Page 1
CP 1243-8 IRC
___________________
___________________
___________________
___________________
___________________
___________________
___________________
___________________
___________________
___________________
___________________
___________________
SIMATIC NET
S7-1200 - TeleControl
CP 1243-8 IRC
Operating Instructions
06/2015
C79000
Preface
Application and properties
1
LEDs and connectors
2
Installation, connecting up,
commissioning
3
Configuration and operation
4
Programming the program
blocks (OUC)
5
Diagnostics and upkeep
6
Technical data
7
Approvals
A
Dimension drawings
B
Accessories
C
Documentation references
D
-G8976-C385-01
Page 2
Siemens AG
Division Process Industries and Drives
Postfach 48 48
90026 NÜRNBERG
GERMANY
C79000-G8976-C385-01
Ⓟ
Copyright © Siemens AG 2015.
All rights reserved
Legal information
Warning notice system
DANGER
indicates that death or severe personal injury will result if proper precautions are not taken.
WARNING
indicates that death or severe personal injury may result if proper precautions are not taken.
CAUTION
indicates that minor personal injury can result if proper precautions are not taken.
NOTICE
indicates that property damage can result if proper precautions are not taken.
Qualified Personnel
personnel qualified
Proper use of Siemens products
WARNING
Siemens products may only be used for the applications described in the catalog and in the relevant technical
maintenance are required to ensure that the products operate safely and without any problems. The permissible
ambient conditions must be complied with. The information in the relevant documentation must be observed.
Trademarks
Disclaimer of Liability
This manual contains notices you have to observe in order to ensure your personal safety, as well as to prevent
damage to property. The notices referring to your personal safety are highlighted in the manual by a safety alert
symbol, notices referring only to property damage have no safety alert symbol. These notices shown below are
graded according to the degree of danger.
If more than one degree of danger is present, the warning notice representing the highest degree of danger will
be used. A notice warning of injury to persons with a safety alert symbol may also include a warning relating to
property damage.
The product/system described in this documentation may be operated only by
task in accordance with the relevant documentation, in particular its warning notices and safety instructions.
Qualified personnel are those who, based on their training and experience, are capable of identifying risks and
avoiding potential hazards when working with these products/systems.
Note the following:
documentation. If products and components from other manufacturers are used, these must be recommended
or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and
All names identified by ® are registered trademarks of Siemens AG. The remaining trademarks in this publication
may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
We have reviewed the contents of this publication to ensure consistency with the hardware and software
described. Since variance cannot be precluded entirely, we cannot guarantee full consistency. However, the
information in this publication is reviewed regularly and any necessary corrections are included in subsequent
editions.
for the specific
05/2015 Subject to change
Page 3
Preface
Preface
Validity of this manual
CP 1243-8 IRC
This document contains information on the following product:
●
Article number 6GK7 243-8RX30-0XE0
Hardware product version 1
Firmware version V2.1
The CP is the communications processor for connection of the SIMATIC S7-1200 via
public or private infrastructures to a telecontrol master station. The communication is
handled using the SINAUT ST7 protocol.
With the help of VPN technology and the firewall, the CP allows protected access to the
S7-1200.
The CP can also be used as an additional interface of the CPU for S7 communication.
Figure 1 CP 1243-8 IRC
Behind the top hinged cover of the module housing, you will see the hardware product
version to the right of the article number printed as a placeholder "X". If the printed text is, for
example, "X 2 3 4", "X" would be the placeholder for hardware product version 1.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
You will find the MAC address under the lower hinged cover of the housing.
3
Page 4
Preface
Product names and abbreviations
CP
IRC
STEP 7
STEP 7 V5
STEP 7 Basic
Proxy
Purpose of the manual
Current manual release on the Internet
Required experience
The following short forms are used in this document:
●
Die Kurzform wird stellvertretend für die vollständige Produktbezeichnung
"CP 1243-8 IRC" verwendet.
●
Industrial Remote Commmunication
●
The short form of the configuration tool is used below for the following products:
– STEP 7 V5.5
– STEP 7 Basic / STEP 7 Professional
The short form "STEP 7" is only used when the product is self-explanatory in the
particular context.
●
Short form for the product STEP 7 V5.5
●
Short form for the product STEP 7 Basic or STEP 7 Professional in the TIA Portal
●
"PROXY CP1243-8 IRC", substitute module for the CP 1243-8 IRC in the catalog of
STEP 7 V5 / HW Config.
This manual describes the properties of this module and supports you when installing and
commissioning it.
The required configuration steps are described as an overview and there are explanations of
the relationship between firmware functions and configuration.
You will also find information about the diagnostics options of the device.
You will also find the current version of this manual on the Internet pages of Siemens
Industry Online Support under at the following address:
Link: (https://support.industry.siemens.com/cs/ww/en/ps/21162/man)
To install, commission and operate the CP, you require experience in the following areas:
● Automation engineering
● Setting up the SIMATIC S7-1200
● SIMATIC STEP 7 V5
● SIMATIC STEP 7 Basic / Professional
CP 1243-8 IRC
4 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 5
Preface
Requirements for use of the module
Sources of information and other documentation
SIMATIC NET glossary
License conditions
Note
Open source software
Read the license conditions for open source software carefully before using the product.
Security information
You will find the requirements for using the module in the section Requirements for operation
(Page 19).
You will find an overview of further reading and references in the Appendix of this manual.
Explanations of many of the specialist terms used in this documentation can be found in the
SIMATIC NET glossary.
You will find the SIMATIC NET glossary here:
● SIMATIC NET Manual Collection or product DVD
The DVD ships with certain SIMATIC NET products.
● On the Internet under the following entry ID:
You will find license conditions in the following documents on the supplied data medium:
● DOC_OSS-S7CMCP_74.pdf
● DOC_OSS-CP1243-8_76.pdf
Siemens provides products and solutions with industrial security functions that support the
secure operation of plants, solutions, machines, equipment and/or networks. They are
important components in a holistic industrial security concept. With this in mind, Siemens’
products and solutions undergo continuous development. Siemens recommends strongly
that you regularly check for product updates.
For the secure operation of Siemens products and solutions, it is necessary to take suitable
preventive action (e.g. cell protection concept) and integrate each component into a holistic,
state-of-the-art industrial security concept. Third-party products that may be in use should
also be considered. For more information about industrial security, visit
http://www.siemens.com/industrialsecurity.
50305045 (http://support.automation.siemens.com/WW/view/en/50305045)
To stay informed about product updates as they occur, sign up for a product-specific
newsletter. For more information, visit http://support.automation.siemens.com.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
5
Page 6
Preface
Firmware
Training, Service & Support
The firmware is signed and encrypted. This ensures that only firmware created by Siemens
can be downloaded to the device.
You will find information on Training, Service & Support in the multi--language document
"DC_support_99.pdf" on the data medium supplied with the documentation.
CP 1243-8 IRC
6 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 7
Table of contents
Preface ................................................................................................................................................... 3
1 Application and properties ..................................................................................................................... 11
2 LEDs and connectors ............................................................................................................................ 29
3 Installation, connecting up, commissioning ............................................................................................ 37
4 Configuration and operation .................................................................................................................. 45
1.1 Properties of the CP ................................................................................................................ 11
1.2 Communications services ....................................................................................................... 11
1.3 Other services and properties ................................................................................................. 15
1.4 Performance data and configuration limits ............................................................................. 18
1.5 Requirements for operation .................................................................................................... 19
1.6 Connection to various network types ...................................................................................... 21
1.7 Configuration examples .......................................................................................................... 23
2.1 Opening the covers of the housing ......................................................................................... 29
2.2 LEDs ....................................................................................................................................... 30
2.3 Electrical connectors ............................................................................................................... 35
2.3.1 Power supply .......................................................................................................................... 35
2.3.2 Ethernet interface X1P1 .......................................................................................................... 36
2.3.3 Serial connection for TS module ............................................................................................. 36
3.1 Important notes on using the device ....................................................................................... 37
3.1.1 Notices about use in hazardous areas ................................................................................... 37
3.1.2 Notices about use in hazardous areas according to ATEX .................................................... 38
3.1.3 Notices about use in hazardous areas according to UL HazLoc ............................................ 39
3.2 Installing, connecting up and commissioning ......................................................................... 39
4.1 Note on operation ................................................................................................................... 45
4.2 Configuration in STEP 7 ......................................................................................................... 45
4.3 Connection partners and connection establishment ............................................................... 46
4.4 Acknowledgment ..................................................................................................................... 47
4.5 Time-of-day synchronization ................................................................................................... 47
4.6 Configuration in STEP 7 V5 .................................................................................................... 48
4.6.1 Overview of the configuration ................................................................................................. 48
4.6.2 The CP proxy .......................................................................................................................... 49
4.6.3 Points to note when configuring the proxy .............................................................................. 50
4.6.4 Exporting configuration data ................................................................................................... 55
4.7 Configuration in STEP 7 Basic ............................................................................................... 57
4.7.1 Overview of the configuration ................................................................................................. 57
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
7
Page 8
Table of contents
5 Programming the program blocks (OUC)............................................................................................... 97
6 Diagnostics and upkeep ........................................................................................................................ 99
7 Technical data ..................................................................................................................................... 105
A Approvals ............................................................................................................................................ 109
B Dimension drawings ............................................................................................................................. 113
4.7.2 Importing configuration data .................................................................................................. 58
4.7.3 "Communication types" parameter group .............................................................................. 58
4.7.4 "Ethernet interface“ parameter group .................................................................................... 59
4.7.5 "Serial Interface" parameter group ......................................................................................... 62
4.7.6 Parameter group “Partner stations” ....................................................................................... 64
4.7.7 Parameter group "Communication with the CPU" ................................................................. 66
4.7.8 Parameter group "SNMP" ...................................................................................................... 67
4.7.9 Configuring data points and messages ................................................................................. 68
4.7.10 Datapoint types ...................................................................................................................... 70
4.7.11 Data point configuration ......................................................................................................... 71
4.7.12 Process image, type of transmission, event classes ............................................................. 72
4.7.13 CPU scan cycle ...................................................................................................................... 74
4.7.14 "Trigger“ tab ........................................................................................................................... 75
4.7.15 Threshold value trigger .......................................................................................................... 76
4.7.16 Analog value preprocessing ................................................................................................... 78
4.7.17 Messages ............................................................................................................................... 84
4.7.18 Character set SMS ................................................................................................................. 88
4.7.19 E-mail configuration ............................................................................................................... 88
4.8 Security functions ................................................................................................................... 89
4.8.1 VPN ........................................................................................................................................ 90
4.8.1.1 VPN (Virtual Private Network) ................................................................................................ 90
4.8.1.2 Addressing the CP when using VPN ..................................................................................... 91
4.8.1.3 Creating a VPN tunnel for S7 communication between stations ........................................... 91
4.8.1.4 VPN communication with SOFTNET Security Client (PC / engineering station) ................... 93
4.8.1.5 CP as passive subscriber of VPN connections ...................................................................... 94
4.8.2 Firewall ................................................................................................................................... 94
4.8.2.1 Pre-check of messages by the MAC firewall. ........................................................................ 94
4.8.2.2 Firewall settings for S7 connections via a VPN tunnel .......................................................... 94
4.8.2.3 Online diagnostics and downloading to station with the firewall activated ............................ 95
4.8.2.4 Notation for the source IP address (advanced firewall mode) ............................................... 95
4.9 Access to the Web server ...................................................................................................... 96
4.10 Time stamp ............................................................................................................................ 96
5.1 Program blocks for OUC ........................................................................................................ 97
6.1 Diagnostics options ................................................................................................................ 99
6.2 Downloading firmware ......................................................................................................... 100
6.3 Module replacement ............................................................................................................ 103
7.1 Technical specifications of the CP ....................................................................................... 105
7.2 Pin assignment of the socket for the external power supply ............................................... 106
7.3 Pinout of the Ethernet interface ........................................................................................... 107
CP 1243-8 IRC
8 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 9
Table of contents
C Accessories ........................................................................................................................................ 115
D Documentation references .................................................................................................................. 135
Index................................................................................................................................................... 139
C.1 TS modules ........................................................................................................................... 115
C.1.1 The TS modules .................................................................................................................... 115
C.1.2 TS Module Modem ................................................................................................................ 117
C.1.3 TS Module ISDN ................................................................................................................... 119
C.1.4 TS Module RS232 ................................................................................................................. 120
C.1.5 TS Module GSM ................................................................................................................... 122
C.2 Modems ................................................................................................................................ 124
C.2.1 Modems MD2, MD3, MD4 .................................................................................................... 124
C.2.2 MODEM MD720 .................................................................................................................... 126
C.3 Antenna ................................................................................................................................. 129
C.4 Connecting cables ................................................................................................................ 130
C.4.1 Connecting cables for connecting the CP to Ethernet .......................................................... 130
C.4.2 Connecting cables for connecting the modem of the TS Module RS232 ............................. 131
C.4.3 Cables for the WAN connection of the modems ................................................................... 133
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
9
Page 10
Table of contents
CP 1243-8 IRC
10 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 11
1
1.1
Properties of the CP
Application
Expansion of existing SINAUT systems
1.2
Communications services
Telecontrol communication
The CP is intended for operation in a SIMATIC S7-1200 automation system. Der CP ist der
Kommunikationsprozessor zum Anschluss der S7-1200 über öffentliche oder private
Infrastrukturen an eine Telecontrol-Zentrale mit einer der folgenden Applikationen:
● SINAUT ST7cc
● SINAUT ST7sc
● SIMATIC PCS 7 / WinCC TC
● A SINAUT master station S7-300/400
● A SINAUT node station
For the telecontrol communication the CP uses the "SINAUT ST7“ protocol.
You will find the supported transmission protocols and network types in the section
Communications services (Page 11).
With the combination of different security functions such as firewall and protocols for data
encryption, the CP protects the station and even entire automation cells from unauthorized
access and protects the communication between the remote S7 station and the master
station from espionage and manipulation.
In existing SINAUT systems with SIMATIC stations of the family S7-300 / S7-400 and the
corresponding TIM modules for remote transfer, the CP can be used for expansions by S71200 stations.
The CP can be configured like a TIM 3V-IE Advanced so that it is compatible with all ST7
TIM modules.
The following communications services are supported:
The CP is the communications processor for connection of the SIMATIC S7-1200 via public
or private infrastructures to a telecontrol master station. You will find the possible application
of the telecontrol master station in the section Properties of the CP (Page 11).
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
11
Page 12
Application and properties
The telecontrol protocol "ST7"
Functions and services of the telecontrol protocol
Communication with the control center
SMS / E-mail
Inter-station communication
Direct communication
Network types
1.2 Communications services
For telecontrol communication, the CP uses the ST7 protocol on the application layer (OSI
layer 7) for communication via different telecontrol networks.
●
An S7-1200 station with a CP 1243-8 IRC communicates via LAN/WAN with the master
station.
●
Event-driven, the CP can send SMS messages to mobile telephones and e-mails to PCs
with an Internet connection.
– SMS messages can be sent if the CP is connected to a mobile wireless network via
the RS-232 interface.
– If the CP is connected, e-mails can be sent via the Ethernet interface.
Both types of messages are configured in telecontrol communication in STEP 7 Basic.
The use of program blocks is not necessary here. For the configuration, refer to the
section Messages (Page 84).
●
In dedicated line networks and with communication via the mobile wireless network and
the Internet (GSM/MSC), the CP supports inter-station communication between S7-1200
stations via the master station
With inter-station communication, the CP establishes a connection to the master station.
The master station forwards the messages to the destination station.
The partners for inter-station communication must already have been created in the
STEP 7 V5 project.
●
In dial-up networks and Ethernet neworks, there is direct communication between the
subscribers.
The CP makes telecontrol communication possible via the following network types:
● Industrial Ethernet
● Dedicated line / wireless network
● Analog dial-up network, ISDN network
CP 1243-8 IRC
12 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 13
Application and properties
Transmission protocols
MSC
MSCsec
IPsec (VPN)
1.2 Communications services
● Mobile wireless networks
– GSM/GPRS (2G)
With 2.5G router SCALANCE M874-2
– UMTS (3G)
With 3G router SCALANCE M874-3
– LTE
With router SCALANCE M876-4
● IP-based wireless networks
For information on connecting the CP to various network types, refer to the section
Connection to various network types (Page 21).
Simple communication via the mobile wireless network (GSM) and the Internet can be
achieved with the MSC transmission protocol. If the security requirements are higher, the
transmission protocols (OSI layer 3) listed below can be used.
●
Simple Internet communication via the Internet (DSL)
The MSC protocol supports authentication of the communications partners and simple
encryption of data. A user name and a password are included in the encryption. An MSC
tunnel is established between the MSC station and MSC master station.
●
Secure Internet communication using:
– Internet (DSL)
or
– Mobile wireless network (GSM) + Internet (DSL)
MSCsec supports authentication of the communications partners and data encryption
with a user name and password. In addition to this, the shared automatically generated
key is renewed between the communications partners at configurable intervals.
●
Highly secure communication via mobile wireless and the Internet (DSL).
Communication via a mobile wireless network combined with the Internet is made
possible by a router SCALANCE M. The SCALANCE M product series provides various
VPN routers with IPsec and encryption software and their own firewall.
For a description of the configurable Security functions, refer to the section Security
functions (Page 89).
You will find an overview of the possible transmission options in the section Connection to
various network types (Page 21).
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
13
Page 14
Application and properties
Supported network node types
S7 communication and PG/OP communication
PUT/GET
PG functions
Operator control and monitoring functions (HMI)
Communication via Open User Communication (OUC)
1.2 Communications services
The CP with the firmware version described here (refer to the Preface) supports the network
node type "Station".
Depending on the transmission protocol being used, one of the following transfer modes can
be configured in STEP 7 V5.
● GPRS station
● MSC station
● Neutral
Reading / writing data from / to a CPU via the mobile wireless network is possible if S7
communication is enabled in the configuration of the CP.
The following instructions are supported:
●
The CP supports these program blocks as client and server for data exchange with
remote stations (S7-300/400/1200/1500)
●
●
You will find details on the program blocks in the information system of STEP 7 Basic.
For S7 communication, the CP requires a fixed IP address.
Via the Ethernet interface of the CP and the program blocks of the Open User
Communication on the CPU the CP has the following communication options:
● Communication with SIMATIC stations via S7 connections
● Sending e-mails
In contrast to the corresponding service of telecontrol communication (see above), to
transfer e-mails via OUC, program blocks TMAIL_C need to be used, see section
Programming the program blocks (OUC) (Page 97).
CP 1243-8 IRC
14 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 15
Application and properties
1.3
Other services and properties
Other services and properties
Configuration in STEP 7 V5 and STEP 7 Basic
Data point configuration
IP configuration
Time-of-day synchronization
Access to the Web server of the CPU
1.3 Other services and properties
●
For the CP initially a proxy module is configured in STEP 7 V5 that is based on the
TIM 3V-IE Advanced. The configuration data is exported via the SINAUT diagnostics and
service tool as a text file.
Following this, the CP is created in a STEP 7 Basic project, the STEP 7 V5 configuration
data is imported via the text file and the remaining parameters and the data points (see
below) are configured.
For details of the configuration, refer to the following sections:
Requirements for operation (Page 19)
Configuration in STEP 7 (Page 45)
●
Due to the data point configuration in STEP 7 Basic, programming program blocks in
order to transfer the process data is unnecessary. The process data is configured as
individual data points and transferred one-to-1 to the master station.
●
Characteristics of the IP configuration of the Ethernet interface of the CP:
– The CP supports IP addresses according to IPv4.
– Address assignment:
The IP address, the subnet mask and the address of a gateway can be set manually
in the configuration.
As an alternative, the IP address can be obtained from a DHCP server or by other
means outside the configuration.
●
– If telecontrol communication is enabled, the CP can obtain its time of day from the
partner (master station) as the time-of-day synchronization was configured in STEP 7
V5.
For information on the format of the time stamp, refer to the section Time stamp
(Page 96).
– If telecontrol communication is disabled, the time of day can be obtained from an NTP
server.
The time of day of the CP can be read by the CPU. The mechanisms are described in the
STEP 7 information system.
For more information, refer to the section Time-of-day synchronization (Page 47).
●
With the aid of the Web server of the CPU, you can read out module data from the
station.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
15
Page 16
Application and properties
Storage and event-driven transfer of process data
Analog value processing
Online functions
SNMP
Security Functions of the transmission protocols
MSC
MSCsec
1.3 Other services and properties
●
The CP can store events of different classes and transfer the corresponding process
values individually or bundled together to the communications partner. The transfer can
be triggered by various triggers.
●
Analog values can be preprocessed on the CP according to various methods.
●
From an engineering station (ES) on which STEP 7 is installed, you can use the online
functions of STEP 7 via the Ethernet interface of the CP to access the S7-1200 CPU if
the station is located in the same IP subnet.
The following online functions are available:
– Downloading project or program data from the STEP 7 project to the station
– Querying diagnostics data on the station
– Downloading firmware files to the CP
For a remote station located in a different IP subnet or that can be reached via the
Internet, these functions can only be used if the ES (with CP 1628 or via SCALANCE S)
is connected to the station via a VPN tunnel.
●
As an SNMP agent, the CP supports data queries using SNMP (Simple Network
Management Protocol).
For more detailed information, refer to section Parameter group "SNMP" (Page 67).
The transmission protocols that can be used for telecontrol communication support the
following Security-functions:
●
The MSC protocol supports authentication of the communications partners and simple
encryption of data. A user name and a password are included in the encryption. An MSC
tunnel is established between the MSC station and MSC master station.
●
MSCsec supports authentication of the communications partners and data encryption
with a user name and password. In addition to this, the shared automatically generated
key is renewed between the communications partners at configurable intervals.
CP 1243-8 IRC
16 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 17
Application and properties
Industrial Ethernet Security - Security functions of the CP
Firewall
Protection for devices and network segments
Communication made secure by IPsec tunnels (VPN)
Logging
NTP (secure)
STARTTLS / SMTPS
HTTPS
SNMPv3
1.3 Other services and properties
With Industrial Ethernet Security, individual devices, automation cells or network segments
of an Ethernet network can be protected. The data transfer via the CP can be protected from
the following attacks by a combination of different security measures:
● Data espionage
● Data manipulation
● Unwanted access
Secure underlying networks can be operated via additional Ethernet/PROFINET interfaces of
the CPU.
The following security functions can be used independently of telecontrol communication. As
a result of using the CP, as a security module, the following security functions are accessible
to the S7-1200 station on the interface to the external network:
●
– IP firewall with stateful packet inspection (layer 3 and 4)
– Firewall also for "non-IP" Ethernet frames according to IEEE 802.3 (layer 2)
– Limitation of the transmission speed ("Bandwidth limitation")
– Global firewall rule sets
●
The protection provided by the firewall can cover individual devices, several devices or
even entire network segments.
●
VPN tunnel communication allows the establishment of secure IPsec tunnels for
communication with one or more security modules.
The CP can be put together with other modules to form VPN groups during configuration.
IPsec tunnels (VPN) are created between all security modules of a VPN group. All
internal nodes of these security modules can communicate securely with each other
through these tunnels.
●
To allow monitoring, events can be stored in log files that can be read out using the
configuration tool or can be sent automatically to a Syslog server.
●
For secure transfer during time-of-day synchronization (with telecontrol communication
disabled)
●
For the secure transfer of e-mails
●
For secure access to the Web server of the CPU
●
For secure transmission of network analysis information safe from eavesdropping
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
17
Page 18
Application and properties
Note
Plants with security requirements - recommendation
Use the following options:
•
•
1.4
Performance data and configuration limits
Number of CMs/CPs per station
Connection resources
Telecontrol connections
TCP connections
Online functions
S7 connections
PG/OP connections
1.4 Performance data and configuration limits
If you have systems with high security requirements, use the secure protocols HTTPS
and SNMPv3.
If you connect to public networks, you should use the firewall. Think about the services
you want to allow access to the station via public networks. By using the "bandwidth
limitation" of the firewall, you can restrict the possibility of flooding and DoS attacks.
Note the range of performance in the section Performance data and configuration limits
(Page 18).
For information on configuring the security functions, refer to the section Security functions
(Page 89).
You will find further information on the functionality and configuration of the security functions
in the information system of STEP 7 and in the manual /11/ (Page 137).
In each S7-1200 station, up to three CMs/CPs can be plugged in and configured, of which a
maximum of one CP 1243-8 IRC.
●
The CP can establish connections to up to 4 communications partners (master station or
master/node TIM).
The partners can be linked redundantly.
In addition to this, inter-station communication with up to 4 S7 stations with a
CP 1243-8 IRC can be operated via the master station.
●
The CP can establish connections to up to 4 communications partners (S7 stations).
●
1 connection resource is reserved for online functions.
●
8 connection resources for S7 connections (BSEND/BRCV)
These connections are used for SINAUT ST7 communication.
●
CP 1243-8 IRC
18 Operating Instructions, 06/2015, C79000-G8976-C385-01
– 2 connection resources for PG connections
– 1 connection resource for OP connections
Page 19
Application and properties
Number of data points for the data point configuration
Frame memory (send buffer)
Messages: SMS / E-mail
IPsec tunnel (VPN)
Firewall rules
1.5
Requirements for operation
Hardware requirements
1.5 Requirements for operation
The maximum number of configurable data points is 200.
The CP has a frame memory (send buffer) for the values of data points configured as an
event.
The send buffer has a maximum size of 16000 messages. The size of the message memory
is divided equally among all configured communications partners. It can be set in STEP 7
Basic, refer to the section Parameter group "Communication with the CPU" (Page 66).
You will find details of how the send buffer works (storing and sending events) as well as the
options for transferring data in the section Process image, type of transmission, event
classes (Page 72).
Up to 10 SMS messages and e-mails can be sent using telecontrol communication.
Up to 8 IPsec terminals can be established for secure communication with other security
modules.
The maximum number of firewall rules in advanced firewall mode is limited to 256.
The firewall rules are divided up as follows:
● Maximum 226 rules with individual addresses
● Maximum 30 rules with address ranges or network addresses
(e.g. 140.90.120.1 - 140.90.120.20 or 140.90.120.0/16)
● Maximum 128 rules with limitation of the transmission speed ("Bandwidth limitation")
Apart from the CP, in the remote S7-1200, the following hardware is also required:
● A CPU with firmware version as of V4.1
● For communication via WAN networks (dedicated line, dial-up / GSM / wireless network):
A TS module
You will find the TS modules in the telecontrol accessories program, refer to the appendix
TS modules (Page 115).
A TS basic device (TS Adapter) is not required.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
19
Page 20
Application and properties
Configuration software
Downloading the support package from the Internet
Installation of the support package for STEP 7 Basic
Program blocks for Open User Communication and S7 communication
Requirements for using mobile wireless services
1.5 Requirements for operation
● When using the TS Module RS232: The suitable modem
You will find suitable modems in the telecontrol accessories program, refer to the
appendix Modems (Page 124).
● When using the TS Module GSM: An external antenna for the CP
Only use antennas from the telecontrol accessories program, refer to the appendix
Antenna (Page 129).
To configure the CP completely, you require the following products as configuration tools:
● STEP 7 V5.5
● SINAUT Engineering Software V5.5
● STEP 7 Basic V13 + SP1 + Update 2 + Support package 0111
You require the support package for the CP 1243-8 IRC.
The use of the two STEP 7 products is described in the section Configuration and operation
(Page 45).
You will find the support package on the Internet pages of Siemens Industry Support under
at the following address.
Link: (https://support.industry.siemens.com/cs/ww/en/ps/14667/dl)
Install the support package in STEP 7 using the menu command "Options" > "Support
packages” from the file system of the engineering station.
A description of installing support packages is available in the information system of STEP 7
under the search term "Support packages".
For Open User Communication and S7 communication, program blocks are required, see
section Programming the program blocks (OUC) (Page 97).
● A contract with a suitable mobile wireless network provider
The contract must allow the transfer of data.
● IP address:
For communication with the master station, a private (fixed) or public (dynamic) IP
address assigned by the mobile wireless network provider can be used.
CP 1243-8 IRC
20 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 21
Application and properties
1.6
Connection to various network types
Supported network types
1.6 Connection to various network types
● The SIM card and PIN belonging to the mobile wireless contract
The SIM card is inserted in the TS module GSM.
With mobile wireless contracts in which the network provider does not assign a PIN, no
PIN is configured for the CP in STEP 7 V5.
● Local availability of a mobile wireless network in the range of the station.
The CP makes telecontrol communication with the ST7 protocol possible via the network
types listed below.
Connection via the Ethernet interface of the CP:
● IP-based communication via the Ethernet interface the CP:
– Industrial Ethernet
Communication in the LAN (copper / fiber-optic cable)
– Internet
Communication via the Internet
– IP-based wireless network
Communication via IP-based wireless networks
● Connection via the serial interface of the CP
With communication via the network types listed below, in addition to the CP a TS
module, modem or router must be used.
– Dedicated line (incl. analog wireless network)
Communication via dedicated lines or analog wireless networks
– Analog dial-up network
Communication via the analog dial-up network
– ISDN network
Communication via the ISDN network
– Mobile wireless network
IP-based communication via mobile wireless networks (GSM/GPRS, UMTS, LTE)
The following table provides an overview of the supported network types, the devices to be
used in the station and in the communications partner and the protocols or services used.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
21
Page 22
Application and properties
Network type
Station connection (via CP)
Protocols, services
Master station
connection
Modem / Router * /
Switch
Master station
type
S module
Modem / Router * /
Switch
-
ST7cc/ST7sc
-
-
DSL router
MSC/MSCsec
DSL router
TIM 4R-IE
-
SCALANCE M
MSCsec
SCALANCE M
TIM 4R-IE
-
SCALANCE M
VPN
SCALANCE M
TIM 4R-IE
MD2
MD2
modem
modem
TS Module Modem
-
V.32bis/V.34bis
MD3
TIM
TS Module RS232 **
MD3
V.32bis/V.34bis
MD3
TIM
-
-
MSC/MSCsec
***
***
/ TIM 4R-IE
less network
-
/ TIM 4R-IE
*
**
*** As an alternative to the SCALANCE M, you can use a normal DSL router and a SCALANCE S.
1.6 Connection to various network types
Ethernet
Internet
Dedicated line TS Module RS232 **
Analog dial-up
network
ISDN dial-up
network
Mobile wireless networks
TS Module ISDN
TS Module RS232 ** ISDN modem
TS Module GSM
TS Module RS232 ** MD720 GPRS/UMTS/LTE +
SCALANCE M VPN SCALANCE M TIM 4R-IE /
SCALANCE X / W SCALANCE X / W TIM 4R-IE /
Analog wireless
GSM/CSD
RS232
• ISDN
• ISDN +
GSM/CSD
• ISDN
• ISDN +
GSM/CSD
ST7cc/ST7sc
Analog wireless
• ISDN modem
• MD720
• ISDN modem
• MD720
• DSL router
• MD2
DSL router TIM 4R-IE
TIM 3V-IE Adv.
/ TIM 4R-IE
TIM
TIM
TIM
TS Module RS232 ** SCALANCE M
IP-based wire-
For the various requirements, different SCALANCE M routers are available.
For the connection of TS Module RS232 to the modem, a connecting cable must be ordered (see below).
IP wireless modem IP IP wireless modem TIM 3V-IE Adv.
VPN SCALANCE M
You will find information on the accessories in the following sections or literature sections:
● TS modules: /4/ (Page 136)
● Modems: /5/ (Page 136), /6/ (Page 136), /7/ (Page 137), /8/ (Page 137)
● SCALANCE M812/M816: /9/ (Page 137)
● SCALANCE M874/M876: /10/ (Page 137)
● SCALANCE S: /12/ (Page 138)
● Connecting cables between TS Module RS232 and modems: Connecting cables for
connecting the modem of the TS Module RS232 (Page 131)
CP 1243-8 IRC
22 Operating Instructions, 06/2015, C79000-G8976-C385-01
TIM 3V-IE Adv.
Page 23
Application and properties
1.7
Configuration examples
Telecontrol communication - MSC
1.7 Configuration examples
Below, you will find configuration examples for stations with a CP 1243-8 IRC.
In telecontrol communication the station communicates via the CP with a master station.
Communication can take place via various interfaces of the CP and via various network
types.
In the sample configuration shown, stations communicate with a master station TIM that in
turn is connected to a master station of the type SINAUT ST7sc:
● An S7-300 that only communicates via the Internet.
● An S7-300 that communicates via the mobile wireless network and the Internet.
● An S7-1200 with CP 1243-8 IRC that communicates via the mobile wireless network and
the Internet.
All three stations use the transport protocol MSC (or MSCsec).
Figure 1-1 Communication with the MSC protocol via mobile wireless and Internet
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
23
Page 24
Application and properties
Inter-station communication between stations
Telecontrol communication - Ethernet
1.7 Configuration examples
Inter-station communication is possible for stations connected to the same master station.
For the inter-station communication between stations, the master station forwards the
messages of the sending station to the receiving station.
In the sample configuration shown, an S7-300 and two S7-1200 stations communicate with a
master station SINAUT ST7cc/ST7sc.
The CPs are connected via their Ethernet interface.
The connection to the Ethernet network, in this example a fiber-optic cable, is implemented
using SCALANCE X switches. Copper cable is also possible as the medium.
Figure 1-2 Communication via an Ethernet network (optical medium)
CP 1243-8 IRC
24 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 25
Application and properties
Telecontrol communication - Internet
1.7 Configuration examples
In the sample configuration shown, an S7-300 and two S7-1200 stations communicate with a
master station SINAUT ST7cc/ST7sc via the Internet.
The CPs are connected via their Ethernet interface.
VPN tunnels are established via the ADSL router SCALANCE M812.
Figure 1-3 Communication via the Internet with VPN tunnels
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
25
Page 26
Application and properties
Telecontrol communication - redundant paths
1.7 Configuration examples
In this example an S7-1200 with a CP 1243-8 is connected to the master station via
redundant paths:
● One path via a dedicated line
● One path via the Internet
Other network combinations are possible.
As the master station TIM, a TIM 4R-IE is used here that uses the following interfaces:
● One Ethernet interface for connecting to the master station PC
● One Ethernet interface for connection to the Internet (via a SCALANCE M812 router)
● One serial interface for connection to the dedicated line modem MD2
The CP is connected via both interfaces:
● One Ethernet interface for connection to the Internet (via a SCALANCE M812 router)
● Serial interface with TS modules RS-232 for connection to the dedicated line
Figure 1-4 Communication of an S7-1200 via redundant paths
CP 1243-8 IRC
26 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 27
Application and properties
Telecontrol communication - wireless network
1.7 Configuration examples
In this example, the S7 stations communicate with the master station via an IP-based private
wireless network. For this application, suitable IP-based wireless devices must be used.
The CPs are connected via their Ethernet interface. In this configuration as well, an Ethernet
network needs to be configured in STEP 7 V5.
Figure 1-5 Communication via an IP-based private wireless network
Communication via an analog wireless network with communication according to the RS-232
standard is also possible. In this case, the CP 1243-8 would need to be connected to the
wireless device via a TS module RS-232. In this configuration a dedicated line network
would need to be configured in STEP 7 V5.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
27
Page 28
Application and properties
SMS messages and e-mails
SMS
E-mails
1.7 Configuration examples
Figure 1-6 Sending messages by SMS from an S7-1200 station
The CP can send SMS messages to a mobile phone. SMS messages are generated and
sent due to events. You will find the description of the configuration in the following sections:
Configuring data points and messages (Page 68)
Messages (Page 84)
The CP can send e-mails to a PC with an Internet connection or a mobile phone. The
mechanisms for this are as follows:
● E-mails that are generated by the telecontrol application.
E-mails are generated and sent due to events. You will find the description of the
configuration in the following sections:
Configuring data points and messages (Page 68)
Messages (Page 84)
TheE-mail configuration (Page 88)
● E-mails sent as a result of calling the program block TMAIL_C.
You will find information on the blocks in the section Programming the program blocks
(OUC) (Page 97). You will find the description of the programming in the STEP 7
information system.
CP 1243-8 IRC
28 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 29
2
2.1
Opening the covers of the housing
Location of the display elements and the electrical connectors
Opening the covers of the housing
The LEDs for the detailed display of the module statuses are located behind the upper cover
of the module housing.
The Ethernet connector is located behind the lower hinged cover of the module.
Open the upper or lower cover of the housing by pulling it down or up as shown by the
arrows in the illustration. The covers extend beyond the housing to give you a grip.
Figure 2-1 Opening the covers of the housing
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
29
Page 30
LEDs and connectors
2.2
LEDs
LEDs of the module
LED on the front panel
LEDs below the upper cover of the housing
LED on the front panel
LED / colors
Name
Meaning
DIAG
LEDs below the upper cover of the housing
LED (color)
Name
Meaning
(red / green)
LINK
(green)
CONNECT ETH
(green)
VPN
(green)
CONNECT RS232
LED colors and illustration of the LED statuses
Meaning of the LED symbols
Symbol
LED status
OFF
ON (steady light)
Flashing
Not relevant
2.2 LEDs
The module has various LEDs for displaying the status:
●
The "DIAG" LED that is always visible shows the basic statuses of the module.
●
The LEDs below the upper cover provide more detailed information on the module status.
Table 2- 1
(red / green)
Table 2- 2
Basic status of the module
Status of the VPN configuration
• Status of the connection to Industrial Ethernet
• Status of the CPU
Status of the connections to the partner via Ethernet
Status of the connections to the partner via the serial interface
CP 1243-8 IRC
30 Operating Instructions, 06/2015, C79000-G8976-C385-01
The LED symbols in the following tables have the following significance:
Table 2- 3
-
Page 31
LEDs and connectors
Note
LED colors when the module starts up
When the module starts up, all its LEDs are lit for a short time. Multicolored LE
color mixture. At this point in time, the color of the LEDs is not clear.
Display of the basic statuses of the CP ("DIAG" LED)
DIAG
(red / green)
Meaning
(if more than one point listed: alternative meaning)
Basic statuses of the CP
green
flashing green
flashing red-green
2.2 LEDs
Ds display a
Table 2- 4 Display of the basic statuses of the CP
flashing red
• Power OFF
• Incorrect startup
Running (RUN) without serious error
Partner not connected
• Starting up
• Module fault
• Backplane bus error
• Invalid STEP 7 project data
Loading firmware.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
31
Page 32
LEDs and connectors
Display of the operating and communications statuses
DIAG
LINK
CONNECT
ETH
(green)
VPN
CONNECT
RS232
(green)
Meaning
(if more than one point listed: alternative
meaning)
Module startup (STOP → RUN) or error statuses
red green
flashing red
green
red
flashing red
flashing red
flashing red
flashing red
Connection to industrial Ethernet, status of the CPU
green
flashing green
flashing red
2.2 LEDs
The LEDs indicate the operating and communications status of the module according to the
following scheme:
Table 2- 5 Display of the operating and communications statuses
(red / green)
(red / green)
-
- - - - Running (RUN) without serious error
-
- - - - Missing STEP 7 project data
-
-
(green)
Power OFF
Startup - phase 1
Startup - phase 2
- - Invalid STEP 7 project data
-
-
Backplane bus error with configured Ethernet connections
Backplane bus error with configured connections via the serial interface
-
-
-
-
CP 1243-8 IRC
32 Operating Instructions, 06/2015, C79000-G8976-C385-01
-
- - - Connection to Industrial Ethernet exists
- - - Connection to Industrial Ethernet exists
- - - No connection to Industrial Ethernet
- - - Duplicate IP address detected in the Ether-
-
Backplane bus error with configured connections via the Ethernet and the serial interface
CPU in RUN.
CPU in STOP
net network
Page 33
LEDs and connectors
DIAG
LINK
CONNECT
ETH
(green)
VPN
CONNECT
RS232
(green)
Meaning
(if more than one point listed: alternative
meaning)
Connections via Ethernet
ner.
green
Connections via the serial interface
*
partners or all partners reachable .
one partner.
green
Connections via Ethernet and the serial interface
*
reachable.
*
the serial interface or all partners reachable.
2.2 LEDs
(red / green)
green
green
flashing
green
green
flashing
(red / green)
-
-
-
-
-
-
(green)
-
-
-
-
-
-
Configuration of the telecontrol communication via Ethernet error-free and enabled.
Connections established to all partners.
Configuration of the telecontrol communication via Ethernet error-free and enabled.
Connection established to at least one part-
Configuration of the telecontrol communication via Ethernet error-free and enabled. No
connection established
Configuration of the telecontrol communication via the serial interface error-free and
enabled. Connections established to all
Configuration of the telecontrol communication via the serial interface error-free and
enabled. Connection established to at least
Configuration of the telecontrol communication via the serial interface error-free and
enabled. No connection established
green
green
green
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
-
-
-
-
-
-
Configuration of the telecontrol communication via both interfaces error-free and enabled.
All connections established or partners
Configuration of the telecontrol communication via both interfaces error-free and enabled.
At least one connection established via
Ethernet.
Connections established to all partners via
Configuration of the telecontrol communication via both interfaces error-free and enabled.
Connections established to all partners via
Ethernet.
At least one connection established via the
serial interface.
33
Page 34
LEDs and connectors
DIAG
LINK
CONNECT
ETH
(green)
VPN
CONNECT
RS232
(green)
Meaning
(if more than one point listed: alternative
meaning)
ry interface but not all.
green
interface.
No connection established via Ethernet.
VPN connections
established.
Loading firmware
flashing green
green (2x)
flashing red
flashing green
*
ble if the connection has been established and least once and then not aborted.
2.2 LEDs
(red / green)
green
flashing
flashing
green
flashing
green
(red / green)
-
-
-
-
(green)
-
-
-
-
Configuration of the telecontrol communication via both interfaces error-free and enabled.
At least one connection established on eve-
Configuration of the telecontrol communication via both interfaces error-free and enabled. No connection established
Configuration of the telecontrol communication via both interfaces error-free and enabled.
Connection established via Ethernet to at
least one partner.
No connection established via the serial
Configuration of the telecontrol communication via both interfaces error-free and enabled.
Connection established via the serial interface to at least one partner.
- - -
- - -
- - -
flashing
With configured dial-up network connections, a connection is shown as being established or the partner as being reacha-
flashing green
- All configured VPN connections are established.
- Not all configured VPN connections are
- No VPN connection configured on the CP.
Loading firmware. The "DIAG" LED flashes
alternately red and green.
Firmware was successfully loaded. Die LED
"DIAG" flashes green twice.
Error loading the firmware
Remedy: Power OFF → ON
CP 1243-8 IRC
34 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 35
LEDs and connectors
2.3
Electrical connectors
2.3.1
Power supply
Power supply
Note
You only need to connect the external power supply if you us
2.3 Electrical connectors
The 3-pin socket for the external 24 V DC power supply is located on the top of the module.
The matching plug ships with the product.
You will find the pin assignment of the socket in section Pin assignment of the socket for the
external power supply (Page 106).
Figure 2-2 Socket for the 24 V DC power supply
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
e a TS module on the CP.
35
Page 36
LEDs and connectors
2.3.2
Ethernet interface X1P1
Ethernet interface
2.3.3
Serial connection for TS module
Connector for TS module
2.3 Electrical connectors
The Ethernet connector is located behind the lower hinged cover of the module. The
interface is an RJ-45 jack according to IEEE 802.3.
The pin assignment and other data relating to the Ethernet interface can be found in the
section Technical data (Page 105).
The connector for a TS module is located on the left-hand side of the CP under the cover.
See also section Installing, connecting up and commissioning (Page 39).
CP 1243-8 IRC
36 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 37
3
3.1
Important notes on using the device
Safety notices on the use of the device
Overvoltage protection
NOTICE
Protection of the external power supply
3.1.1
Notices about use in hazardous areas
WARNING
EXPLOSION HAZARD
WARNING
Note the following safety notices when setting up and operating the device and during all
associated work such as installation, connecting up or replacing the device.
If power is supplied to the module or station over longer power cables or networks, the
coupling in of strong electromagnetic pulses onto the power supply cables is possible. This
can be caused, for example by lightning strikes or switching of higher loads.
The connector of the external power supply is not protected from strong electromagnetic
pulses. To protect it, an external overvoltage protection module is necessary. The
requirements of EN61000-4-5, surge immunity tests on power supply lines, are met only
when a suitable protective element is used. A suitable device is, for example, the Dehn
Blitzductor BVT AVD 24, article number 918 422 or a comparable protective element.
Manufacturer:
DEHN+SOEHNE GmbH+Co.KG Hans Dehn Str.1 Postfach 1640 D-92306 Neumarkt,
Germany
DO NOT OPEN WHEN ENERGIZED.
The device may only be operated in an environment with pollution degree 1 or 2 (see IEC
60664-1).
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
37
Page 38
Installation, connecting up, commissioning
WARNING
WARNING
EXPLOSION HAZARD
WARNING
EXPLOSION HAZARD
WARNING
3.1.2
Notices about use in hazardous areas according to ATEX
WARNING
Requirements for the cabinet/enclosure
3.1 Important notes on using the device
The equipment is designed for operation with Safety Extra-Low Voltage (SELV) by a
Limited Power Source (LPS).
This means that only SELV / LPS complying with IEC 60950-1 / EN 60950-1 / VDE 0805-1
must be connected to the power supply terminals. The power supply unit for the equipment
power supply must comply with NEC Class 2, as described by the National Electrical Code
(r) (ANSI / NFPA 70).
If the equipment is connected to a redundant power supply (two separate power supplies),
both must meet these requirements.
DO NOT CONNECT OR DISCONNECT EQUIPMENT WHEN A FLAMMABLE OR
COMBUSTIBLE ATMOSPHERE IS PRESENT.
SUBSTITUTION OF COMPONENTS MAY IMPAIR SUITABILITY FOR CLASS I, DIVISION
2 OR ZONE 2.
When used in hazardous environments corresponding to Class I, Division 2 or Class I,
Zone 2, the device must be installed in a cabinet or a suitable enclosure.
To comply with EU Directive 94/9 (ATEX95), the enclosure or cabinet must meet the
requirements of at least IP54 in compliance with EN 60529.
CP 1243-8 IRC
38 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 39
Installation, connecting up, commissioning
WARNING
WARNING
3.1.3
Notices about use in hazardous areas according to UL HazLoc
WARNING
EXPLOSION HAZARD
3.2
Installing, connecting up and commissioning
Prior to installation and commissioning
CAUTION
Read the system manual "S7-1200 Programmable Controller"
3.2 Installing, connecting up and commissioning
If the cable or conduit entry point exceeds 70 °C or the branching point of conductors
exceeds 80 °C, special precautions must be taken. If the equipment is operated in an air
ambient in excess of 50 °C, only use cables with admitted maximum operating temperature
of at least 80 °C.
Take measures to prevent transient voltage surges of more than 40% of the rated voltage.
This is the case if you only operate devices with SELV (safety extra-low voltage).
DO NOT DISCONNECT WHILE CIRCUIT IS LIVE UNLESS AREA IS KNOWN TO BE
NON-HAZARDOUS.
This equipment is suitable for use in Class I, Division 2, Groups A, B, C and D or nonhazardous locations only.
This equipment is suitable for use in Class I, Zone 2, Group IIC or non-hazardous locations
only.
Prior to installation, connecting up and commissioning, read the relevant sections in the
system manual "S7-1200 Programmable Controller", refer to the documentation in the
Appendix.
When installing and connecting up, keep to the procedures described in the system manual
"S7-1200 Programmable Controller".
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
39
Page 40
Installation, connecting up, commissioning
Pulling/plugging the module
NOTICE
Turning off the station when plugging/pulling the module
Dimensions for installation
S7-1200 devices
Width A
Width B *
CPU 1211C, CPU 1212C
90 mm
45 mm
CPU 1214C
110 mm
55 mm
CM 1241, CM 1243-5, CM 1242-5
30 mm
15 mm
CP 1242-7, CP 1243-1, CP 1243-7, CP 1243-8 IRC
30 mm
15 mm
* Width B: The distance between the edge of the housing and the center of the hole in the DIN rail mounting clip
DIN rail clamps, control panel installation
3.2 Installing, connecting up and commissioning
Before pulling or plugging the module, always turn off the power supply to the station.
Figure 3-1 Dimensions for installation of the S7-1200
Table 3- 1 Dimensions for installation (mm)
CPU (examples)
Communications interfaces (examples)
You will find detailed dimensions of the module in the section Dimension drawings
(Page 113).
All CPUs, SMs, CMs and CPs can be installed on the 35 mm DIN rail in the cabinet. Use the
pull-out DIN rail mounting clips to secure the device to the rail. These mounting clips also
lock into place when they are extended to allow the device to be installed in a switching
panel. The inner dimension of the hole for the DIN rail mounting clips is 4.3 mm.
CP 1243-8 IRC
40 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 41
Installation, connecting up, commissioning
Installation location
NOTICE
Installation location
Device position / permitted temperature range
Installation location
Connecting up the device and installing it
CAUTION
Connection with power off
CAUTION
Slot to the left of the CP only for TS module
3.2 Installing, connecting up and commissioning
The module must be installed so that its upper and lower ventilation slits are not covered,
allowing adequate ventilation. Above and below the device, there must be a clearance of 25
mm to allow air to circulate and prevent overheating.
Remember that the permitted temperature ranges depend on the position of the installed
device. You will find the permitted temperature ranges in the section Technical data
(Page 105).
Horizontal installation of the rack
Vertical installation of the rack:
Below you will find a description of mounting the CP and a TS module on a DIN rail. For
mounting the control panel of the S7-1200 refer to /1/ (Page 135).
Only wire up the S7-1200 with the power turned off.
To the left of the CP 1243-8 IRC only a TS module can be inserted.
If you insert another module to the left of the CP, this will damage this module.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
41
Page 42
Installation, connecting up, commissioning
CAUTION
Ground the connecting cable of a TS module separately
Note
Prior to mounting a TS module
For information on mounting a TS module, also rea
manual, see
Note
Power supply from the power outputs of the CPU
The external power su
the sensor supply.
Keep within the maximum load of the power output of the CPU, see
You will find data relating to the current consumption and power loss of the CP in the section
Technical data
Note
Turning off the station when plugging/pulling the CP
Do not only turn off the power supply to the CP. Always turn off the power supply for the
entire station.
3.2 Installing, connecting up and commissioning
Connect the connecting cable of a TS module to the periphery (e.g. modem) separately to
functional ground.
d the appropriate sections in the device
/4/ (Page 136).
pply of the CP must be supplied via the power outputs of the CPU for
/1/ (Page 135).
(Page 105).
CP 1243-8 IRC
42 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 43
Installation, connecting up, commissioning
Step
What to do
Notes and explanations
1
Secure the DIN rail.
2
Recommendation: Store the covers in a safe place for possible
above.
3
inserted.
4
power supply (Page 106).
5
6
Close the front covers of the modules.
7
rail clamps so that they are locked in place.
8
Place the connected modules on the DIN rail.
Use a 35 mm DIN rail.
9
Note
nected together.
10
Turn on the power supply.
3.2 Installing, connecting up and commissioning
Table 3- 2 Procedure for installation and connecting up
Remove the cover on the left-hand side of the
CPU.
1. Insert the tip of a slotted screwdriver in the
gap above the cover.
2. Lever the cover carefully from its holder.
When using a TS module: Remove the cover
on the left-hand side of the CP as described
later use.
Connect the CPU and CP and - if used - the
TS module.
Push to modules carefully together until the
side contacts are completely closed between
the two modules.
Connecting the power supply
• Secure the power supply wires to the
power output of the CPU.
• Secure the wires of the power supply to
the plug supplied with the CP and insert
the plug in the socket on the top of the CP.
Connect the data cable to the CP:
• The Ethernet-cable when using Ethernet-
based communication.
• The relevant cable when using a TS mod-
ule.
If the DIN rail clamps on the rear of the mod-
ules have been pulled out, push in all the DIN
Permitted slots:
• CPU: Right:
• CP: In the middle (to the left of the CPU)
For the CP only one slot to the left beside the CPU is permitted. Only one CP 1243-8 can be inserted.
• TS module: Left (to the left of the CP)
To the left of the CP 1243-8 IRC only a TS module can be
The pinning of the power output of the CPU is printed on the
terminal on the top of the housing of the CPU, see /1/
(Page 135).
The pinning of the power input of the CP is printed on the top
of the housing of the CP beside the socket. You will also find
this in the section Pin assignment of the socket for the external
You will find the pinout of the interface in the section Pinout of
the Ethernet interface (Page 107).
Press the connected modules onto the DIN
rail until the lower DIN rail clamps have locked
in place.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
If you install devices vertically in an environment with vibration
or if you use a TS module GSM, mount end retainers
(8WA1 808) on the rail to ensure that the devices remain con-
43
Page 44
Installation, connecting up, commissioning
Commissioning the module
Dismantling
WARNING
Keep to the order when dismantling
3.2 Installing, connecting up and commissioning
The remaining steps in commissioning involve downloading the STEP 7 project data. One
requirement for the full commissioning of the module is the completeness of the STEP 7
project data, see Configuration and operation (Page 45).
The STEP 7 project data of the CP is transferred when you load to the station. To load the
station, connect the engineering station on which the project data is located to the Ethernet
interface of the CPU.
You will find more detailed information on loading in the following sections of the STEP 7
information system:
● “Loading project data"
● “Using online and diagnostics functions"
Remove the plugs of the data cable from the TS module and from the CP before you
remove the power plug from the CP and therefore disconnect the ground connection of the
devices.
1. Pull down the two lower DIN rail clamps on the rear of the devices with a slotted
screwdriver.
This releases the locking mechanism.
2. Swing the devices out of the DIN rail profile to the front.
CP 1243-8 IRC
44 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 45
4
4.1
Note on operation
NOTICE
Closing the front panels
4.2
Configuration in STEP 7
Configuration in STEP 7 - Overview
STEP 7 V5
STEP 7 Basic
Note
Configuration of connections
Remember to create the connections
To ensure interference-free operation, keep the front panels of the module closed during
operation.
You configure the CP in the following configuration tools one after the other:
●
– Configuration of a proxy for the CP (PROXY CP1243-8 IRC) in an S7-300 station
– Configuration of the connected WAN networks and connections in the SINAUT
engineering software
You will find the description of the procedure in the section Configuration in STEP 7 V5
(Page 48).
●
– Configuration of further parameters of the CP, its data points and messages to be sent
– Downloading the project data from the engineering station to the S7 station
You will find the description of the procedure in the section Configuration in STEP 7 Basic
(Page 57).
You will find the required STEP 7 products and versions in the section Requirements for
operation (Page 19).
to be used by the CP in the STEP 7 V5 project.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
45
Page 46
Configuration and operation
4.3
Connection partners and connection establishment
Telecontrol communication
Connection partner
Connection establishment
Dedicated line
Ethernet, Dial-up network, mobile wireless network, private wireless network
Note
Connection interrupted by the mobile wireless network provider
When using mobile wireless services, remember that existing connections can be
interrupted by mobile wireless network providers for maintenance purposes.
Open User Communication and PG/OP communication
Connection partner
Connection establishment
4.3 Connection partners and connection establishment
With telecontrol communication, the S7 CPU or the PC in the master station of the
connection partner.
In systems with a CP 1243-8 IRC which partner establishes a connection depends on the
type of communication and the relevant configuration. A connection is established depending
on the network type:
●
In communication via a dedicated line, a connection is always established by the master.
The CP operates in polling mode.
●
In communication via dial-up networks and IP-based communication, connections are
established by the CP as the client. The CP operates in spontaneous mode.
If a connection established by the CP is interrupted, the CP automatically attempts to reestablish the connection.
In Open User Communication in an S7 station, the CPU is the connection partner.
Connections are established as soon as the corresponding program blocks are called on the
CPU.
This also applies to the situation when a different S7 station sends data. In this case, the
corresponding receive blocks are called by the receiving station.
CP 1243-8 IRC
46 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 47
Configuration and operation
4.4
Acknowledgment
Acknowledgment of frames
Telecontrol communication
Open User Communication
4.5
Time-of-day synchronization
Time-of-day synchronization
Configuring time-of-day synchronization
Configuration in STEP 7 V5
4.4 Acknowledgment
The receipt of a sent frame is monitored and acknowledged in different ways. The
mechanisms differ depending on the type of communication:
●
Frames sent by the master station are acknowledged immediately by the CP when
received.
Frames sent by the CP are acknowledged by the master station.
– Inter-station communication
Received frames are acknowledged immediately by the CP. The acknowledgement
frame is forwarded by the master station to the sending CP.
●
The successful sending and receipt of frames is indicated by status displays of the
program blocks.
With TCP segments, the protocol-specific acknowledgement mechanisms are used.
With applications that require time-of-day synchronization (e.g. telecontrol), you need to
synchronize the time of day of the CP regularly. If you do not synchronize the time of day of
the CP regularly, there may be deviations of several seconds per day in the time information
of the CP.
If you configure the time-of-day synchronization for the proxy in STEP 7 V5, this information
is adopted when you import the configuration data in STEP 7 Basic.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
47
Page 48
Configuration and operation
Configuration in STEP 7 Basic
Time-of-day synchronization from the STEP 7 V5 project
NTP / NTP (secure)
Time-of-day synchronization of the CPU
4.6
Configuration in STEP 7 V5
4.6.1
Overview of the configuration
Basic procedure for configuration
4.6 Configuration in STEP 7 V5
In STEP 7 Basic, two methods of time-of-day synchronization can be configured for the CP:
●
If the “telecontrol communication“ (parameter group “Communication types“ is enabled in
STEP 7 Basic, the settings for the time-of-day synchronization are adopted as they were
configured for the proxy in the STEP 7 project when the configuration data is imported.
●
If "telecontrol communicationis disabled, it is only possible to synchronize using NTP
mechanisms in STEP 7 Basic
The method NTP (secure) can only be selected if the security functions are enabled.
Configuration:
– Security functions not enabled:
The time-of-day synchronization is configured in the "Ethernet interface > Time
synchronization" parameter group. Only NTP is available as the synchronization
method.
– Security functions enabled:
The time-of-day synchronization is configured in the "Security" parameter group. NTP
and NTP (secure) are available as the synchronization methods.
The secure method NTP (secure) uses authentication with symmetrical keys according to
the hash algorithms MD5 or SHA-1.
You can create and manage additional NTP servers also of the type NTP (secure) in the
global Security settings of the STEP 7 project.
You will find further notes on configuration in the STEP 7 information system.
In STEP 7 Basic, in the parameter group "Communication with the CPU", you can set
whether or not the current time of day of the CP will be made available to the CPU via a PLC
tag.
When configuring in STEP 7 V5, follow the steps described in the system manual SINAUT
ST7 volume 2 "Software". For the manual see /3/ (Page 136).
You will find special features of the configuration of the CP or its proxy in the following
sections.
CP 1243-8 IRC
48 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 49
Configuration and operation
Overview of the configuration of a CP proxy in STEP 7 V5
4.6.2
The CP proxy
"PROXY CP1243-8 IRC" as CP proxy in HW Config
4.6 Configuration in STEP 7 V5
1. Create a STEP 7 project.
2. Create an S7-300 station and the necessary networks.
3. Insert the proxy in the station as the substitute for the CP.
The proxy can be configured like a TIM 3V-IE Advanced with several special properties.
For information on the proxy, refer to the section The CP proxy (Page 49).
4. Perform the configuration in STEP 7 as described in the system manual SINAUT ST7.
5. Perform the configuration in the SINAUT engineering software as described in the system
manual SINAUT ST7.
You will find deviations from the normal configuration in the section Points to note when
configuring the proxy (Page 50).
6. Export the configuration data of the proxy via the SINAUT diagnostics and service tool.
For information on this, refer to section Exporting configuration data (Page 55).
1. In STEP 7 V5 insert any S7-300 CPU in an S7-300 station.
The CPU serves as a placeholder for the SINAUT subscriber number.
2. Insert the proxy as the substitute for the CP.
You will find the module in the catalog of HW Config under the name
"PROXY CP1243-8 IRC".
Figure 4-1 "PROXY CP1243-8 IRC" in the catalog as the substitute for the CP 1243-8 IRC
3. Configure the proxy as a TIM 3V-IE Advanced.
Points to note when configuring are described below.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
49
Page 50
Configuration and operation
4.6.3
Points to note when configuring the proxy
Special properties of the proxy module "PROXY CP1243-8"
Only ST7
Interface configuration
Station
No TD7 software
Time slave
"Mode" of SINAUT-dial-up networks
Connection mode (Ethernet)
4.6 Configuration in STEP 7 V5
Like a TIM 3V-IE Advanced the proxy supports parallel connection to two WAN networks via
the serial and the Ethernet interface.
Compared with the TIM, the proxy has the following differences:
●
Only ST7 is supported as the telecontrol protocol. The use of the CP in systems that use
the older ST1 protocol is not possible.
●
Both interfaces of the proxy can be configured.
●
The proxy can only be configured in a station. Use in a note station or master station is
not possible.
●
For the proxy, no TD7 software is configured, neither TD7onCPU nor TD7onTIM.
The required data is configured in STEP 7 Basic in the data point configuration.
●
The proxy can only be configured as a time slave. The function of time master is not
supported.
●
In the STEP 7 properties dialog of dial-up networks for connected stations with a proxy
only the “spontaneous“ mode is supported.
●
Configuration in the "Interfaces“ tab
– MSC station
The communication is handled using the MSC protocol. The proxy is configured to
connect to the Internet as an MSC station via a DSL router.
– GPRS station
The proxy is configured to connect to the Internet as a GPRS station via an MD720.
– Neutral
On the Ethernet interface, there is normal TCP/IP communication with the ST7
protocol. The proxy is not connected via GPRS and the MSC protocol is not activated.
CP 1243-8 IRC
50 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 51
Configuration and operation
Connection mode (RS232)
4.6 Configuration in STEP 7 V5
●
Configuration in the "Interfaces“ tab
– MSC station
The serial interface is configured as an Ethernet interface. The communication is
handled using the MSC protocol. The proxy is configured to connect to the Internet as
an MSC station via a DSL router.
– Neutral
The serial WAN interface of the proxy is set to the connection mode "Neutral“ if
communication is handled via a dial-up network or dedicated line.
Figure 4-2 Properties dialog, "Interfaces" tab with WAN interface to which a dial-up network is
connected.
● Modems for dial-up networks
In addition to the TIM for communication of the CP via dial-up networks, the required TS
modules for the serial WAN interface of the proxy can be selected in theInterfaces tab,
see below.
● AT strings for TS modules
AT strings were added for the TS modules, see below.
● No SMS configuration
The configuration of the sending of SMS messages is not possible for the proxy in
STEP 7.
You can arrange for the sending of SMS messages in STEP 7 Basic for every data point.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
51
Page 52
Configuration and operation
TS modules in the "Interfaces“ tab
AT strings for TS modules
4.6 Configuration in STEP 7 V5
● No loading of firmware
The loading of firmware files on a CP 1243-8 IRC is not supported.
TS modules are used to connect the serial interface of the CP to dial-up networks that are
also configured in STEP 7 V5 in the “Interfaces“ tab of the Properties dialog of the proxy.
The following figure shows drop-down list for selecting the modem type.
Figure 4-3 Selectable modem types of a WAN interface with a connection to a dial-up network
The following entries are available for the TS modules:
● TS Module GSM
Connection to a GSM network
● TS Module ISDN
Connection to an ISDN network
● TS Module Modem
Connection to an analog dial-up network
● Third-party modem
Select the "3rd party modem" entry in the following cases:.
– Connection to a dedicated line network
For the connection to a dedicated line network via a dedicated line or analog wireless
modem, a TS module RS-232 is connected to the CP.
– Connection to a dial-up network
For the connection to a dial-up network via a third-party modem, a TS module RS-23
is connected to the CP.
The TS module RS-232 cannot be configured in STEP 7 V5.
If the CP is connected to a dial-up network via a TS module, the suitable AT string must be
configured in the properties dialog of the network node in STEP 7 V5 for the network node of
the proxy.
CP 1243-8 IRC
52 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 53
Configuration and operation
-
-
4.6 Configuration in STEP 7 V5
Figure 4-4 Properties of a dial-up network node "AT initialization “ tab
For dial-up network connections via TS modules, AT strings are configured in the AT
Initialization tab of the Properties dialog of the dial-up network node. Depending on the TS
module being used, the following AT strings are preassigned:
● CP with TS Module GSM
ATE0S0=1&D2+CBST=7,0,1;+CRC=1;&W+IPR=115200
● CP with TS Module Modem
AT&FE0&M0&Q6S0=1x3&w0
● CP with TS Module ISDN
partner (master station) with GSM connection:
AT string of the TS Module ISDN in the station:
AT&FE0\N1
Only when transferring via an ISDN network with the following configuration do the AT
strings need to be adapted manually in the "Initialization string" input box.
● CP with TS Module ISDN
partner (master station) with Modem MD4:
– AT string for the TS Module ISDN in the station:
AT&FE0\N2
– AT string for the Modem MD4 in the master station:
ATS45=85$P5\N0&W$M=1
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
53
Page 54
Configuration and operation
Configuring with the SINAUT Engineering Software
4.6 Configuration in STEP 7 V5
Configure the connection of the proxy in the SINAUT configuration tool as usual for a TIM.
Note that for the proxy, neither TD7onCPU nor TD7onTIM is configured.
In the subscriber management of the configuration to, the proxy appears as follows:
Figure 4-5 View of a proxy in the SINAUT subscriber administration
If you double-click on the selected subscriber (proxy) in the subscriber list, you will find the
corresponding entry for the expanded type in the properties dialog of the subscriber:
Figure 4-6 Expanded type of the proxy in the Properties dialog of the subscriber
CP 1243-8 IRC
54 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 55
Configuration and operation
4.6.4
Exporting configuration data
Exporting the configuration data using SDB text files
4.6 Configuration in STEP 7 V5
After completing the configuration of the proxy in STEP 7 V5 and in the SINAUT
configuration tool, the specific configuration data for the telecontrol communication of the
proxy is stored in system data blocks (SDBs) just as with TIM modules.
Follow the steps below to export the configuration data of the proxy:
1. Open the SINAUT diagnostics and service tool with the relevant project.
2. Select the proxy.
3. Open the menu "SINAUT" > "SDB display".
Figure 4-7 Opening the "SDB display" dialog
The "SDB display" dialog opens.
With the drop-down list box "System data blocks" you can display the contents of the
individual SDBs. This is however not relevant for exporting the configuration data.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
55
Page 56
Configuration and operation
Note
TXT file for STEP 7 Basic
You require this exported text file later for
4.6 Configuration in STEP 7 V5
4. Click the "Save" button.
The "Save as" dialog opens.
Figure 4-8 Export of the configuration data of a proxy in the example as the file
"sdbs_CP12438-01.txt".
5. In the file directory of the configuration PC/PG, select a suitable directory for the file of the
configuration data.
6. Select a unique name for the file of the configuration data of this proxy.
Retain the default file type TXT file.
7. Click "Save".
A text file with the data of all SINAUT SDBs is saved in the file directory.
the configuration of the CP in STEP 7 Basic.
CP 1243-8 IRC
56 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 57
Configuration and operation
4.7
Configuration in STEP 7 Basic
4.7.1
Overview of the configuration
Requirement
Overview of configuration in STEP 7 Basic
4.7 Configuration in STEP 7 Basic
The complete configuration of the CP in STEP 7 Basic is only possible after configuring in
STEP 7 V5 (see above).
Follow the steps below when configuring:
1. Create a STEP 7 project.
2. Insert the S7-1200 CPU for the SIMATIC station.
3. Create the PLC tags required for the data points in the CPUs, see also point 7.
4. Insert the CP 1243-8 in the stations.
5. If you use Ethernet-based communication, create an Ethernet network and connect the
CP to the Ethernet network.
The configuration of WAN networks is not possible in STEP 7 Basic and is not necessary.
The configuration of telecontrol connections between the CP and master station is not
possible in STEP 7 Basic and is not necessary.
6. For the CP, import the configuration data using the text file from the STEP 7 V5 project.
For information on the import, refer to the section Importing configuration data (Page 58).
7. Configure the CP:
– Configure the further parameters of the CP.
For information on this, refer to the following sections.
– Configure the data points of the CP.
You will find information on the data points in the section Configuring data points and
messages (Page 68).
– The configuration of the security functions is necessary when using telecontrol
communication.
You will find information on the security functions in the section Security functions
(Page 89) and in /11/ (Page 137).
8. Download the project data to the station.
When you load the station, the project data of the station including the configuration data
of the CP is stored on the CPU.
You will find further information on configuration and downloading in the STEP 7 information
system.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
57
Page 58
Configuration and operation
STEP 7 online help in "Support Packages"
4.7.2
Importing configuration data
Importing the configuration data from STEP 7 V5
4.7.3
"Communication types" parameter group
"Communication types" parameter group
4.7 Configuration in STEP 7 Basic
You will find the CP-specific help in the STEP 7 information system in the section "Support
Packages".
Follow the steps below to import the configuration data from STEP 7 V5
1. In your STEP 7 Basic project, select the CP into which you want to import data from the
STEP 7 V5 project.
2. Select the "Partner stations" parameter group.
3. Click the "Import partner configuration" button.
Figure 4-9 Importing the configuration data
The dialog for selecting the file with the configuration data opens
4. From the file system of the engineering station open the text file that you exported from
the CP proxy from the STEP 7 V5 project.
Figure 4-10 Selection of the file with the configuration data from STEP 7 V5, in the example the
file "sdbs_CP12438-01.txt".
As the result of the import you can see that the directories below the "Partner stations"
parameter group fill up.
In this parameter group, you enable the communication type of the CP.
To minimize the risk of unauthorized access to the station, you need to enable the
communications services that the CP will execute individually. You can enable all options but
at least one option should be enabled.
CP 1243-8 IRC
58 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 59
Configuration and operation
Enable telecontrol communication
Activate online functions
Enabling S7 communication
SMS
Open User Communication
4.7.4
"Ethernet interface“ parameter group
"Station address": Adoption of the subscriber numbers from STEP 7 V5
Adoption of parameters from the STEP 7 V5 project
4.7 Configuration in STEP 7 Basic
●
Enables communication with the master station on the CP.
Note:
To enable telecontrol communication, the Security functions must also be enabled.
●
Enables access to the CPU for the online functions via the CP (diagnostics, loading
project data etc.). If the function is enabled, the engineering station can access the CPU
via the CP.
If the option is disabled, you have no access to the CPU via the CP with the online
functions. Online diagnostics of the CPU with a direct connection to the interface of the
CPU however remains possible.
●
Enables the functions of S7 communication with a SIMATIC S7 on the CP.
If you configure S7 connections to the relevant station, and these run via the CP, you will
need to enable this option on the CP.
If the CP is intended to use the sending of SMS messages, you need to activate this
separately, refer to the section "Serial Interface" parameter group (Page 62).
Open User Communication does not need to be enabled since you then need to create the
relevant program blocks. Unintended access to the CP is therefore not possible.
The subscriber numbers cannot be edited.
As a default, all CPUs and CP 1243-8 have the subscriber number 0.
The subscriber numbers are only displayed after you have imported the configuration data of
the station from the STEP 7 project.
The displayed parameters are shown alongside the corresponding parameters in STEP 7
V5.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
59
Page 60
Configuration and operation
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
Subscriber administration
Parameter group "MSC client"
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
"MSC Master Properties"
"MSC Station Properties"
tocol
"MSC Station Properties"
tion“ tab
Parameter group "MSC partner block"
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
tion“ tab
tab
ner:
"MSC Station Properties"
4.7 Configuration in STEP 7 Basic
CPU Subscriber Number CPU subscriber number SINAUT configuration tool >
TIM Subscriber Number TIM subscriber number SINAUT configuration tool >
Subscriber administration
In the text file of the configuration data you will find the parameters in the SDB "Subscriber
data".
PortNumber MSC port of the TIM SINAUT configuration tool >
MSC Security Security protocol active SINAUT configuration tool >
Rekeying Interval Rekeying interval [hours] SINAUT configuration tool >
OwnSTA WAN address Properties WAN network
nodes > "Network Connec-
MSC port of the master
Activating the MSCsec pro-
Own WAN address (station
address)
Partner STA WAN address Properties WAN network
nodes > "Network Connec-
Partner Type Connection mode Properties TIM > "Interfaces“
Address Type SINAUT configuration tool >
"MSC Master Properties"
MSC Security
• MSC
• MSC-S
Client ID Customer identification Properties Network > "Net-
User name User name SINAUT configuration tool >
MSC protocol variant:
work Settings"
WAN-address (Station address) of the partner
Interface mode of the part-
Internet Access (MSC master station):
• Name (via DNS)
• IP address
• MSC
• MSCsec
CP 1243-8 IRC
60 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 61
Configuration and operation
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
"MSC Station Properties"
Time synchronization: Adoption of parameters from STEP 7 V5
Adoption of parameters from the STEP 7 V5 project
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
"Time Service“ tab
scheme / Second scheme
"Time Service“ tab
value
“Time Service“ tab
Ethernet interface (X1) > Advanced options > TCP connection monitoring
TCP connection monitoring time
TCP keepalive monitoring time
4.7 Configuration in STEP 7 Basic
Password Password SINAUT configuration tool >
Partner IP address SINAUT configuration tool >
"MSC Master Properties"
The parameter group "Time synchronization" is only displayed after you have imported the
configuration data from the STEP 7-V5 project.
The displayed parameters are shown alongside the corresponding parameters in STEP 7
V5.
Synchronization cycle Synchronization cycle Properties dialog TIM >
• Second intervals
• Minute intervals
• Hourly intervals
• User defined time
• No synchronization
Hours / Minutes / Seconds Hour scheme / Minute
• Second scheme
• Minute scheme
• Hour scheme
• Time of day
• No synchronization
Properties dialog TIM >
"Time Service“ tab
Properties dialog TIM >
IP address of the router
(Internet Access)
Displays the configured
Time Master Synchronization master Properties dialog TIM >
In the text file of the configuration data you will find the parameters in the SDB "WAN data".
The setting applies to all TCP connections of the CP.
Exception: The settings made here do not apply to connections programmed for Open User
Communication with the program blocks.)
If there is no data traffic within the connection monitoring time, the CP sends a keepalive to
the communications partner.
After sending a keepalive, the CP expects a reply from the communications partner within
the keepalive monitoring time. If the CP does not receive a reply within the configured time,
the keepalive frame is repeated twice. After the monitoring time elapses three times without
a reply, the CP terminates and re-establishes the connection.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
61
Page 62
Configuration and operation
4.7.5
"Serial Interface" parameter group
"SMS"
"WAN Parameters": Adoption of parameters from STEP 7 V5
Parameter group "WAN Parameters"
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
tab
tion“ tab
es“ tab)
work Settings"
("Random") cannot be set
work Settings"
work Settings"
work Settings"
with “3”
work Settings"
tion“ tab
LocalCPUCount
Number of local CPUs
4.7 Configuration in STEP 7 Basic
If the CP is intended to use the sending of SMS messages, you need to activate the option.
Here you assign the number for an SMSC (Short Message Service Center).
The following parameters are only displayed after you have imported the configuration data
of the station from the STEP 7 V5 project.
The displayed parameters are shown alongside the corresponding parameters in STEP 7
V5. Depending on the configuration of the CP (protocol, network type, station type) not every
parameter is displayed.
In the text file of the configuration data you will find the parameters in the SDBs "WAN data"
and "Ethernet data".
InterfaceNumber Number of the interface Properties TIM > "Interfaces“
TIMType Node type Properties WAN network
nodes > "Network Connec-
NetworkType Network type HW Config With Ethernet nodes derived
OperationMode Operating mode Properties Network > "Net-
TelegrammFormat Message format Properties Network > "Net-
AcknowledgeArt Acknowledgment Properties Network > "Net-
RepeatingFactor Retry factor Properties Network > "Net-
Duplex Connection type Properties Network > "Net-
TelecontrolProtokoll WAN protocol Properties Network > "Net-
work Settings"
OwnSTA WAN address Properties WAN network
nodes > "Network Connec-
from "Connection mode"
(Properties TIM > "Interfac-
With Ethernet networks
With Ethernet preassigned
Own WAN address (station
address)
MaxTelegrammLength Max. message length Properties Network > "Net-
CP 1243-8 IRC
62 Operating Instructions, 06/2015, C79000-G8976-C385-01
work Settings"
Page 63
Configuration and operation
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
grammCount
messages
nodes > "Basic Param.“ tab
tion“ tab
work Settings"
on
nodes > "Dedicated Line“ tab
nodes > "Dedicated Line“ tab
LandMode
No longer relevant
nodes > "Dialing Param.“ tab
nodes > "Dialing Param.“ tab
work Settings"
tab
scheme"
"Basic Param.“ tab
"AT Initialization“ tab
using MSC
nodes > "Dialing Param.“ tab
4.7 Configuration in STEP 7 Basic
SpontaneousTele-
AlarmDelayTime Max. allowed disruption time Properties Network > "Dedi-
PartnerSTA WAN address Properties WAN network
Baudrate Baud rate [bps] Properties Network > "Net-
Watchdog Depending on the network
RTS_CTS_ConnectionDurati
SendDelayTime Send delay time Properties WAN network
DialMode Dialing mode Properties WAN network
ModemType Dialing format Properties WAN network
Number of spontaneous
type:
• Polling Monitoring time
• Call answer delay
• Monitoring time
RTS/CTS delay time [ms] Properties WAN network
Properties WAN network
cated Line“ tab
nodes > "Network Connec-
Network type:
WAN-address (Station address) of the partner
• Dedicated line
• Dial-up network
• MSC network
OffsetTime Extra transmission time Properties WAN network
nodes > "Basic Param.“ tab
ClientID Customer identification Properties Network > "Net-
TransferCriteria Transmission criteria Properties WAN network
nodes > "Dial-up network.“
Hour_TelegramCount_Minute Display of "Hour" / "Minute" "Transmission criteria“ pa-
rameter
InterruptMode Operating mode Properties Network nodes >
AT initialization Initialization string Properties Network nodes >
MSC initialization AT initialization sting when
PIN Number PIN number Properties WAN network
Only relevant with the setting
"Time of day" or "Time
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
63
Page 64
Configuration and operation
Parameter group "Telephone directory"
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
nodes > "Dialing Param.“ tab
work Settings"
station / node / station)
nodes > "Dialing Param.“ tab
Number
StationNumber
Station address
(max.. 32 characters)
4.7.6
Parameter group “Partner stations”
Import partner configuration
Reset partner configuration
Imported configuration:
4.7 Configuration in STEP 7 Basic
TelephoneNumberType Own tel. number Properties WAN network
Re-Dial Redialing attempts Properties Network > "Net-
work Settings"
DisconnectParameter Cancel parameter Properties Network > "Net-
WAN DriverType WAN driver type (master
SpecialService Special service Properties WAN network
TelefonNumberStatus SINAUT configuration tool >
tab "Telephone Directory"
>Properties - Telephone
TelefonNumber SINAUT configuration tool >
tab "Telephone Directory"
>Properties - Telephone
Number
SMS special services
Enable status of the subscriber (enabled / disabled)
Phone number of the subscriber, components: Initialization command (max.. 28
characters) or "AT", Dial
command (max.. 4 characters.), telephone number
With the "Import partner configuration" button, you import the text data with the STEP 7 V5
configuration data of the proxy from the file system of the engineering station.
You will find a description of the parameters in the following sections.
With the "Reset partner configuration" button, you delete all the configuration data of the CP
that you previously imported from a text file with the "Import partner configuration" button.
With this function you reset the partner configuration data to the status of an unconfigured
module.
This output box shows the name of the text file whose configuration data you last loaded on
this CP.
CP 1243-8 IRC
64 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 65
Configuration and operation
Last import on:
Report partner status (connection to partner)
Adoption of parameters from STEP 7 V5
Parameter group "Subscriber <Subscriber number>"
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
tifier
4.7 Configuration in STEP 7 Basic
With this drop-down list, you can select the text file whose configuration data you want to use
for this CP from the various text files in the file system.
With individual partners, the reporting of the partner status can be enabled.
If the "Report partner status" function is enabled, the CP signals the status of the
communication to the remote partner.
● Bit 0 of "PLC tag for partner status" (data type WORD) is set to 1 if the partner can be
reached.
● Bit 1 is set to 1 if all the paths to the remote partner are OK (useful with redundant paths).
● Bits 2-3 indicate the status of the send buffer (frame memory).
The following values are possible:
– 0: Send buffer OK
– 1: Send buffer threatening to overflow (more than 80 % full).
– 3: Send buffer has overflowed (fill level 100 % reached).
As soon as the fill level drops below 50%, bits 2 and 3 are reset to 0.
Bits 4 to 15 of the PLC tags are not used and do not need to be evaluated in the program.
After importing the configuration data of the station from the STEP 7 V5 project, the partner
configuration data is displayed.
For the individual partner stations, only the two following parameters can be configured:
● Report partner status
● PLC tag for partner status
For the meaning of these parameters, refer to the following table.
The displayed parameters are shown alongside the corresponding parameters in STEP 7
V5.
In the text file of the configuration data you will find the parameters in the SDBs "Subscriber
data" and "Ethernet data".
SubscriberID Automatically assigned iden-
Subscriber Number Subscriber number SINAUT configuration tool >
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
Subscriber administration
65
Page 66
Configuration and operation
Parameter in STEP 7 Basic /
Professional
Parameter in STEP 7 V5
Configuration in STEP 7 V5
Remarks
tifier
the CPU.
port partner status"
ConnectionInformation
tifier
tifier
tifier
tifier
tion“ tab
Partner
partner:
Subscriber administration
4.7.7
Parameter group "Communication with the CPU"
Communication with the CPU > "Data buffer size"
Data buffer size
4.7 Configuration in STEP 7 Basic
SubscriberAdditionalInfo Automatically assigned iden-
SubscriberType Automatically assigned iden-
tifier
Report partner status - - If the option is enabled, the
CP signals the status of the
connection to the remote
communications partner to
PLC tag for partner status - - PLC tag for the option "Re-
DeviceID Automatically assigned iden-
SubnetId Automatically assigned iden-
CFB_Reference Automatically assigned iden-
ConnectionType Automatically assigned iden-
Sta WAN address Properties WAN network
nodes > "Network Connec-
Partner ID Subscriber number of the
SINAUT configuration tool >
WAN-address (Station address) of the partner
●
Here, you set the size of the send buffer for event-driven messages.
A maximum of 16000 messages divided up equally among the communications partners
can be buffered.
You will find details of how the send buffer works (storing and sending events) as well as the
options for transferring data in the section Process image, type of transmission, event
classes (Page 72).
CP 1243-8 IRC
66 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 67
Configuration and operation
4.7.8
Parameter group "SNMP"
SNMP (Simple Network Management Protocol)
Range of performance of the CP as an SNMP agent
MIB II
4.7 Configuration in STEP 7 Basic
SNMP is a protocol for managing networks and nodes in the network. To transmit data,
SNMP uses the connectionless UDP protocol.
The information on the properties of SNMP-compliant devices is entered in MIB files (MIB =
Management Information Base).
The CP supports data queries in the following SNMP versions:
● SNMPv1 (standard)
● SNMPv3 (Security)
It returns the contents of MIB objects of the standard MIB II according to RFC 1213 and the
Siemens Automation MIB.
●
The CP supports the following groups of MIB objects:
– System
– Interfaces
The "Interfaces" MIB object provides status information about the CP interfaces.
– IP (IPv4 and IPv6)
– ICMP
– TCP
– UDP
– SNMP
The other groups of the MIB II standard are not supported:
– Address Translation (AT)
– EGP
– Transmission
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
67
Page 68
Configuration and operation
Siemens Automation MIB
Access permissions using community names
Type of access
Community string *)
Read access
public
*) Note the use of lowercase letters!
4.7.9
Configuring data points and messages
Data point-related communication with the CPU
Requirement: Created PLC tags and/or data blocks (DBs)
4.7 Configuration in STEP 7 Basic
●
The following exceptions / restrictions apply to the CP.
Write access is permitted only for the following MIB objects of the system group:
– sysContact
– sysLocation
– sysName
A set sysName is sent as the host name using DHCP option 12 to the DHCP server to
register with a DNS server.
For all other MIB objects / MIB object groups, only read access is possible for security
reasons.
Traps are not supported by the CP.
TCP uses the following community strings to control the permissions for access to the SNMP
agent:
Table 4- 1 Access rights in the SNMP agent
Read and write access private
No program blocks need to be programmed for the CP to transfer user data between the
station and communications partner. The data areas in the memory of the CPU intended for
communication with the partner are configured data point-related on the CP. Each data point
is linked to a PLC tag or a data block on the CPU.
PLC tags or DBs must first be created in the CPU program to allow configuration of the data
points.
The PLC tags for data point configuration can be created in the standard tag table or in a
user-defined tag table. All PLC tags intended to be used for data point configuration must
have the attribute "Visible in HMI".
Address areas of the PLC tags are input, output or bit memory areas on the CPU.
CP 1243-8 IRC
68 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 69
Configuration and operation
Note
Number of PLC tags
Remember the maximum possible number of PLC tags the can be used for data point
configuration in the section
Access to the memory areas of the CPU
Configuring the data points and messages in STEP 7
4.7 Configuration in STEP 7 Basic
Performance data and configuration limits (Page 18).
The formats and S7 data types of the PLC tags that are compatible with the protocol-specific
data point types of the CP can be found in the section Datapoint types (Page 70).
The values of the PLC tags or DBs referenced by the data points are read and transferred to
the communications partner by the CP.
Data received from the communications partner is written by the CP to the CPU via the PLC
tags or DBs.
You configure the data points in STEP 7 in the editor for the data point and message
configuration. You can find this using the project tree:
Project > directory of the relevant station > Local modules > CP 1200
Figure 4-11 Configuring data points and messages
You will find more information on configuration in the following sections and in the STEP 7
information system.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
69
Page 70
Configuration and operation
4.7.10
Datapoint types
Supported data point types of the CP
Format (memory
requirements)
Data point type
S7 data type
STEP 7 Basic
Address area
Number of data
points per
SINAUT object
Compatible
SINAUT objects
STEP 7 V5
Bit
Digital input (Status Input)
BOOL
I, Q, M, DB
8
Bin08X_S
Byte
Digital input (Binary Input)
BYTE, CHAR
I, Q, M, DB
4
Bin04B_S
Digital output (Binary Output)
BYTE, CHAR
Q, M, DB
4
Bin04B_R
Output)
Integer with sign
(16 bits)
Analog input (Analog Input)
INT
I, Q, M, DB
4
Ana04W_S
Input)
put)
Output)
Setpoint (Setpoint Output) 1)
INT
Q, M, DB
1
Set01W_R
Counter (16 bits)
put)
put)
Floating-point
number (32 bits)
Analog input (Analog Input)
REAL
I, Q, M, DB
4
Ana04R_S
put)
Block of data
(4 .. 48 bytes)
Data (Data Output)
DB
12
Dat12D_R
1)
2)
See below, section "2: Block of data”
4.7 Configuration in STEP 7 Basic
During the configuration of the user data to be transferred by the CP, each data point is
assigned a protocol-specific data point type. The data point types supported by the CP along
with the compatible S7 data types are listed below. They are grouped according to format
(memory requirements).
Table 4- 2 Supported data point types and compatible S7 data types
Digital output (Status Output) BOOL Q, M, DB 8 Bin08X_R
Command output (Command
Mean value (Mean Value
BYTE, CHAR Q, M, DB 1 Cmd01B_R
INT I, Q, M, DB 4 Mean04W_S
Analog output (Analog Out-
Mean value (Mean Value
Counter input (Counter In-
Counter input (Counter In-
Analog output (Analog Out-
Data (Data Input) ARRAY [1...12] of
Parameters (Parameter
Output)
See below, section "1: Mirroring back”
1)
INT Q, M, DB 4 Ana04W_R
INT Q, M, DB 4 Mean04W_R
WORD, UINT I, Q, M, DB 1 Cnt01D_S
WORD, UINT I, Q, M, DB 4 Cnt04D_S
REAL Q, M, DB 4 Ana04R_R
DB 12 Dat12D_S
DINT / UDINT /
DWORD / REAL
2)
ARRAY [1...12] of
DINT / UDINT /
DWORD / REAL
2)
DB 12 Par12D_R
CP 1243-8 IRC
70 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 71
Configuration and operation
1: Mirroring back
2: Block of data
4.7.11
Data point configuration
Note
Status identifiers
The CP 1243
Parameters in the "General“ tab
Data point index
4.7 Configuration in STEP 7 Basic
The mirroring back function using the "Value monitoring" parameter can be configured for
the following data point types:
● Setpoint Output
● Parameter Output
The local values of the data points of this type can be monitored for change and the changes
transferred to the master with the Value monitoring function.
Changing a local value can, for example, be caused by manual operator input on site.
To allow the value resulting from local events or interventions to be transferred to the master
station, a mirroring back channel is generated for the relevant data point with the Value
monitoring function via which the locally changed value is mirrored back.
Remember that to use the mirror back function, you need to interconnect the local values in
the controller with the relevant PLC tag of the data point.
With the ARRAY data type, blocks of data from contiguous memory areas up to a size of
4 .. 48 bytes can be transferred.
Compatible components of ARRAY are DINT, UDINT, DWORD or REAL. The components
within an array must be of the same type.
If the array is modified later, the data point must be recreated.
-8 IRC does not supply any status identifiers.
Below you will find notes on the individual parameters of the data points of the CP 1243-8
IRC.
If the tooltips of STEP 7 refer to sections in the information system that are valid for several
CP types, the particular behavior of the CP 1243-8 is described at this point.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
The data point indexes must be unique in a CP.
Data point indexes assigned more than once in a CP are indicated as errors in the
consistency check and prevent the STEP 7 project being compiled.
71
Page 72
Configuration and operation
Type of tranmsission / Event classes
Priority in the scan cycle
Object number
Object channel
Partner object number
4.7.12
Process image, type of transmission, event classes
The image memory (process image of the CP)
4.7 Configuration in STEP 7 Basic
For the CP the following transmission types are available:
● Transfer after call
The current value of the data point is entered in the image memory of the CP.
● Every value triggered
Each value change is entered in the send buffer in chronological order.
● Current value triggered
Only the current value is entered in the send buffer.
See section Process image, type of transmission, event classes (Page 72) for information on
this.
Prioritizes the reading or writing of the data point value in the scan cycle of the CPU. The
option "High priority" means that the data point is read in each scan cycle. The option "Low
priority" means that the data point is not necessarily read in each scan cycle.
See section CPU scan cycle (Page 74) for information on this.
The object number must be unique and the maximum permitted number of data points per
SINAUT object must not be exceeded. Refer to the column “Number of data points per
SINAUT object” in the section Datapoint types (Page 70).
The object channel is the channel of the corresponding SINAUT object.
Per object number, you need to specify a unique object number of the communications
partner.
This must result in unique pairs of "Object number" and "Partner object number".
The image memory is the process image of the CP. All the current values of the configured
data points are stored in the image memory. New values of a data point overwrite the last
stored value in the image memory.
The values are sent only after querying by the communications partner (see below “Transfer
after call“) or along with a message from the send buffer that needs to be transferred
immediately.
CP 1243-8 IRC
72 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 73
Configuration and operation
The send buffer (frame memory)
The forced image mode
Type of tranmsission (Event classes)
Transfer after call
Every value triggered
4.7 Configuration in STEP 7 Basic
The send buffer of the CP is the memory for the individual values of data points that are
configured as an event. The maximum size of the send butter can be found in the section
Performance data and configuration limits (Page 18).
The configured number of events is divided equally among all configured and enabled
communications partners. For information on the configuration, refer to the parameter
"Frame memory size" in the section Parameter group "Communication with the CPU"
(Page 66).
If the connection to a communications partner is interrupted, the individual values of the
events are stored in the RAM of the CP. When the connection returns, the buffered values
are sent. The frame memory operates chronologically; in other words, the oldest frames are
sent first (FIFO principle).
If a frame was transferred to the communications partner, the transferred values are deleted
from the send buffer.
If frames cannot be transferred for a longer period of time and the send buffer is threatening
to overflow, the response is as follows:
If the send buffer reaches a fill level of 80%, the CP changes to the forced image mode. New
values of events are no longer added to the send buffer but rather they overwrite older
existing values in the image memory.
When the connection to the communications partner returns, the CP changes back to the
send buffer mode if the fill level of the send buffer has fallen below 50%.
Data points are configured using the "Type of transmission“ parameter in the table or in the
"General" tab of the data point configuration as a static value or as an event.
The values of data points configured as an event are entered in the image memory and also
in the send buffer of the CP. They are transferred to the communications partner when the
configured trigger conditions are met ("Trigger“) tab.
The following types of transmission are available:
●
The current value of the data point is only entered in the image memory of the CP. New
values of a data point overwrite the last stored value in the image memory.
The current value at the time is transferred only after being called by the communications
partner.
●
The data point is configured as an event.
Each value change is entered in the send buffer in chronological order.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
73
Page 74
Configuration and operation
Current value triggered
4.7.13
CPU scan cycle
Priority in the scan cycle
Structure of the CPU scan cycle
High-priority read jobs
Low priority read jobs
Write jobs
4.7 Configuration in STEP 7 Basic
●
The data point is configured as an event.
Only the last current value is entered in the send buffer. It overwrites the value stored
there previously.
The cyclic updating of the values of input data points of the CP by reading the current values
of the assigned PLC tags on the CPU can be prioritized.
Less important input data points do not need to be read in every CPU scan cycle. Important
input data points, on the other hand, can be prioritized for updating in every CPU scan cycle.
You can prioritize the data points in STEP 7 in the data point configuration in the "General"
tab with the "Priority in the scan cycle" parameter. There you will find the two following
options for input data points:
● High priority
● Low priority
The data points are read according to the method described below.
The cycle (including the pause) with which the CP scans the memory area of the CPU is
made up of the following phases:
●
The values of input data points with the scan priority "High-priority" are read in every scan
cycle.
●
Some of the values of input data points with the scan priority "Low-priority" are read in
every scan cycle.
The number of values read per cycle is specified for the CP in the "Communication with
the CPU" parameter group with the "Max. number of read jobs" parameter. The values
that exceed this value and can therefore not be read in one cycle are then read in the
next or one of the following cycles.
●
In every cycle, the values of a certain number of unsolicited write jobs are written to the
CPU. The number of values written per cycle is specified for the CP in the
"Communication with the CPU" parameter group with the "Max. number of write jobs"
parameter. The values whose number exceeds this value are then written in the next or
one of the following cycles.
CP 1243-8 IRC
74 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 75
Configuration and operation
Cycle pause time
Duration of the CPU scan cycle
4.7.14
"Trigger“ tab
Trigger
Saving the value of a data point configured as an event
Threshold value trigger
Time trigger
Event trigger (Trigger tag)
Resetting the trigger tag in the bit memory area / DB:
Transferring the value of a data point configured as an event
4.7 Configuration in STEP 7 Basic
●
This is the waiting time between two scan cycles. It is used to reserve adequate time for
other processes that access the CPU via the backplane bus of the station.
Since no fixed time can be configured for the cycle and since the individual phases cannot
be assigned a fixed number of objects, the duration of the scan cycle is variable and can
change dynamically.
Data points are configured as a static value or as an event using the "Type of transmission"
parameter:
Saving the value of a data point configured as an event in the send buffer (message
memory) can be triggered by various trigger types:
●
The value of the data point is saved when this reaches a certain threshold. The threshold
is calculated as the difference compared with the last stored value, refer to the section
Threshold value trigger (Page 76).
●
The value of the data point is saved at configurable intervals or at a specific time of day.
●
The value of the data point is saved when a configurable trigger signal is fired. For the
trigger signal, the edge change (0 → 1) of a trigger tag is evaluated that is set by the user
program. When necessary, a separate trigger tag can be configured for each data point.
If the memory area of a trigger tag is in the bit memory or in a data block, the value “1” of
the trigger tag is reset to zero when the data point value is transferred.
You specify whether the value of a data point is transferred to the communications partner
immediately after the trigger fires or after a delay in the "Transmission mode" parameter.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
75
Page 76
Configuration and operation
Transmission mode
4.7.15
Threshold value trigger
Note
Threshold value trigger: Calculation only after "Analog value preprocessing"
Note that the analog value preprocessing is performed before the check for a configured
threshold value and before calculating the threshold value.
This affects the value that is configured for the threshold value
Note
No Threshold value trigger if Mean value generation is configured
If mean value generation is configured, no threshold value trigger can be configured for the
analog value event involved.
Threshold value trigger
Function
Absolute method
Integrative method
4.7 Configuration in STEP 7 Basic
The transmission mode of a frame is set in the "Trigger" tab of the data point. With the
option, you specify whether messages of events are sent immediately or following a delay:
● Immediate transfer - Spontaneous
The value is transferred immediately.
● Buffered transfer - Conditionally spontaneous
The value is transferred only when one of the following conditions is fulfilled:
– The communications partner queries the station.
– The value of another event with the transmission mode “Spontaneous" is transferred.
For the time sequence of the analog value preprocessing refer to the section Analog value
preprocessing (Page 78).
If the process value deviates by the amount of the threshold value, the process value is
saved.
trigger.
Two methods are used to calculate the threshold value deviation:
●
With binary and counter values as well as with analog values with configured mean value
generation, the absolute method is used to calculate the threshold value deviation.
●
With analog values without configured mean value generation, the integrating method is
used to calculate the threshold value deviation.
In the integration threshold value calculation, it is not the absolute value of the deviation
of the process value from the last stored value that is evaluated but rather the integrated
deviation.
CP 1243-8 IRC
76 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 77
Configuration and operation
Absolute method
Integrative method
Time [s]
(calculation cycle)
Process value
stored in the
send buffer
Current process
value
Absolute deviation
from the stored
value
Integrated devia-
tion
0
20.0
20.0 0 0
1.0 19.8
-0.2
0.1
2.0 20.5
+0.5
0.8
2.5 20.3
+0.3
1.1
3.0 20.4
+0.4
1.5
3.5
20.5
20.5
+0.5
2.0
4.0 20.4
-0.1
-0.1
4.5 20.1
-0.4
-0.5
5.0 19.9
-0.6
-1.1
5.5 20.1
-0.4
-1.5
6.0
19.9
19.9
-0.6
-2.1
4.7 Configuration in STEP 7 Basic
For each binary value a check is made to determine whether the current (possibly smoothed)
value is outside the threshold value band. The current threshold value band results from the
last saved value and the amount of the configured threshold value:
● Upper limit of the threshold value band: Last saved value + threshold value
● Lower limit of the threshold value band: Last saved value - threshold value
As soon as the process value reaches the upper or lower limit of the threshold value band,
the value is saved. The newly saved value serves as the basis for calculating the new
threshold value band.
The integration threshold value calculation works with a cyclic comparison of the integrated
current value with the last stored value. The calculation cycle in which the two values are
compared is 500 milliseconds.
(Note: The calculation cycle must not be confused with the scan cycle of the CPU memory
areas).
The deviations of the current process value are totaled in each calculation cycle. The trigger
is set only when the totaled value reaches the configured value of the threshold value trigger
and a new process value is entered in the send buffer.
The method is explained based on the following example in which a threshold value of 2.0 is
configured.
Table 4- 3 Example of the integration calculation of a threshold value configured with 2.0
0.5 20.3 +0.3 0.3
1.5 20.2 +0.2 0.3
In this example, a value of 2.0 was configured for the threshold value trigger.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
With the changes in the process value shown in the example, the threshold value trigger
fires twice:
● At the time 3.5 s: The value of the integrated deviation is at 2.0. The new process value
stored in the send buffer is 20.5.
77
Page 78
Configuration and operation
4.7.16
Analog value preprocessing
Requirements and restrictions
Note
Restrictions due to configured triggers
The analog value preprocessing options "Fault suppression time", "Limit value calculation"
and "smoothing" are not performed if no threshold value trigger is configured for the relevant
data point.. In these cases, the read
memory of the CP before the preprocessing cycle of the threshold value calculation (500 ms)
elapses.
4.7 Configuration in STEP 7 Basic
● At the time 6.0 s: The value of the integrated deviation is at 2.1. The new process value
stored in the send buffer is 19.9.
In this example, if a deviation of the process value of approximately 0.5 should fire the
trigger, then with the behavior of the process value shown here a threshold value of
approximately 1.5 ... 2.5 would need to be configured.
CPs with data point configuration support analog value preprocessing. For analog value data
points, some or all of the functions described below can be configured.
You will find the requirements for the configuration of the preprocessing options and
restrictions in the section relating to the particular function.
process value of the data point is entered in the image
The analog value preprocessing options "Fault suppression time", "Limit value check" and
"smoothing" are not performed if no threshold value trigger is configured for the relevant data
point.. In these cases, the read process value of the data point is entered in the image
memory of the CP before the preprocessing cycle of the threshold value calculation (500 ms)
elapses.
CP 1243-8 IRC
78 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 79
Configuration and operation
Sequence of the analog value preprocessing options
4.7 Configuration in STEP 7 Basic
The values of analog inputs configured as an event are processed on the CPU according to
the following scheme:
Figure 4-12 Sequence of the analog value preprocessing
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
79
Page 80
Configuration and operation
Mean value generation
Note
Restricted preprocessing options if mean value generation is configured
If you configure mean value generation fo
preprocessing options are not available:
•
•
•
Function
Input modules: Overflow range / underflow range
4.7 Configuration in STEP 7 Basic
The 500 millisecond cycle is started by the integrative threshold value calculation. In this
cycle, the values are saved even when the following preprocessing options are enabled:
● Unipolar transfer
● Fault suppression time
● Limit value calculation
● Smoothing
r an analog value event, the following
Unipolar transfer
Fault suppression time
Smoothing
With this parameter, acquired analog values are transferred as mean values.
If mean value generation is active, it makes sense to configure a time trigger..
The current values of an analog data point are read in a 100 millisecond cycle and totaled.
The number of read values per time unit depends on the read cycle of the CPU and the CPU
scan cycle of the CP.
The mean value is calculated from the accumulated values as soon as the transfer is
triggered by a trigger. Following this, the accumulation starts again so that the next mean
value can be calculated.
The mean value can also be calculated if the transmission of the analog value message is
triggered by a request from the communications partner. The duration of the mean value
calculation period is then the time from the last transmission (for example triggered by the
trigger) to the time of the request. Once again, the accumulation restarts so that the next
mean value can be calculated.
As soon as a value is acquired in the overflow or underflow range, mean value generation is
stopped. The value 32767 / 7FFF
or -32768 / 8000h is saved as an invalid mean value for
h
the current mean value calculation period and sent with the next message.
CP 1243-8 IRC
80 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 81
Configuration and operation
Note
Fault suppression time > 0 configured
If you have configured an error suppression time and then enable mean value generation,
the value of the error suppres
generation is enabled, the error suppression time is set to 0 (zero) internally.
Unipolar transfer
Restrictions
Function
Fault suppression time
Requirements for the function
Restrictions
Function
4.7 Configuration in STEP 7 Basic
The calculation of a new mean value is then started. If the analog value remains in the
overflow or underflow range, one of the two values named is again saved as an invalid mean
value and sent when the next message is triggered.
sion time is grayed out but no longer used. If mean value
Unipolar transfer cannot be configured at the same time as mean value generation. Enabling
unipolar transfer has no effect when mean value generation is activated.
With unipolar transfer, negative values are corrected to zero. This can be desirable if values
from the underrange should not be transferred as real measured values.
Exception: With process data from input modules, the value -32768 / 8000
a live zero input is transferred.
With a software input, on the other hand, all values lower than zero are corrected to zero.
Configuration of the threshold trigger for this data point
The fault suppression time cannot be configured at the same time as mean value generation.
A configured value has no effect when mean value generation is activated.
A typical use case for this parameter is the suppression of peak current values when starting
up powerful motors that would otherwise be signaled to the control center as a disruption.
The transmission of an analog value in the overflow (7FFF
suppressed for the specified time. The value 7FFF
suppression time has elapsed, if it is still pending.
for wire break of
h
) or underflow range (8000h) is
h
or 8000H is only sent after the fault
H
If the value returns to the measuring range before the fault suppression time elapses, the
current value is transferred.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
81
Page 82
Configuration and operation
Input modules
Recommendation for finished values that were preprocessed by the CPU:
Smoothing factor
Requirements for the function
Restrictions
Function
4.7 Configuration in STEP 7 Basic
The suppression is adjusted to analog values that are acquired directly by the S7 analog
input modules as raw values. These modules return the specified values for the overflow or
underflow range for all input ranges (also for live zero inputs).
An analog value in the overflow range (32767 / 7FFF
) or underflow range (-32768 / 8000h)
h
is not transferred for the duration of the fault suppression time. This also applies to live zero
inputs. The value in the overflow/underflow range is only sent after the fault suppression time
has elapsed, if it is still pending.
If the CPU makes preprocessed finished values available in bit memory or in a data block,
suppression is only possible or useful if these finished values also adopt the values listed
above 32767 / 7FFF
or -32768 / 8000h in the overflow or underflow range. If this is not the
h
case, the parameter should not be configured for preprocessed values.
For finished values preprocess in the CPU, the limits for the overflow and underflow can be
freely assigned.
Configuration of the threshold trigger for this data point
The smoothing factor cannot be configured at the same time as mean value generation. A
configured value has no effect when mean value generation is activated.
Analog values that fluctuate quickly can be evened out using the smoothing function.
The smoothing factors are calculated according to the following formula as with S7 analog
input modules.
where
= smoothed value in the current cycle
y
n
= value acquired in the current cycle n
x
n
k = smoothing factor
The following values can be configured for the module as the smoothing factor.
● 1 = No smoothing
● 4 = Weak smoothing
● 32 = Medium smoothing
● 64 = Strong smoothing
CP 1243-8 IRC
82 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 83
Configuration and operation
Set limit value 'low' / Set limit value 'high'
Requirements for the function
Function
Configuration of the limit value
Range
Raw value (16 bits) of the PLC tag
Module output [mA]
Measuring
range [%]
Decimal
Hexadecimal
0 .. 20
(unipolar)
-20 .. +20
(bipolar)
4 .. 20
(life zero)
Overflow
32767
7FFF
> 23.515
> 23.515
> 22.810
> 117.593
27649
6C01
20.001
20.001
20.001
100.004
0
0000
0
4
0
-27648
9400
-20
-100
-4864
ED00
-3.518
1.185
-17.59
-32512
8100
-23.516
-117.593
Undershoot / wire break
-32768
8000
< -3.518
< 1.185
< -17.593
4.7 Configuration in STEP 7 Basic
● Configuration of the threshold trigger for this data point
● PLC tag in the bit memory operand area or data area
The analog value data point must be linked to a PLC tag in the bit memory or data area
(data block). For PLC tags of hardware modules (input operand area) limit value
configuration is not possible.
The configuration of limit values is pointless for measured values that have already been
preprocessed on the CPU.
In these two input boxes, you can set a limit value in the direction of the start of the
measuring range or in the direction of the end of the measuring range. You can also
evaluate the limit values, for example as the start or end of the measuring range.
The limit value is configured as a whole decimal number. The range of values is based on
the range of values of the raw value of analog input modules.
Overrange 32511
...
Nominal range
(unipolar / life zero)
Nominal range (bipolar) 27648
Underrange
(unipolar / life zero)
27648
...
...
0
...
-1
...
7EFF
...
6C00
...
6C00
...
0000
....
FFFF
...
23.515
...
20
...
20
-0.001
...
23.515
...
20
...
0
...
3.999
22.810
...
...
100
...
117.593
...
100
...
...
0
...
-0.004
...
Underrange (bipolar) -27649
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
...
93FF
...
-20.001
...
-100.004
...
83
Page 84
Configuration and operation
Note
Evaluation of the value even when the option is disabled
If you enable one or both
grayed out value is nevertheless evaluated.
To disable the two options, delete the previously configured values limit values from the input
boxes and then disable the relevant option.
Recommendation for quickly fluctuating analog values:
4.7.17
Messages
Configuring SMS messages
Configuring e-mails
4.7 Configuration in STEP 7 Basic
options and configure a value and then disable the option later, the
If the analog value fluctuates quickly, it may be useful to smooth the analog value first if limit
values are configured.
If important events occur, the CP can send SMS messages to a mobile phone.
You configure the SMS message in STEP 7 in the data point and message configuration.
You can find this using the project tree:
Project > directory of the relevant station > Local modules > CP
For the view in STEP 7, refer to the section Configuring data points and messages
(Page 68).
You will find the character set supported for the text of the SMS message in the section
Character set SMS (Page 88).
For the configuration of the SMSC, refer to the section "Serial Interface" parameter group
(Page 62).
If important events occur, the CP can send e-mails. The recipient can be a PC with an
Internet connection or an S7-1200.
You configure the e-mails in STEP 7 in the data point and message configuration. You can
find this using the project tree:
Project > directory of the relevant station > Local modules > CP
For the view in STEP 7, refer to the section Configuring data points and messages
(Page 68).
CP 1243-8 IRC
84 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 85
Configuration and operation
Triggering sending of messages
Requirements and necessary information
Text of the message optionally with the value of a PLC tag
Enable status identifier / External status
4.7 Configuration in STEP 7 Basic
One of the following events triggers sending of the message:
● CPU changes to STOP.
● CPU changes to RUN.
● The connection to the partner is interrupted.
● The connection to the partner is re-established.
● A trigger signal is fired.
For the trigger signal to send the message, the edge change (0 → 1) of a trigger bit is
evaluated that is set by the user program. When necessary, a separate trigger bit can be
configured for each message.
If the memory area of the trigger bit is in the bit memory or in a data block, the trigger bit
is reset to zero when the message is sent.
Remember the following requirements in the CP configuration for the transfer of SMS
messages and e-mails:
● Enabling telecontrol communication ("Communication types") parameter group
● Activating security functions
Only for SMS:
● Either an ST7 connection is configured via the serial interface of the CP or a message in
the data point and message editor of STEP 7 Basic.
● A GSM module is connected to the RS-232 interface.
Only for e-mails.
● Configuring the "E-mail configuration" parameter group
To do this, you require the following information:
– Access data of the SMTP server: Address, port number, user name, password
– Email address of the recipient
– When using STARTTLS or SSL/TLS: Certificate of the e-mail service provider
In the text of every message, you can not only transfer the configured text but also the value
of a PLC tag. To do this enter "$$" as a placeholder for the value to be sent in the message
text. For the configuration, refer to the next section "Include value".
If this option is enabled in STEP 7, a status is output on the CP that provides information
about the processing status of the sent message. The status is written to a PLC tag of the
type DWORD that is specified in the "External status" box.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
85
Page 86
Configuration and operation
Status
Meaning
0000
Transfer completed free of errors
Status
Meaning
0000
Transfer completed free of errors
SMTP protocol.
cannot be set up at the same time.
8403
No TCP/IP connection could be established to the SMTP server.
8405
The SMTP server has denied the login request.
SMTP client.
8407
Request to use SSL was denied.
8408
The client could not obtain a socket for creating a TCP/IP connection to the mail server.
reset the connection or the connection aborted.
terminated the connection or the connection was aborted.
8411
Sending the e-mail failed. Cause: There was not enough memory space for sending.
8412
The configured DNS server could not resolve specified domain name.
8414
An empty character string was specified as the domain name.
8415
An internal error occurred in the cURL module. Execution was aborted.
8416
An internal error occurred in the SMTP module. Execution was aborted.
aborted.
8418
Sending the e-mail was aborted. Possible cause: Execution time exceeded.
8419
The channel was interrupted and cannot be used before the connection is terminated.
8420
Certificate chain from the server could not be verified with the root certificate of the CP.
8421
Internal error occurred. Execution was stopped.
8450
Action not executed: Mailbox not available / unreachable. Try again later.
4.7 Configuration in STEP 7 Basic
The meaning of the statuses is as follows:
Table 4- 4 SMS: Meaning of the status ID output in hexadecimal format
8001 Error in the transfer, possible causes:
• SIM card invalid
• No network
• Wrong destination phone number (recipient not reachable)
Table 4- 5 E-mails: Meaning of the status ID output in hexadecimal format
82xx Other error message from the e-mail server
Apart from the leading "8", the status corresponds to the three-digit error number of the
8401 No channel available
Possible cause: There is already an e-mail connection via the CP. A second connection
8406 An internal SSL error or a problem with the structure of the certificate was detected by the
8409 It is not possible to write via the connection. Possible cause: The communications partner
8410 It is not possible to read via the connection. Possible cause: The communications partner
8413 Due to an internal error in the DNS subsystem, the domain name could not be resolved.
8417 Requests to SMTP on a channel already being used or invalid channel ID. Execution was
CP 1243-8 IRC
86 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 87
Configuration and operation
Status
Meaning
SMTP protocol.
Try sending e-mails without authentication (no user name).
the CP configuration.
8554
Transfer failed
SMTP protocol.
Include value
4.7 Configuration in STEP 7 Basic
84xx Other error message from the e-mail server
Apart from the leading "8", the status corresponds to the three-digit error number of the
8500 Syntax error: Command unknown.
This also includes the error of having a command chain that is too long. The cause may be
that the e-mail server does not support the LOGIN authentication method.
8501 Syntax error. Check the following configuration data:
Message configuration > Message parameters:
• Recipient address ("To" or "Cc").
8502 Syntax error. Check the following configuration data:
Message configuration > Message parameters:
• Email address (sender)
8535 SMTP authentication incomplete. Check the "User name" and "Password" parameters in
8550 SMTP server cannot be reached. You have no access rights. Check the following configu-
ration data:
• CP configuration > E-mail configuration:
– User name
– Password
– Email address (sender)
• Message configuration > Message parameters:
– Recipient address ("To" or "Cc").
85xx Other error message from the e-mail server
Apart from the leading "8", the status corresponds to the three-digit error number of the
If you enable the option "Include value", the CP sends a value for the placeholder $$ from
the memory area of the CPU in the message. To do this, you configure a PLC tag whose
value is integrated in the message.
The value is entered in the message text instead of the placeholder $$.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
87
Page 88
Configuration and operation
4.7.18
Character set SMS
Character set for the SMS text
4.7.19
E-mail configuration
Configuring e-mails in STEP 7
E-mail configuration
4.7 Configuration in STEP 7 Basic
The CP supports the following ASCII character set (hexadecimal value and character name)
for SMS message texts:
● 0x0A
LF (line feed)
● 0x0D
CR (carriage return)
● 0x20
Space
● 0x21 ... 0x5A
! " # $ % & ' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G H I J K L M N O P
Q R S T U V W X Y Z
● 0x5F
£
● 0x61 ... 0x7A
a b c d e f g h i j k l m n o p q r s t u v w x y z
In the "E-mail configuration" entry, you configure the protocol to be used and the data for
access to the e-mail server in STEP 7.
In the message editor ("Messages" entry in STEP 7), you configure the individual e-mails,
see section Messages (Page 84).
With the default setting of the SMTP port 25, the CP transfers unencrypted e-mails.
CP 1243-8 IRC
88 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 89
Configuration and operation
Importing the certificate with encrypted transfer
4.8
Security functions
4.8 Security functions
If your e-mail service provider only supports encrypted transfer, use one of the following
options:
● Port no. 587
By using STARTTLS, the CP sends encrypted e-mails to the SMTP server of your e-mail
service provider.
Recommendation: If your e-mail provider offers both options (STARTTLS / SSL/TLS), you
should use STARTTLS with port 587.
● Port no. 465
By using SSL/TLS (SMTPS), the CP sends encrypted e-mails to the SMTP server of your
e-mail service provider.
Ask your e.mail service provider which option is supported.
To be able to use encrypted transfer, you need to load the certificate of your e-mail account
in the certificate manager of STEP 7. You obtain the certificate from your e-mail service
provider.
To import the certificate, follow these steps:
1. Save the certificate from your e-mail service provider in the file system of the engineering
station.
2. In STEP 7, select the entry "Global security settings > Certificate manager" in the "Project
tree".
3. Change to the "Trusted certificates and root certification authorities" tab.
4. Select any row in the table "Trusted certificates and root certification authorities".
5. Select the "Import" entry in the shortcut menu.
6. In the dialog that follows, select the required certificate.
Note the range and application of the security functions of the CP in the section Other
services and properties (Page 15).
For the configuration limits, see section Performance data and configuration limits (Page 18).
The security functions are configured in STEP 7 Basic.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
89
Page 90
Configuration and operation
4.8.1
VPN
4.8.1.1
VPN (Virtual Private Network)
VPN tunnel
Properties
Areas of application
4.8 Security functions
Virtual Private Network (VPN) is a technology for secure transportation of confidential data in
public IP networks, for example the Internet. With VPN, a secure connection (tunnel) is set
up and operated between two secure IT systems or networks via a non-secure network.
One of the main features of the VPN tunnel is that it forwards all frames even from protocols
of higher layers (HTTP, FTP telecontrol protocols of the application layer etc.).
The data traffic between two network components is handled unrestricted through a physical
network. This allows networks to be connected together via an intermediate network.
VPN ensures information security in networked automation systems
● VPN forms a logical network that is embedded in a physical network. VPN uses the usual
addressing mechanisms of the physical network, however it transports only the frames of
the VPN subscribers and therefore operates independent of the rest of the physical
network.
● VPN allows communication of the subscribers in the VPN network with the physical
network.
● VPN is based on tunnel technology and can be configured for individual subscribers.
● Communication between the VPN partners is protected from eavesdropping or
● Local area networks can be connected together securely via the Internet ("site-to-site"
● Secure access to a company network ("end-to-site" connection)
● Secure access to a server ("end-to-end" connection)
● Communication between two servers without being accessible to third parties (end-to-end
● Protection of computers and their communication within and automation network
● Secure remote access from a PC/PG to automation devices or networks protected by
manipulation by using passwords, public keys or a digital certificate (authentication).
connection).
or host-to-host connection)
security modules via public networks.
CP 1243-8 IRC
90 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 91
Configuration and operation
4.8.1.2
Addressing the CP when using VPN
IP addresses and VPN ports
4.8.1.3
Creating a VPN tunnel for S7 communication between stations
Requirements
Note
Communication also possible via an IP router
Communication between the two stations is also possible via an IP router. To use this
communications path, however, you need to make further settings.
Procedure
4.8 Security functions
In normal mobile wireless networks it is not possible to reach a dynamic IP address assigned
to the CP by the mobile wireless network provider from the Internet. For this reason, for
incoming connections make sure that the CP is assigned a fixed public IP address by the
mobile wireless network provider.
You must also make sure that apart from this IP address, the ports required for VPN are
reachable from the Internet.
To allow a VPN tunnel to be created for S7 communication between two S7 stations or
between an S7 station and an engineering station or an ST7cc/sc PC with a security CP (for
example CP 1628), the following requirements must be met:
● The two stations have been configured.
● The CPs in both stations must support the security functions.
● The Ethernet interfaces of the two stations are located in the same subnet.
● All receiving stations require a fixed IP address to be reachable via the public networks.
To create a VPN tunnel, you need to work through the following steps:
1. Creating a security user
If the security user has already been created: Log on as a user.
2. Select the "Activate security features" check box
3. Creating the VPN group and assigning security modules
4. Configure the properties of the VPN group
5. Configure local VPN properties of the two CPs
You will find a detailed description of the individual steps in the following paragraphs of this
section.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
91
Page 92
Configuration and operation
Creating a security user
Select the "Activate security features" check box
Creating the VPN group and assigning security modules
Note
Current date and current time on the CP for VPN connections
Normally, to establish a VPN connection and the associated recognition of the certificates to
be exchanged, the current date and the current time are required on both stations.
The establishment of a VPN c
follows along with the time of day synchronization of the CP:
On the engineering station or the ST7cc/sc PC, you want the CP to establish a VPN
connection. The VPN connection is established even
time. Otherwise the certificates used are evaluated as valid and the secure communication
will work.
Following connection establishment, the CP synchronizes its time of day with the PC
because the ST7cc/sc PC is the
4.8 Security functions
To create a VPN tunnel, you require appropriate configuration rights. To activate the security
functions, you need to create at least one security user.
1. In the local security settings of the CP, click the "User login" button.
Result: A new window opens.
2. Enter the user name, password and confirmation of the password.
3. Click the "Logon" button.
You have created a new security user.
With all further logons, log on as user.
After logging on, you need to select the "Activate security features" check box in the local
security settings of both CPs.
You now have the security functions available for both CPs.
1. In the global security settings, select the entry "VPN groups" > "Add new VPN group".
2. Double-click on the entry "Add new VPN group", to create a VPN group.
Result: A new VPN group is displayed below the selected entry.
3. In the global security settings, double-click on the entry "VPN groups" > "Assign module
to a VPN group".
4. Assign the security modules between which VPN tunnels will be established to the VPN
group.
onnection to an engineering station or an ST7cc/sc PC runs as
if the CP does not yet have the current
time master if telecontrol communication is enabled.
CP 1243-8 IRC
92 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 93
Configuration and operation
Configure the properties of the VPN group
Note
Specifying the VPN properties of the CPs
You specify the VPN properties of the CPs in the "Security" > "Firewall" > "VPN" parameter
group of the relevant module.
Result
4.8.1.4
VPN communication with SOFTNET Security Client (PC / engineering station)
VPN tunnel communication works only if the internal node is disabled
4.8 Security functions
1. Double-click on the newly created VPN group.
Result: The properties of the VPN group are displayed in the “Properties” > “General” tab
of the Inspector window under "Authentication".
2. You configure the pre-shared key or the certificate under the properties of the VPN group.
These properties define the default settings of the VPN group that you can change at any
time.
You have created a VPN tunnel. The firewalls of the CPs are activated automatically:
The "Activate firewall" check box is selected automatically when you assign the security
module to a VPN group. You cannot deselect the check box.
Download the configuration to all modules that belong to the VPN group.
Setting up VPN tunnel communication between the SOFTNET Security Client and CP has
essentially same requirements and procedure as described in the section Creating a VPN
tunnel for S7 communication between stations (Page 91).
Under certain circumstances the establishment of VPN tunnel communication between
SOFTNET Security Client and the CP fails.
In addition to the CP, SOFTNET Security Client also attempts to establish VPN tunnel
communication to a lower-level internal subscriber. This communication establishment to a
non-existing node prevents the required communication being established to the CP.
To establish successful VPN tunnel communication to the CP, you need to disable the
internal subscriber of the CP as follows.
Follow the steps below in the SOFTNET Security Client tunnel overview:
1. Deactivate the option “Learn internal nodes" under "settings" > "SOFTNET Security
client-settings".
The lower-level node initially disappears from the tunnel list.
2. In the tunnel overview , select the required connection to the CP.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
93
Page 94
Configuration and operation
4.8.1.5
CP as passive subscriber of VPN connections
Setting permission for VPN connection establishment with passive subscribers
4.8.2
Firewall
4.8.2.1
Pre-check of messages by the MAC firewall.
4.8.2.2
Firewall settings for S7 connections via a VPN tunnel
IP rules in advanced firewall mode
4.8 Security functions
3. With the right mouse button, select “Activate connection to the internal subscribers" in the
shortcut menu.
The lower level node appears temporarily in the tunnel overview.
4. Select the lower-level node in the tunnel overview.
5. Select "Delete Entry" in the shortcut menu.
Result: The lower-level node is now fully disabled. VPN tunnel communication to the CP can
be established.
If the CP is connected to another VPN subscriber via a gateway, you need to set the
permission for VPN connection establishment to "Responder".
This is the case in the following typical configuration:
VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP
address) ⇔ CP (passive)
Configure the permission for VPN connection establishment for the CP as a passive
subscriber as follows:
1. In STEP 7, go to the devices and network view.
2. Select the CP.
3. Open the parameter group "VPN“ in the local security settings.
4. For each VPN connection with the CP as a passive VPN subscriber, change the default
setting "Initiator/Responder" to the setting "Responder".
Each incoming or outgoing frame initially runs through the MAC firewall (layer 2). If the frame
is discarded at this level, it will not be checked by the IP firewall (layer 3). This means that
with suitable MAC firewall rules, IP communication can be restricted or blocked.
If you set up S7 connections with a VPN tunnel between the CP and a communications
partner, you will need to adapt the local firewall settings of the CP:
CP 1243-8 IRC
94 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 95
Configuration and operation
4.8.2.3
Online diagnostics and downloading to station with the firewall activated
Setting the firewall - steps involved
4.8.2.4
Notation for the source IP address (advanced firewall mode)
4.8 Security functions
Select the "Allow*" action for S7 connections in advanced firewall mode ("Security > Firewall
> IP rules") for both communications directions of the VPN tunnel.
With the security function enabled, follow the steps outlined below:
1. In the global security settings (see project tree), select the entry "Firewall > Services >
Define services for IP rules".
2. Select the "ICMP" tab.
3. Insert a new entry of the type "Echo Reply" and another of the type "Echo Request".
4. Now select the CP in the S7-1200 station.
5. Enable the advanced firewall mode in the local security settings of the CP in the "Security
> Firewall" parameter group.
6. Open the "IP rules" parameter group.
7. In the table, insert a new IP rule for the previously created global services as follows:
– Action: Allow; "From external -> To station " with the globally created "Echo request"
service
– Action: Allow; "From station -> to external" with the globally created "Echo reply"
service
8. For the IP rule for the Echo Request, enter the IP address of the PG/PC in "Source IP
address". This ensures that only PING packets from your PG/PC can pass through the
firewall.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
If you specify an address range for the source IP address in the advanced firewall settings of
the CP, make sure that the notation is correct:
● Separate the two IP addresses only using a hyphen.
Correct: 192.168.10.0-192.168.10.255
● Do not enter any other characters between the two IP addresses.
Incorrect: 192.168.10.0 - 192.168.10.255
If you enter the range incorrectly, the firewall rule will not be used.
95
Page 96
Configuration and operation
4.9
Access to the Web server
Access to the Web server of the CPU
4.10
Time stamp
Time stamp
Name of the double word
Byte no.
Content
High nibble
Low nibble
0
Year * 10
Year * 1
1
Month * 10
Month * 1
3
Hour * 10
Hour * 1
0
Minute * 10
Minute * 1
1
Second * 10
Second * 1
2
Millisecond * 100
Millisecond * 10
3
Millisecond * 1
Time status
Bit No.
Value
Meaning
0
Time is invalid
1
Time is valid
0
Standard time
1
Daylight saving time
2
Not used
3
Not used
4.9 Access to the Web server
The Web server of the S7-1200 station is located in the CPU. Via the LAN interface of the
CP, you have access to the Web server of the CPU.
Access using HTTPS: When there is secure access (HTTPS) to the Web server using the IP
address of the CP, the SSL certificate of the CPU is displayed.
The values of the data points are transferred by the CP with a time stamp. The time stamp is
coded in 2 double words. The exception is the half byte (nibble) with the time status.
The two double words have the following assignment:
Table 4- 6 Assignment of the two double words
RecTimeStamp_1
2 Day * 10 Day * 1
RecTimeStamp_2
Table 4- 7 The assignment of the half byte with the time status (low nibble of byte 3 of Rec-
TimeStamp_2)
0
CP 1243-8 IRC
96 Operating Instructions, 06/2015, C79000-G8976-C385-01
1
Page 97
5
5.1
Program blocks for OUC
Using the program blocks for Open User Communication (OUC)
Note
Different program block versions
Note that in STEP 7 you cannot use different versions of a program blo
Supported program blocks for OUC
The instructions (program blocks) listed below are required for direct communication
between S7 stations via Ethernet.
In contrast to other communication types, Open User Communication does not need to be
enabled in the configuration of the CP because corresponding program blocks need to be
created for this. You will find details on the program blocks in the information system of
STEP 7.
To useOpen User Communication, the CP requires a fixed configured IP address.
The following instructions in the specified minimum version are available for programming
Open User Communication:
● TSEND_C V3.0 / TRCV_C V3.0
Compact blocks for connection establishment/termination and sending / connection
establishment/termination and receiving
Transfer of data
or
● TCON V4.0 / TDISCON V2.1
Connection establishment / connection termination
● TUSEND V4.0 / TURCV V4.0
Sending and receiving data via UDP
● TSEND V4.0 / TRCV V4.0
ck in a station.
Sending and receiving data via TCP or ISOonTCP
● TMAIL_C V4.0
Sending e-mails
The program block can be found in STEP 7 in the "Instructions > Communication > Open
User Communication" window.
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
97
Page 98
Programming the program blocks (OUC)
Connection descriptions in system data types (SDTs)
Creating an SDT for the data blocks
Using the SDT
TCON_Param
TADDR_Param
TCON_IP_RFC
TCON_Phone
TMail_V4
TMail_V6
Connection establishment and termination
Note
Connection abort
If an existing connection is aborted by the communications partner or due to disturbances on
the network, the connection must also be terminated by calling TDISCON. Make sure that
you take this into account in your programm
5.1 Program blocks for OUC
For the connection description, the blocks listed above use the parameter CONNECT (or
MAIL_ADDR_PARAM with TMAIL_C). The connection description is stored in a data block
whose structure is specified by the system data type (SDT).
You create the SDT required for every connection description as a data block. You generate
the SDT type in STEP 7 by entering the name "TCON_Param" or "TCON_Phone" in the
"Data type" box manually in the declaration table of block instead of selecting an entry from
the "Data type" drop-down list. The corresponding SDT is then created with its parameters.
●
For transferring frames via TCP
●
For transferring frames via UDP
●
For transferring frames via ISO-on-TCP (communication between two S7-1200 stations)
●
For transferring SMS messages
●
For transferring e-mails addressing the e-mail server using an IPv4 address
●
For transferring e-mails addressing the e-mail server using an IPv6 address
You will find the description of the SDTs with their parameters in the STEP 7 information
system under the relevant name.
Connections are established using the program block TCON. Note that a separate program
block TCON must be called for each connection.
A separate connection must be established for each communications partner even if
identical blocks of data are being sent.
After a successful transfer of the data, a connection can be terminated. A connection is also
terminated by calling "TDISCON".
ing.
CP 1243-8 IRC
98 Operating Instructions, 06/2015, C79000-G8976-C385-01
Page 99
6
6.1
Diagnostics options
LEDs of the module
Diagnostics SMS / e-mail
STEP 7 Basic: The "Diagnostics" tab in the Inspector window
STEP 7 Basic: Diagnostics functions via the "Online > Online and diagnostics" menu
The following diagnostics options are available:
For information on the LED displays, refer to the section LEDs (Page 30).
If there are connection problems between the master station and station, you can, for
example see whether or not the transmission path is disturbed or whether the CPU is in
STOP status by checking the LEDs.
If configurable events such as the lack of reachability of a partner or if the CPU changes to
STOP, the CP can send a diagnostics SMS message or e-mail.
This configuration is described in the section Messages (Page 84).
If you access the CP via Ethernet, you obtain the following information about the selected
module:
● Entries in the diagnostics buffer of the CPU
● Information on the online status of the module
Access via WAN networks does not provide any information.
Using the online functions, you can read diagnostics information from the CP from an
engineering station on which the project with the CP is stored. You obtain the following static
information on the selected module:
● General information on the module
General information on the module
● Diagnostics status
Information on the diagnostics status
● Ethernet port
Address and statistical information
CP 1243-8 IRC
Operating Instructions, 06/2015, C79000-G8976-C385-01
99
Page 100
Diagnostics and upkeep
STEP 7 Basic: The partner status
STEP 7 V5
Diagnostics options via the Web server of the CPU
6.2
Downloading firmware
New firmware versions of the CP
6.2 Downloading firmware
● Industrial Remote Communication
Here, you obtain specific information on the WAN interface and other parameters of the
CP. The entry job has the following subentries:
– Partner
Information about the address settings of the partner, connection statistics,
configuration data of the partner and other diagnostics information.
– List of data points
Various information on the data points such as configuration data, value, connection
status etc.
– Device-specific events
Information on CP-internal events
● Time
Information on the time on the device
If you want to operate online diagnostics with the station via the CP, you need to select
Activate online functions, see section "Communication types" parameter group (Page 58).
You will find further information on the diagnostics functions of STEP 7 in the STEP 7
information system.
The CP can signal the status of the connection to the remote communications partner.
For information on the configuration, refer to the sections Parameter group “Partner stations”
(Page 64).
Here, the known diagnostics tools are available to you.
When accessing via WAN networks, you can use the functions of PG routing. You will find
details in the SINAUT system manual, see /3/ (Page 136).
You will find details on the diagnostics options of the Web server in the S7-1200 system
manual, see /1/ (Page 135).
If a new firmware version is available for the module, you will find this on the Internet pages
of Siemens Industry Online Support under the following entry ID:
CP 1243-8 IRC
100 Operating Instructions, 06/2015, C79000-G8976-C385-01
Loading...