of the CPU memory area

●

Maximum number of write jobs to the CPU memory area within a CPU scan cycle

CP 1243-7 LTE

62 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 63

Configuration

Max. number of read jobs

Frame memory size

Watchdog bit

CP monitoring

CP time

CP time to CPU

CP diagnostics

Diagnostics trigger tag

Note Fast setting of the diagnostics trigger variable

Triggers must not be set faster than a minimum interval of 500 milliseconds.

4.10 Communication with the CPU

●

Maximum number of low-priority read jobs from the CPU memory area within a CPU scan cycle.

●

Here, you set the size of the frame memory for events (send buffer).

The size of the frame memory is divided equally among all communications partners. You will find the size of the frame memory in the section Configuration limits and performance data (Page 18).

You will find details of how the send buffer works (storing and sending events) as well as the options for transferring data in the section Process image, type of transmission, event classes, triggers (Page 84).

●

Via the watchdog bit the CPU can be informed of the status of the telecontrol communication of the CP.

●

Using this function, the CP can synchronize the CPU clock.

You will find details in the STEP 7 information system.

In the parameter group "CP diagnostics", you have the option of reading out advanced diagnostics data from the CP using PLC tags.

●

If you want to use advanced CP diagnostics, you need to configure the "Diagnostics trigger tag".

If the user program of the CPU sets the PLC tag "Diagnostics trigger tag" (BOOL) to 1, the CP updates the values of the configured PLC tags for advanced diagnostics. After writing the current values to the PLC tags for advanced diagnostics, the CP sets the "Diagnostics trigger tag" to 0 signaling the CPU that the updated values can be read from the PLC tags.

Reading out the following diagnostics data can be enabled selectively:

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 64

Configuration

Frame memory overflow

Frame memory size

Current IP address

Mobile wireless signal quality (LED)

Mobile wireless signal quality (dBm)

'NETWORK' LED

Date of last successful logon to network

Date of last unsuccessful logon to network

Date of last successful logon to TCSB

Date of last unsuccessful logon to TCSB

4.10 Communication with the CPU

●

PLC tag (data type byte) for the send buffer overflow pre-warning. Bit 0 is set to 1 when 80% of the fill level of the send buffer is reached.

●

PLC tag (data type DWord) for the occupation of the send buffer. The number of saved frames is displayed.

●

PLC tag (data type String) for the current IP address of the CP.

●

PLC tag (data type UInt) for the signal quality of the local mobile wireless network as this is displayed by the "SIGNAL QUALITY" LED.

●

PLC tag (data type INT) for the signal quality of the local mobile wireless network as a dBm value.

●

PLC tag (data type UInt) for the status of the connection for the data service in the mobile wireless network.

Meaning of the values (decimal)

– 0 = Booked out of the network

– 1 = Wrong PIN

– 2 = Wrong, defective SIM card or not plugged in.

– 3 = Waiting for PIN / no PIN configured

– 4 = Booked into the network

●

PLC tag (data type DTL) for the date on which the CP last logged in to the mobile wireless network.

●

PLC tag (data type DTL) for the date on which the CP was last unable to log in to the mobile wireless network.

●

PLC tag (data type DTL) for the date on which the CP last logged in to the telecontrol server.

●

PLC tag (data type DTL) for the date on which the CP was last unable to log in to the telecontrol server.

CP 1243-7 LTE

64 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 65

Configuration

TeleService status

VPN status

4.11

Security

Parameter groups

CP identification

Time-of-day synchronization

Authorized phone numbers

E-mail configuration

Certificate manager

Firewall

Log settings

VPN

4.11 Security

●

The PLC tag (BOOL) indicates whether a TeleService session is active.

– 0 = No TeleService session active

– 1 = TeleService session active

●

The PLC tag (BOOL) indicates whether a VPN tunnel is established:

– 0 = No VPN tunnel established

– 1 = VPN tunnel established

Note the range and application of the security functions of the CP, refer to the section Security functions (Page 16).

If security functions are enabled, you will find the following parameter groups here:

●

Here, you configure parameters for authenticating the CP with the telecontrol server.

You will find details below.

●

For the configuration of the time-of-day synchronization read the section Time-of-day synchronization (Page 47).

●

You will find details below.

●

You will find details below.

●

You will find details below.

●

You will find details below.

●

Here you make the settings for logging events relevant for security.

You will find details below.

●

Here you configure the VPN communication.

You will find details below.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 66

Configuration

VPN groups

User management

4.11.1

CP identification

Firewall

4.11.2.1

Notation for the source IP address (advanced firewall mode)

4.11.2.2

Firewall settings for configured connection connections via a VPN tunnel

IP rules in advanced firewall mode

4.11.3

Authorized phone numbers

SMS messages received only from subscribers with an authorized phone number

"Authorized phone numbers"

4.11 Security

If you specify an address range for the source IP address in the advanced firewall settings of the CP, make sure that the notation is correct:

● Separate the two IP addresses only using a hyphen.

Correct: 192.168.10.0-192.168.10.255

● Do not enter any other characters between the two IP addresses.

Incorrect: 192.168.10.0 - 192.168.10.255

If you enter the range incorrectly, the firewall rule will not be used.

If you set up configured connection connections with a VPN tunnel between the CP and a communications partner, you will need to adapt the local firewall settings of the CP:

In advanced firewall mode ("Security > Firewall > IP rules") select the action "Allow*" for both communications directions of the VPN tunnel.

The CP only accepts an SMS if the sending communication partner is authorized based on its phone number. These phone numbers are configured for the CP in STEP 7 in the "Authorized phone numbers" list in the Security settings.

A phone number entered here gives the sender who transfers this phone number the right to trigger connection establishment by the CP.

● If only an asterisk (*) is entered in the list, the CP accepts SMS messages from all

senders.

● An asterisk (*) after a phone number body authorizes connection establishment for all

nodes connected to the body (extension numbers).

Example: +49123456* authorizes +49123456101, +49123456102, +49123456207 etc.

If the "Authorized phone numbers" list is empty, the CP cannot be induced to a connection establishment by a mobile phone.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 68

Configuration

4.11.4

E-mail configuration

Configuring e-mails in STEP 7

E-mail configuration

Importing the certificate with encrypted transfer

Log settings - Filtering of the system events

Communications problems if the value for system events is set too high

4.11.6

VPN

4.11.6.1

VPN (Virtual Private Network)

VPN tunnel

Properties

Areas of application

4.11 Security

If the value for filtering the system events is set too high, you may not be able to achieve the maximum performance for the communication. The high number of output error messages can delay or prevent the processing of the communications connections.

In "Security > Log settings > Configure system events", set the "Level:" parameter to the value "3 (Error)" to ensure the reliable establishment of the communications connections.

Virtual Private Network (VPN) is a technology for secure transportation of confidential data in public IP networks, for example the Internet. With VPN, a secure connection (tunnel) is set up and operated between two secure IT systems or networks via a non-secure network.

One of the main features of the VPN tunnel is that it forwards all frames even from protocols of higher layers (HTTP, FTP telecontrol protocols of the application layer etc.).

The data traffic between two network components is handled unrestricted through a physical network. This allows networks to be connected together via an intermediate network.

VPN ensures information security in networked automation systems

● VPN forms a logical network that is embedded in a physical network. VPN uses the usual

● VPN allows communication of the subscribers in the VPN network with the physical

● VPN is based on tunnel technology and can be configured for individual subscribers.

● Communication between the VPN partners is protected from eavesdropping or

● Local area networks can be connected together securely via the Internet ("site-to-site"

addressing mechanisms of the physical network, however it transports only the frames of the VPN subscribers and therefore operates independent of the rest of the physical network.

network.

manipulation by using passwords, public keys or a digital certificate (authentication).

connection).

● Secure access to a company network ("end-to-site" connection)

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 70

Configuration

4.11.6.2

Addressing the CP when using VPN

IP addresses and VPN ports

4.11.6.3

Creating a VPN tunnel for S7 communication between stations

Requirements

Note Communication also possible via an IP router

Communication between the two stations is also possible via an IP router. To use this communications path, however, you need to make furth

4.11 Security

● Secure access to a server ("end-to-end" connection)

● Communication between two servers without being accessible to third parties (end-to-end

or host-to-host connection)

● Protection of computers and their communication within and automation network

● Secure remote access from a PC/PG to automation devices or networks protected by

security modules via public networks.

In normal mobile wireless networks it is not possible to reach a dynamic IP address assigned to the CP by the mobile wireless network provider from the Internet. For this reason, for incoming connections make sure that the CP is assigned a fixed public IP address by the mobile wireless network provider.

You must also make sure that apart from this IP address, the ports required for VPN are reachable from the Internet.

To allow a VPN tunnel to be created for S7 communication between two S7 stations or between an S7 station and an engineering station with a security CP (for example CP 1628), the following requirements must be met:

● The two stations have been configured.

● The CPs in both stations must support the security functions.

● The Ethernet interfaces of the two stations are located in the same subnet.

● All receiving stations require a fixed IP address to be reachable via the public networks.

For this, a special mobile wireless contract is normally necessary for the mobile wireless CP.

CP 1243-7 LTE

70 Operating Instructions, 04/2017, C79000-G8976-C381-03

er settings.

Page 71

Configuration

Procedure

Creating a security user

Select the "Activate security features" check box

Creating the VPN group and assigning security modules

4.11 Security

To create a VPN tunnel, you need to work through the following steps:

1. Creating a security user

If the security user has already been created: Log on as a user.

2. Select the "Activate security features" check box

3. Creating the VPN group and assigning security modules

4. Configure the properties of the VPN group

5. Configure local VPN properties of the two CPs

You will find a detailed description of the individual steps in the following paragraphs of this section.

To create a VPN tunnel, you require appropriate configuration rights. To activate the security functions, you need to create at least one security user.

1. In the local security settings of the CP, click the "User login" button.

Result: A new window opens.

2. Enter the user name, password and confirmation of the password.

3. Click the "Logon" button.

You have created a new security user. The security functions are now available to you.

With all further logons, log on as user.

After logging on, you need to select the "Activate security features" check box in the configuration of both CPs.

You now have the security functions available for both CPs.

1. In the global security settings, select the entry "Firewall" > "VPN groups" > "Add new VPN

group".

2. Double-click on the entry "Add new VPN group", to create a VPN group.

Result: A new VPN group is displayed below the selected entry.

3. In the global security settings, double-click on the entry "VPN groups" > "Assign module

to a VPN group".

4. Assign the security modules between which VPN tunnels will be established to the VPN

group.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 72

Configuration

Note Current date and current time on the CP for VPN connections

Normally, to establish a VPN connec be exchanged, the current date and the current time are required on both stations.

The establishment of a VPN connection to an engineering station that is also the telecontrol server at the same ti synchronization of the CP:

On the engineering station (with TCSB), you want the CP to establish a VPN connection. The VPN connection is established even if the CP does not yet have the current Otherwise the certificates used are evaluated as valid and the secure communication will work.

Following connection establishment, the CP synchronizes its time of day with the PC because the telecontrol server is the time master if telecontrol commu

Configure the properties of the VPN group

Note Specifying the VPN properties of the CPs

You specify the VPN properties of the CPs in the "Security" > "Firewall" > "VPN" paramet group of the relevant module.

Result

4.11.6.4

Communications partners in a VPN group

Configuring communications partners

4.11 Security

tion and the associated recognition of the certificates to

me (TCSB installed), runs as follows along with the time of day

time.

nication is enabled.

1. Double-click on the newly created VPN group.

Result: The properties of the VPN group are displayed under "Authentication".

2. Enter a name for the VPN group. Configure the settings of the VPN group in the properties.

These properties define the default settings of the VPN group that you can change at any time.

You have created a VPN tunnel. The firewalls of the CPs are activated automatically: The "Activate firewall" check box is selected as default when you create a VPN group. You cannot deselect the check box.

Download the configuration to all modules that belong to the VPN group.

If a node is intended to communicate with several CPs via VPN connections, all communications partners must be assigned to the same VPN group.

CP 1243-7 LTE

72 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 73

Configuration

4.11.6.5

Connection to the telecontrol server

No VPN connection between CP and TCSB

4.11.6.6

CP as passive subscriber of VPN connections

Setting permission for VPN connection establishment with passive subscribers

4.11.6.7

SYSLOG

Use of SYSLOG only with 1 VPN connection

4.11 Security

The CP itself can only communicate with a single communications partner via VPN.

For secure communication via a VPN tunnel, the communications partners are assigned to a common VPN group. The configuration of a VPN connection between CP and TCSB is not possible because the telecontrol server cannot be configured in STEP 7.

Thanks to the encrypted telecontrol protocol, the connection between the CP and telecontrol server is already protected.

If the CP is connected to another VPN subscriber via a gateway, you need to set the permission for VPN connection establishment to "Responder".

This is the case in the following typical configuration:

VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP address) ⇔ CP (passive)

Configure the permission for VPN connection establishment for the CP as a passive subscriber as follows:

1. In STEP 7, go to the devices and network view.

2. Select the CP.

3. Open the parameter group "VPN“ in the local security settings.

4. For each VPN connection with the CP as a passive VPN subscriber, change the default

setting "Initiator/Responder" to the setting "Responder".

If you want to use SYSLOG with level 7 (debug) via Vpn connections, this is only possible with a single established VPN connection.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 74

Configuration

4.11.7

Certificate manager

Assignment of certificates

4.11.8

Handling certificates

Certificate for authentication

Note No certificate with security functions disabled.

If the security functions of the CP are disabled in the STEP 7 project, no certificate will b generated for the CP.

4.11 Security

If you use communication with authentication for the module, for example SSL/TLS for secure transfer of e-mails, certificates are required. You need to import certificates of nonSiemens communications partners into the STEP 7 project and download them to the module with the configuration data:

1. Import the certificates of the communications partners using the certificate manager in the global security settings.

2. Then assign the imported certificates to the module in the table below the local security settings of the module.

For a description of the procedure, refer to the section Handling certificates (Page 74).

You will find further information in the STEP 7 information system.

If you have configured secure communication with authentication for the CP, own certificates and certificates of the communications partner will be required for communication to take place.

All nodes of a STEP 7 project with enabled security functions are supplied with certificates. The STEP 7 project is the certification authority.

For the secure transfer of e-mails via SSL/TLS and SSL certificate is created for the CP. It is visible in STEP 7 in "Global security settings > Certificate manager > Device certificates". The table "Device certificates" shows the issuer, validity, use of a certificate (service/application) and the use of a key. You can call up further information about a certificate by selecting the certificate in the table and selecting the shortcut menu "Show". The table also shows all other certificates generated by STEP 7 and all imported certificates.

So that the CP can communicate with non-Siemens partners when the security functions are enabled, the relevant certificates of the partners must be exchanged during communication. To supply the CP with third-party certificates, follow the steps below:

1. Importing third-party certificates from communications partners

⇒ Global security settings of the project (certificate manager)

2. Assigning certificates locally

⇒ Local security settings of the CP ("Certificate manager" table)

These two steps are described in the next two sections.

CP 1243-7 LTE

74 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 75

Configuration

Importing third-party certificates from communications partners

Assigning certificates locally

Exporting certificates for applications of third-party vendors (e.g. logging server)

4.11 Security

Import the certificates of the communications partners of third-party vendors using the certificate manager in the global security settings. Follow the steps outlined below:

1. Save the third-party certificate in the file system of the PC of the connected engineering

station.

2. In the STEP 7 project open the global certificate manager:

Global security settings > Certificate manager

3. Open the "Trusted certificates and root certification authorities" tab.

4. Click in a row of the table can select the shortcut menu "Import".

5. In the dialog that opens, import the certificate from the file system of the engineering

station into the STEP 7 project.

To be able to use an imported certificate for the CP, you need to specify it in the "Security" parameter group of the CP. Follow the steps outlined below:

1. In the STEP 7 project select the CP.

2. Navigate to the parameter group "Security > Certificate manager".

3. In the table, double-click on the cell with the entry "<Add new>".

The "Certificate manager" table of the Global security settings is displayed.

4. In the table. select the required third-party certificate and to adopt it click the green check

mark below the table.

The selected certificate is displayed in the local table of the CP.

Only now will the third-party certificate be used for the CP.

For communication with applications of third-party vendors, the third-party application generally also requires the certificate of the CP.

You export the certificate of the CP for communications partners from third-party vendors in much the same way as when importing (see above). Follow the steps outlined below:

1. In the STEP 7 project open the global certificate manager:

Global security settings > Certificate manager

2. Open the "Device certificates" tab.

3. In the table select the row with the required certificate and select the shortcut menu

"Export".

4. Save the certificate in the file system of the PC of the connected engineering station.

Now you can transfer the exported certificate of the CP to the system of the third-party vendor.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 76

Configuration

Certificate for logging server

Change certificate: Subject Alternative Name

4.12

Data point configuration

4.12.1

Data point configuration

Data point-related communication with the CPU

Requirement: Created PLC tags and/or data blocks (DBs)

Note Number of PLC tags

Remember the maximum possible number of PLC tags the can be used fo configuration in the section

4.12 Data point configuration

If you use a logging server in your system, export the SSL certificate for the authentication of the CP on the server.

STEP 7 adopts the properties "DNS name", "IP address", and "URI" from the parameter "Subject Alternative Name" (Windows: "Alternative applicant name") from the STEP 7 configuration data.

You can change this parameter of a certificate inn the certificate manager of the global security settings. To do this, select the a certificate in the table of device certificates and call the shortcut menu "Renew". Properties of the parameter "Alternative name of the certificate owner" changed in STEP 7 are not adopted by the STEP 7 project.

No program blocks need to be programmed for telecontrol modules with data point configuration to transfer user data between the station and communications partner.

The data areas in the memory of the CPU intended for communication with the communications partner are configured data point-related on the module. Each data point is linked to a PLC tag or the tag of a data block.

PLC tags or DBs must first be created in the CPU program to allow configuration of the data points.

The PLC tags for data point configuration can be created in the standard tag table or in a user-defined tag table. All PLC tags intended to be used for data point configuration must have the attribute "Visible in HMI".

Address areas of the PLC tags are input, output or bit memory areas on the CPU.

Configuration limits and performance data (Page 18).

The formats and S7 data types of the PLC tags that are compatible with the protocol-specific data point types of the module can be found in the section Datapoint types (Page 83).

CP 1243-7 LTE

76 Operating Instructions, 04/2017, C79000-G8976-C381-03

r data point

Page 77

Configuration

Access to the memory areas of the CPU

Configuring the data points and messages in STEP 7

4.12 Data point configuration

The values of the PLC tags or DBs referenced by the data points are read and transferred to the communications partner by the module.

Data received from the communications partner is written by the module to the CPU via the PLC tags or DBs.

You configure the data points in STEP 7 in the data point and message editor. You can find this using the project tree:

Project > directory of the relevant station > Local modules > CP

Figure 4-1 Configuring data points and messages

By double-clicking on the entry, the data point or message editor.

Using the two entries to the right above the table, you can switch over between the data point and message editor.

Figure 4-2 Switching over between the two editors

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 78

Configuration

Creating obects

Assigning data points to their data source

Note Assignment of parameter values to PLC tags

The mechanisms described here also apply when you need to assign the value of a parameter to a PLC tag. The input boxes fro the PLC tag (e.g.: PLC tag for partner status support the functions described here for selecting the PLC

4.12 Data point configuration

With the data point or message editor open, create a new object (data point / message) by double clicking "<Add object>" in the first table row with the grayed out entry.

A preset name is written in the cell. You can change the name to suit your purposes but it must be unique within the module.

Figure 4-3 Data point table

You configure the remaining properties of every object using the drop-down lists of the other table columns and using the parameter boxes shown at the bottom of the screen.

After creating it, you assign a new data point to its data source. Depending on the data type of the data point a PLC tag can serve as the data source.

For the assignment you have the following options:

● Click on the table symbol

in the cell of the "PLC tag" column.

All configured PLC tags and the tags of the created data blocks are displayed. Select the required data source with the mouse or keyboard.

● Click the symbol

A selection list of the configured PLC Tags and the blocks is displayed. From the relevant table, select the required data source.

● In the name box of the PLC tag, enter part of the name of the required data source.

All configured PLC tags and tags of the data blocks whose names contain the letters you have entered are displayed.

Select the required data source.

tag.

CP 1243-7 LTE

78 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 79

Configuration

Arranging and copying objects

Exporting and importing data points

4.12 Data point configuration

As with many other programs in the data point or message editor you can also arrange the columns, sort the table according to your requirements and copy and insert objects.

● Arrange columns

If you click on a column header with the left mouse button pressed, you can move the column.

● Sorting objects

If you click briefly with the left mouse button on a column header, you can sort the objects of the table in ascending or descending order according to the entries in this column. The sorting is indicated by an arrow in the column header.

After sorting in descending order of a column the sorting can be turned off by clicking on the column header again.

● Adapting the column width

You can reach this function with the following actions:

– Using the shortcut menu that opens when you click on a column header with the right

mouse key.

"Optimize width", "Optimize width of all columns"

– If you move the cursor close to the limit of a column header, the following symbol

appears:

When it does, click immediately on the column header. The column width adapts itself to the broadest entry in this column.

● Showing / hiding columns

You call this function using the shortcut menu that opens when you click on a column header with the right mouse key.

● Copying, pasting, cutting and deleting objects

If you click in a parameter box of an object in the table with the right mouse key, you can use the functions named with the shortcut menu (copy, paste, cut, delete).

You can paste cut or copied objects within the table or in the first free row below the table.

To simplify the engineering of larger plants, you can export the data points of a configured module and import them into other modules in the project. This is an advantage particularly in projects with many identical or similar stations or data point modules.

The export / import function is available when you select the module for example in the network or device view and select the relevant shortcut menu.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 80

Configuration

Export

Editing the data point information

4.12 Data point configuration

Figure 4-4 Shortcut menu of the module

When it is exported the data point information of a module is written to a CSV file.

When you call the export function, the export dialog opens. Here, you select the module or modules of the project whose data point information needs to be exported. When necessary, you can export the data points of all modules of the project at one time.

In the export dialog, you can select the storage location in the file directory. When you export the data of a module you can also change the preset file name.

When you export from several modules, the files are formed with preset names made up of the station name and module name.

The file itself contains the following information in addition to the data point information:

● Module name

● Module type

● CPU name

● CPU type

You can edit the data point information in an exported CSV file. This allows you to use this file as a configuration template for many other stations.

If you have a project with many stations of the same type, you can copy the CSV file with the data points of a fully configured module for other as yet unconfigured stations and adapt individual parameters to the particular station. This saves you having to configure the data points for every module in STEP 7. Instead, you simply import the copied and adapted CSV file to the other modules of the same type. When you import this file into another module, the changed parameter values of the CSV file are adopted in the data point configuration of this module.

CP 1243-7 LTE

80 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 81

Configuration

Importing into a module

Importing into several modules

4.12 Data point configuration

The lines of the CSV file have the following content:

● Line 1: ,Name,Type,

This line must not be changed.

● Line 2: PLC,<CPU name>, <CPU type>,

Meaning: PLC (designation of the station class), CPU name, CPU type

Only the elements <CPU name> and <CPU type> may be changed.

The CPU type must correspond exactly to the name of the CPU in the catalog.

● Line 3: Module,<module name>, <module type>,

Meaning: Module (Designation of the module class), module type, module name

Only the elements <module name> and <module type> may be changed.

Be careful when changing the module names if you want to import data points into several modules (see below).

The module type must correspond exactly to the name of the module in the catalog.

● Line 4: Parameter names (English) of the data points

This line must not be changed.

● Lines 5..n: Values of the parameters according to line 4 of the individual data points

You can change the parameter values for the particular station.

Before importing the data points make sure that the PLC tags required for the data points have been created.

Note that when you import a CSV file all the data points existing on the module will be deleted and replaced by the imported data points.

Select a module and select the import function from the shortcut menu of the module. The import dialog opens in which you select the required CSV file in the file directory.

If the information on the assignment of the individual data points to the relevant PLC tags matches the assignment in the original module, the data points will be assigned to the corresponding PLC tags.

When you import data points into a module, but some required PLC tags have not yet been created in the CPU, the corresponding data point information cannot be assigned. In this case, you can subsequently create missing PLC tags and them assign them the imported data point information. The "Assignment repair" function is available for this (see below).

If the names of the PLC tags in the module into which the import is made have different names than in the module that exported, the corresponding data points cannot be assigned to your PLC tags.

You can import the data points from several modules into the modules of a different project. To do this in the import dialog select all the required CSV files with the control key.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 82

Configuration

Restrictions for the import of data points

Assignment repair

4.12 Data point configuration

Before importing the data points, make sure that the respective stations have been created with CPUs of the same name, modules of the same name and PLC tags of the same name.

When you import the corresponding stations of the project are searched for based on the module names in the CSV files. If a target station does not exist in the project or the module has a different name, the import of the particular CSV file will be ignored.

In the following situations the import of data points will be aborted:

● An attribute required by the module is missing in the CSV file to be imported.

Example: If a data point to be imported uses a time trigger, the import will be aborted if no time-of-day synchronization was configured for the module.

● The telecontrol protocol used by the module differs from that of the original module.

Only when importing into several modules:

● The import is aborted when a module or CPU name is different from the data in the CSV file.

Note: Modules with the same telecontrol protocol are compatible with each other:

● TeleControl Basic

All SIMATIC NET modules with the TeleControl Basic protocol:

CP 1243-1, CP 1242-7 GPRS V2, CP 1243-7 LTE, CP 1542SP-1 IRC

● ST7

CP 1243-8 IRC, TIM modules capable of ST7

● DNP3

CP 1243-1, CP 1243-8 IRC, TIM modules capable of DNP3

● IEC

CP 1243-1, CP 1243-8 IRC

Data points can be imported and exported between compatible modules.

If you have named the PLC tags in a station into which you want to import differently from the station from which the CSV file was exported, the assignment between data point and PLC tag is lost when you import.

You then have the option to either rename the existing PLC tags appropriately or add missing PLC tags. You can then repair the assignment between unassigned data points and PLC tags. This function is available either via the shortcut menu of the module (see above) or with the following icon to the upper left in the data point editor:

If a PLC tag with a matching name is found for a data point by the repair function, the assignment is restored. However the data type of the tag is not checked.

CP 1243-7 LTE

82 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 83

Configuration

4.12.2

Datapoint types

Data point types

Format (memory requirements)

Data point type

Direction

S7 data types

Address area

Bit Digital input

Bool

I, Q, M, DB

Byte Digital input

Byte, Char, USInt

I, Q, M, DB

Digital output

out

Byte, Char, USInt

Q, M, DB

Integer with sign (16 bits) Analog input

Int

I, Q, M, DB

Analog output

out

Int

Q, M, DB

Counter (16 bits)

Counter input

Word, UInt

I, Q, M, DB

Integer with sign (32 bits) Analog input

DInt

Q, M, DB

Analog output

out

DInt

Q, M, DB

Counter (32 bits)

Counter input

UDInt, DWord

I, Q, M, DB

Floating-point number with sign (32 bits)

Analog input

Real

Q, M, DB

Analog output

out

Real

Q, M, DB

Floating-point number with sign (64 bits)

Analog input

out

LReal

Q, M, DB

Analog output

out

LReal

Q, M, DB

Block of data (1 .. 64 bytes) Data

in / out

ARRAY 1)

Data

in / out

ARRAY 1)

For the possible formats of the ARRAY data type, refer to the following section.

4.12 Data point configuration

After the assignment repair make sure that you check whether the newly assigned PLC tags are correct.

During the configuration of the user data to be transferred by the CP, each data point is assigned a data point type. The data point types supported by the CP along with the compatible S7 data types are listed below. They are grouped according to format (memory requirements).

As of the firmware version named in the preface along with STEP 7Basic V14, the CP supports the following data point types and data types.

The direction relates to the direction of transfer:

● "in": Monitoring direction:

● "out": Control direction

Table 4- 1 Supported data point types and compatible S7 data types

Digital output in Bool Q, M, DB

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 84

Configuration

Block of data (ARRAY)

Format of the time stamp

4.12.3

Syntax of the data point names

Character set for data point names

4.12.4

Process image, type of transmission, event classes, triggers

Saving the data point values

4.12 Data point configuration

With the ARRAY data type, contiguous memory areas up to a size of 64 bytes can be transferred. The following S7 data types are compatible components of ARRAY:

● Byte, USInt (total of up to 64 per data block)

● Char (total of up to 64 per block of data) - CP as of firmware version 2.1.77

● Int, UInt, Word (total of up to 32 per data block)

● DInt, UDInt, DWord (total of up to 16 per data block)

If the array is modified later, the data point must be recreated.

Time stamps are output by the OPC server applications in UTC format (48 bits) and contain milliseconds.

When you create a data point, a preset name "DataPoint_n" is adopted. In the data point table and in the "General" tab of the data point you can change the name of the data point.

When assigning names only ASCII characters from the band 0x20 ... 0x7e (no. 32-126) may be used with the exceptions listed below.

Forbidden characters:

● . ' [ ] / \ | period, apostrophe, square brackets, slash, back slash, vertical line (pipe)

The values of data points are stored in the image memory of the CP and transferred only when queried by the communications partner.

Events are also stored in the frame memory (send buffer) and can be transferred unsolicited.

CP 1243-7 LTE

84 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 85

Configuration

Transfer after call: No event / static value

Triggered: event

The image memory, the process image of the CP

The send buffer (frame memory)

The forced image mode with TeleControl Basic

4.12 Data point configuration

Data points are configured as a static value or as an event using the "Type of transmission" parameter (see below):

●

Static values are entered in the image memory (process image of the CP).

●

The values of data points configured as an event are also entered in the image memory of the CP.

The values of events are also entered in the send buffer of the CP.

With DNP3, the value of the event is sent unsolicited to the communications partner if this function is enabled by the master.

The image memory is the process image of the CP. All the current values of the configured data points are stored in the image memory. New values of a data point overwrite the last stored value in the image memory.

The values are sent after querying the communications partner, see "Transfer after call" in the section "Types of transmission" below.

The send buffer of the CP is the memory for the individual values of data points that are configured as an event. The maximum size of the send butter can be found in the section Configuration limits and performance data (Page 18).

The configured number of events is divided equally among all configured and enabled communications partners. For information on the configuration, refer to the parameter "Frame memory size" in the section Communication with the CPU (Page 62).

If the connection to a communications partner is interrupted, the individual values of the events are stored in the RAM of the CP. When the connection returns, the buffered values are sent. The frame memory operates chronologically; in other words, the oldest frames are sent first (FIFO principle).

If a frame was transferred to the communications partner, the transferred values are deleted from the send buffer.

If frames cannot be transferred for a longer period of time and the send buffer is threatening to overflow, the response is as follows:

If the send buffer reaches a fill level of 80%, the CP changes to the forced image mode. New values of events are no longer added to the send buffer but rather they overwrite older existing values in the image memory.

When the connection to the communications partner returns, the CP changes back to the send buffer mode as soon as the fill level of the send buffer has fallen below 50%.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 86

Configuration

Types of transmission / event classes

Transfer after call

Triggered (event)

Every value triggered

Current value triggered

Trigger

Trigger types

Threshold value trigger

Time trigger

4.12 Data point configuration

The following types of transmission are possible:

●

The current value of the data point is entered in the image memory of the CP. New values of a data point overwrite the last stored value in the image memory.

After being called by the communications partner, the current value at the time is transferred.

●

The values of data points configured as an event are entered in the image memory and also in the send buffer of the CP.

The values of events are saved in the following situations:

– The configured trigger conditions are fulfilled (data point configuration > "Trigger" tab,

see below)

– The value of a status bit of the status identifiers of the data point changes see also the

section Status IDs of data points (Page 87).

Example: When the value of a data point configured as an event is updated during startup of the station by reading the CPU data for the first time, the status "RESTART" of this data point changes (bit status change 1 → 0). This leads to generation of an event.

When data points are configured as an event via the "Type of transmission" parameter, the following event classes are available:

–

Each value change is entered in the send buffer in chronological order.

–

Only the last current value is entered in the send buffer. It overwrites the value stored there previously.

Various trigger types are available for event-driven transfer:

●

The value of the data point is transferred when this reaches a certain threshold. The threshold is calculated as the difference compared with the last stored value, refer to the section Threshold value trigger (Page 91).

●

The value of the data point is transferred at configurable intervals or at a specific time of day.

CP 1243-7 LTE

86 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 87

Configuration

Event trigger

Resetting the trigger tag in the bit memory area / DB:

Transmission time of the frame (Transmission mode)

Spontaneous

Conditional spontaneous

4.12.5

Status IDs of data points

4.12 Data point configuration

●

The value of the data point is transferred when a configurable trigger signal is fired. As

the trigger signal, the edge change (0 → 1) of a trigger bit is evaluated that is set by the

user program. When necessary, a separate trigger bit can be configured for each data point.

If the memory area of the trigger tag is in the bit memory or in a data block, the trigger tag is reset to zero when the data point value is transferred.

Whether the value of a data point is transferred to the communications partner immediately after the trigger fires or after a delay depends on the setting of the parameter "Transmission mode" in the "Trigger" tab of the data point:

●

The value is transferred immediately.

●

The value is transferred only when one of the two following conditions is fulfilled:

– The telecontrol server queries the station.

– The value of another event with the transmission mode "Unsolicited" is transferred.

Along with the value of a data point, status identifiers of the data point are transferred in every frame. They can be evaluated by the communications partner.

The status bits are converted to the OPC quality code as follows by TCSB.

● Quality = BAD, if:

NON_EXISTENT or OVER_RANGE = 1

● Quality = UNCERTAIN, if:

RESTART or CARRY or SB = 1

● Quality = GOOD, if:

Bits 1, 2, 3, 5 and 6 = 0

For the meaning of the status bits, see below. The entries in the table row "Meaning" relate to the entry in the table row "Bit status".

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 88

Configuration

Bit

7 6 5 4 3 2 1

Flag name EXISTENT

Meaning

undershot

Bit status

(always

Generation of events if a data point status changes

4.12.6

Data point index

Configuration of the data point index

Note Data points for the inter-station communication with a CP in another S7 station

Note that for inter (data point pair) must be identical for the sending and receiving CP, see also section Partner stations: Configuring the inter

4.12 Data point configuration

Table 4- 2 Bit assignment of status byte 0

- NON_

- Data point does not exist or S7 address unreachable

1 1

SB LOCAL_

FORCED

Substitute value

(Bit is not set.)

(irrelevant)

With data points that were configured as an event, the change to the status bit of the status identifiers described below also leads to an event being generated.

Example: If the value of the status "RESTART" of a data point configured as an event changes form 1 (value not yet updated) to 0 (value updated) when the station starts up, this causes an event to be generated.

CARRY OVER_

RANGE

Counted value overflow before reading the value

1 1 1 1

Limit value of the analog value preprocessing overshot /

RESTART ONLINE

Value not updated after start

Value is valid, CPU in RUN

Within a CP, the indexes of the data point classes must comply with the following rules:

● Input

The index of a data point of the type input must be unique throughout all data point types (digital inputs, analog inputs etc.).

● Output

– A data point of the type output can have the same index as a data point of the type

input.

– Several data points of the type output can have the same index.

-station communication, the indexes of the two corresponding data points

-station communication (Page 99).

CP 1243-7 LTE

88 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 89

Configuration

4.12.7

Read cycle

Priority of the data points

Structure of the CPU scan cycle

High-priority read jobs

Low priority read jobs

Write jobs

Cycle pause time

4.12 Data point configuration

The cyclic reading of the values of input data points from their assigned PLC tags on the CPU can be prioritized.

Less important input data points do not need to be read in every CPU scan cycle. Important input data points, on the other hand, can be prioritized for updating in every CPU scan cycle.

You can prioritize the data points in STEP 7 in the data point configuration in the "General" tab with the "Read cycle" parameter. There you will find the two following options for input data points:

● Fast cycle

● Normal cycle

The data points are read according to the method described below.

The cycle (including the pause) with which the CP scans the memory area of the CPU is made up of the following phases:

●

The values of input data points with the scan priority "High-priority" are read in every scan cycle.

●

Some of the values of input data points with the scan priority "Low-priority" are read in every scan cycle.

The number of values read per cycle is specified for the CP in the "Communication with the CPU" parameter group with the "Max. number of read jobs" parameter. The values that exceed this value and can therefore not be read in one cycle are then read in the next or one of the following cycles.

●

In every cycle, the values of a certain number of unsolicited write jobs are written to the CPU. The number of values written per cycle is specified for the CP in the "Communication with the CPU" parameter group with the "Max. number of write jobs" parameter. The values whose number exceeds this value are then written in the next or one of the following cycles.

●

This is the waiting time between two scan cycles. It is used to reserve adequate time for other processes that access the CPU via the backplane bus of the station.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 90

Configuration

4.12.8

"Trigger“ tab

Trigger

Saving the value of a data point configured as an event

Threshold value trigger

Time trigger

Event trigger (Trigger tag)

Resetting the trigger tag in the bit memory area / DB:

Note Fast setting of triggers

Triggers must not be set faster than a minimum interval of 500 milliseconds. This also applies to hardware triggers (input area).

Note Hardware trigger

You need to reset hardware triggers via the user progra

Transferring the value of a data point configured as an event

4.12 Data point configuration

Data points are configured as a static value or as an event using the "Type of transmission" parameter:

Saving the value of a data point configured as an event in the send buffer (message memory) can be triggered by various trigger types:

●

The value of the data point is saved when this reaches a certain threshold. The threshold is calculated as the difference compared with the last stored value, refer to the section Threshold value trigger (Page 91).

●

The value of the data point is saved at configurable intervals or at a specific time of day.

●

The value of the data point is saved when a configurable trigger signal is fired. For the

trigger signal, the edge change (0 → 1) of a trigger tag is evaluated that is set by the user

program. When necessary, a separate trigger tag can be configured for each data point.

If the memory area of a trigger tag is in the bit memory or in a data block, the CP resets the trigger variable itself to 0 (zero) as soon as the value of the data point has been transferred. This can take up to 500 milliseconds.

You specify whether the value of a data point is transferred to the communications partner immediately after the trigger fires or after a delay in the "Transmission mode" parameter.

CP 1243-7 LTE

90 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 91

Configuration

Transmission mode

4.12.9

Threshold value trigger

Note Threshold value trigger: Calculation only after "Analog value preprocessing"

Note that the analog value preprocessing is performed before the ch threshold value and before calculating the threshold value.

This affects the value that is configured for the threshold value trigger.

Note No Threshold value trigger if Mean value generation is configured

If mean value generation analog value event involved.

Threshold value trigger

Function

4.12 Data point configuration

The transmission mode of a frame is set in the "Trigger" tab of the data point. With the option, you specify whether messages of events are sent immediately or following a delay:

● Immediate transfer - Spontaneous

The value is transferred immediately.

● Buffered transfer - Conditionally spontaneous

The value is transferred only when one of the following conditions is fulfilled:

– The communications partner queries the station.

– The value of another event with the transmission mode “Spontaneous" is transferred.

For the time sequence of the analog value preprocessing refer to the section Analog value preprocessing (Page 93).

eck for a configured

is configured, no threshold value trigger can be configured for the

If the process value deviates by the amount of the threshold value, the process value is saved.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 92

Configuration

Absolute method

Integrative method

Absolute method

Integrative method

Time [s]

(calculation cycle)

Process value

stored in the

send buffer

Current process

value

Absolute deviation

from the stored

value

Integrated devia-

tion

20.0

20.0 0 0

1.0 19.8

-0.2

0.1

1.5 20.2

+0.2

0.3

2.0 20.5

+0.5

0.8

2.5 20.3

+0.3

1.1

4.12 Data point configuration

Two methods are used to calculate the threshold value deviation:

●

With binary and counter values as well as with analog values with configured mean value generation, the absolute method is used to calculate the threshold value deviation.

●

With analog values without configured mean value generation, the integrating method is used to calculate the threshold value deviation.

In the integration threshold value calculation, it is not the absolute value of the deviation of the process value from the last stored value that is evaluated but rather the integrated deviation.

For each binary value a check is made to determine whether the current (possibly smoothed) value is outside the threshold value band. The current threshold value band results from the last saved value and the amount of the configured threshold value:

● Upper limit of the threshold value band: Last saved value + threshold value

● Lower limit of the threshold value band: Last saved value - threshold value

As soon as the process value reaches the upper or lower limit of the threshold value band, the value is saved. The newly saved value serves as the basis for calculating the new threshold value band.

The integration threshold value calculation works with a cyclic comparison of the integrated current value with the last stored value. The calculation cycle in which the two values are compared is 500 milliseconds. (Note: The calculation cycle must not be confused with the scan cycle of the CPU memory areas).

The deviations of the current process value are totaled in each calculation cycle. The trigger is set only when the totaled value reaches the configured value of the threshold value trigger and a new process value is entered in the send buffer.

The method is explained based on the following example in which a threshold value of 2.0 is configured.

Table 4- 3 Example of the integration calculation of a threshold value configured with 2.0

CP 1243-7 LTE

92 Operating Instructions, 04/2017, C79000-G8976-C381-03

0.5 20.3 +0.3 0.3

Page 93

Configuration

Time [s]

(calculation cycle)

Process value

stored in the

send buffer

Current process

value

Absolute deviation

from the stored

value

Integrated devia-

tion

3.0 20.4

+0.4

1.5

20.5 20.5

2.0 4.0 20.4

-0.1

4.5 20.1

-0.4

-0.5

5.0 19.9

-0.6

-1.1

5.5 20.1

-0.4

-1.5

6.0

19.9

-0.6

-2.1

4.12.10

Analog value preprocessing

Requirements and restrictions

Note Restrictions due to configured triggers

The analog value preprocessing options "Fault suppression time", "Limit value calculation" and "smoothing" are not performed if no threshold value trigger is configured data point.. In these cases, the read process value of the data point is entered in the image memory of the CP before the preprocessing cycle of the threshold value calculation (500 ms) elapses.

4.12 Data point configuration

3.5

+0.5

With the changes in the process value shown in the example, the threshold value trigger configured with 2.0 fires twice:

● At the time 3.5 s: The value of the integrated deviation is at 2.0. The new process value stored in the send buffer is 20.5.

● At the time 6.0 s: The value of the integrated deviation is at 2.1. The new process value stored in the send buffer is 19.9.

In this example, if a deviation of the process value of approximately 0.5 should fire the trigger, then with the behavior of the process value shown here a threshold value of approximately 1.5 ... 2.5 would need to be configured.

CPs with data point configuration support analog value preprocessing. For analog value data points, some or all of the functions described below can be configured.

You will find the requirements for the configuration of the preprocessing options and restrictions in the section relating to the particular function.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

for the relevant

Page 94

Configuration

Sequence of the analog value preprocessing options

4.12 Data point configuration

The values of analog inputs configured as an event are processed on the CPU according to the following scheme:

Figure 4-5 Sequence of the analog value preprocessing

CP 1243-7 LTE

94 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 95

Configuration

Mean value generation

Note Restricted preprocessing options if mean value generation is configured

If you configure mean value generation for an analog value event, the following preprocessing options are

•

Function

Input modules: Overflow range / underflow range

4.12 Data point configuration

The 500 millisecond cycle is started by the integrative threshold value calculation. In this cycle, the values are saved even when the following preprocessing options are enabled:

● Unipolar transfer

● Fault suppression time

● Limit value calculation

● Smoothing

not available:

Unipolar transfer Fault suppression time Smoothing

With this parameter, acquired analog values are transferred as mean values.

If mean value generation is active, it makes sense to configure a time trigger..

The current values of an analog data point are read in a 100 millisecond cycle and totaled. The number of read values per time unit depends on the read cycle of the CPU and the CPU scan cycle of the CP.

The mean value is calculated from the accumulated values as soon as the transfer is triggered by a trigger. Following this, the accumulation starts again so that the next mean value can be calculated.

The mean value can also be calculated if the transmission of the analog value message is triggered by a request from the communications partner. The duration of the mean value calculation period is then the time from the last transmission (for example triggered by the trigger) to the time of the request. Once again, the accumulation restarts so that the next mean value can be calculated.

As soon as a value is acquired in the overflow or underflow range, mean value generation is stopped. The value 32767 / 7FFF

or -32768 / 8000h is saved as an invalid mean value for

the current mean value calculation period and sent with the next message.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 96

Configuration

Note Fault suppression time > 0 configured

If you have configured an error suppression time and then enable mean value generation, the value of the error suppression time is grayed out but no longer used. If mean value genera

Unipolar transfer

Restrictions

Function

Fault suppression time

Requirements for the function

Restrictions

Function

4.12 Data point configuration

The calculation of a new mean value is then started. If the analog value remains in the overflow or underflow range, one of the two values named is again saved as an invalid mean value and sent when the next message is triggered.

tion is enabled, the error suppression time is set to 0 (zero) internally.

Unipolar transfer cannot be configured at the same time as mean value generation. Enabling unipolar transfer has no effect when mean value generation is activated.

With unipolar transfer, negative values are corrected to zero. This can be desirable if values from the underrange should not be transferred as real measured values.

Exception: With process data from input modules, the value -32768 / 8000 a live zero input is transferred.

With a software input, on the other hand, all values lower than zero are corrected to zero.

Configuration of the threshold trigger for this data point

The fault suppression time cannot be configured at the same time as mean value generation. A configured value has no effect when mean value generation is activated.

A typical use case for this parameter is the suppression of peak current values when starting up powerful motors that would otherwise be signaled to the control center as a disruption.

The transmission of an analog value in the overflow (7FFF suppressed for the specified time. The value 7FFF suppression time has elapsed, if it is still pending.

for wire break of

) or underflow range (8000h) is

or 8000H is only sent after the fault

If the value returns to the measuring range before the fault suppression time elapses, the current value is transferred.

CP 1243-7 LTE

96 Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 97

Configuration

Input modules

Recommendation for finished values that were preprocessed by the CPU:

Smoothing factor

Requirements for the function

Restrictions

Function

4.12 Data point configuration

The suppression is adjusted to analog values that are acquired directly by the S7 analog input modules as raw values. These modules return the specified values for the overflow or underflow range for all input ranges (also for live zero inputs).

An analog value in the overflow range (32767 / 7FFF

) or underflow range (-32768 / 8000h)

is not transferred for the duration of the fault suppression time. This also applies to live zero inputs. The value in the overflow/underflow range is only sent after the fault suppression time has elapsed, if it is still pending.

If the CPU makes preprocessed finished values available in bit memory or in a data block, suppression is only possible or useful if these finished values also adopt the values listed above 32767 / 7FFF

or -32768 / 8000h in the overflow or underflow range. If this is not the

case, the parameter should not be configured for preprocessed values.

For finished values preprocess in the CPU, the limits for the overflow and underflow can be freely assigned.

Configuration of the threshold trigger for this data point

The smoothing factor cannot be configured at the same time as mean value generation. A configured value has no effect when mean value generation is activated.

Analog values that fluctuate quickly can be evened out using the smoothing function.

The smoothing factors are calculated according to the following formula as with S7 analog input modules.

where

= smoothed value in the current cycle

= value acquired in the current cycle n

k = smoothing factor

The following values can be configured for the module as the smoothing factor.

● 1 = No smoothing

● 4 = Weak smoothing

● 32 = Medium smoothing

● 64 = Strong smoothing

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 98

Configuration

Set limit value 'low' / Set limit value 'high'

Requirements for the function

Function

Status identifier "OVER_RANGE" / "overflow"

Configuration of the limit value

Range

Raw value (16 bits) of the PLC tag

Module output [mA]

Measuring

range [%]

Decimal

Hexadecimal

0 .. 20

(unipolar)

-20 .. +20 (bipolar)

4 .. 20

(life zero)

Overflow

32767

7FFF

> 23.515

> 22.810

> 117.593

27649

6C01

20.001

100.004

0000

4.12 Data point configuration

● Configuration of the threshold trigger for this data point

● PLC tag in the bit memory operand area or data area

The analog value data point must be linked to a PLC tag in the bit memory or data area (data block). For PLC tags of hardware modules (input operand area) limit value configuration is not possible.

The configuration of limit values is pointless for measured values that have already been preprocessed on the CPU.

In these two input boxes, you can set a limit value in the direction of the start of the measuring range or in the direction of the end of the measuring range. You can also evaluate the limit values, for example as the start or end of the measuring range.

With protocols that support status identifiers, if the limit value is overshot or undershot, the status identifier of the data point is set for measured range violation indicated below as the identifier "OV". This status identifiers are described in the section Status IDs of data points (Page 87).

The "OV" bit of the status identifier of the data point is set as follows when the relevant analog value is transferred:

● Limit value 'high':

– If the limit value is exceeded: OV = 1

– If the value then falls below the limit value: OV = 0

● Limit value 'low':

– If the value falls below the limit value: OV = 1

– If the value then exceeds the limit value: OV = 0

The limit value is configured as a whole decimal number. The range of values is based on the range of values of the raw value of analog input modules.

Overrange 32511

Nominal range (unipolar / life zero)

CP 1243-7 LTE

98 Operating Instructions, 04/2017, C79000-G8976-C381-03

...

27648

...

7EFF

...

6C00

...

23.515 ...

...

23.515 ...

22.810 ...

...

117.593 ...

100

...

Page 99

Configuration

Range

Raw value (16 bits) of the PLC tag

Module output [mA]

Measuring

range [%]

Decimal

Hexadecimal

0 .. 20

(unipolar)

-20 .. +20 (bipolar)

4 .. 20

(life zero)

... -27648

... 9400

... -20

... -100

-4864

ED00

-3.518

1.185

-17.59

-32512

8100

-23.516

-117.593

Undershoot / wire break

-32768

8000

< -3.518

< 1.185

< -17.593

Note Evaluation of the value even when the option is disabled

If you enable one or both options and configure a value and then disable the option later, the grayed out value is nevertheless evaluated.

To disable the two options, delete the previously configured values limit values from the input boxes and then disable the relevant option.

Recommendation for quickly fluctuating analog values:

4.12.11

Partner stations: Configuring the inter-station communication

4.12.11.1

Options for specifying the communications partner

Telecontrol server enabled / Partners for inter-station communication

4.12 Data point configuration

Nominal range (bipolar) 27648 ...

Underrange (unipolar / life zero)

Underrange (bipolar) -27649

-1 ...

...

Please note: The entry of the value 0 (zero) is interpreted as a deactivated limit value.

6C00 ...

0000

FFFF

...

93FF

...

20 ...

-0.001 ...

-20.001

3.999

...

100 ...

-0.004

...

-100.004

...

If the analog value fluctuates quickly, it may be useful to smooth the analog value first if limit values are configured.

Here you specify who will be the communication partner of the data point.

If no CP was enabled as the partner for inter-station communication, the "Telecontrol server enabled" option is selected automatically. In this case, the telecontrol server is the communications partner of the data point.

If instead a CP of an S7 station should be the communications partner of the data point, select the option "Partner for inter-station communication".

The telecontrol server and a CP in an S7 station cannot be selected as the partner at the same time.

CP 1243-7 LTE Operating Instructions, 04/2017, C79000-G8976-C381-03

Page 100

Configuration

Partner number (inter-station communication)

Data point index

Note:

4.13

Messages

Configuration of the messages

Requirements and necessary information

4.13 Messages

Specify the partner CP for inter-station communication for the selected data point by selecting the required partner from the drop-down list. The access ID of the relevant partner is shown in brackets.

The partners you specified in the "Partner stations" > "Partner for inter-station communication" can be selected.

Index of the corresponding data point on the communications partner.

● The data pair of the sending and receiving CP must have an identical data point index. A receiving data point of CP 2 corresponds to a sending data point of CP 1 with the same data point index.

● For the opposite communications direction, a second pair of data points must be created: A sending data point of CP 2 corresponds to the receiving data point of CP 1. Once again, both have an identical data point index.

If important events occur, the CP can send messages. The following are configurable:

● SMS

The recipient can be a mobile phone or an S7-1200.

● E-mails

The recipient can be a PC with an Internet connection or an S7-1200.

You configure the messages with the message editor of the CP. You can find this using the project tree: directory of the station > Local modules > CP

For information on the network editor, refer to the section Data point configuration (Page 76).

You will find the characters permitted for message texts in the section Permitted characters in the configuration (Page 103).

To transfer messages, telecontrol communication (parameter group "Communication types") no longer needs to be enabled. With the CP you can send messages without using telecontrol communication.

You will find the general requirements for using mobile wireless services such as network, contract or IP address in the section Requirements for operation (Page 20).

CP 1243-7 LTE

100 Operating Instructions, 04/2017, C79000-G8976-C381-03

Siemens CP 1243-7 LTE, S7-1200 TeleControl, CP 1243-7 LTE-EU, CP 1243-7 LTE-US Operating Instructions Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Legal information

Preface

Table of contents

Connecting the S7-1200 to a mobile wireless network

1.2 Communications services

1.3 Other services and properties

1.4 Security functions

1.5 Configuration limits and performance data

1.6 Requirements for operation

1.7 Configuration examples

Opening the housing

2.2 LEDs

Power supply

2.3 Electrical connectors

Wireless interface

Important notes on using the device

Notices on use in hazardous areas

Notes on use in hazardous areas according to ATEX / IECEx

Notices regarding use in hazardous areas according to UL HazLoc

3.2 Installing the CP and commissioning

3.3 Notes on operation

Security recommendations

4.2 Configuration in STEP 7

4.3 Information required for configuration

4.4 Time-of-day synchronization

4.5 Communication types

4.6 Mobile wireless communications settings

4.7 Ethernet interface (X1)

Access to the Web server

Partner stations > Telecontrol server

4.8 Partner stations

Acknowledgment

Connection establishment

Partner for inter-station communication

Communication with the CPU

4.9 DNS configuration

4.11 Security

CP identification

Firewall

Notation for the source IP address (advanced firewall mode)

Firewall settings for configured connection connections via a VPN tunnel

Authorized phone numbers

E-mail configuration

Log settings - Filtering of the system events

VPN

VPN (Virtual Private Network)

Addressing the CP when using VPN

Creating a VPN tunnel for S7 communication between stations

Communications partners in a VPN group

Connection to the telecontrol server

CP as passive subscriber of VPN connections

SYSLOG

Certificate manager

Handling certificates

Data point configuration

4.12 Data point configuration

Datapoint types

Syntax of the data point names

Process image, type of transmission, event classes, triggers

Status IDs of data points

Data point index

Read cycle

"Trigger“ tab

Threshold value trigger

Analog value preprocessing

Partner stations: Configuring the inter-station communication

Options for specifying the communications partner

4.13 Messages