87447188 DNP3 Telecontrol v10 e

Abbildung 0-

http://support.automation.siemens.com/WW/view/en/87447188

Application Description 05/2014

S7-based Telecontrol via DNP3 Protocol CP 1243-1DNP3, TIM 3V-IE DNP3

Warranty and Liability

DNP3 Telecontrol Entry ID: 87447188, V1.0, 05/2014 2

S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Warranty and Liability

Note The Application Examples are not binding and do not claim to be complete with regard to configuration, equipment or any contingencies. The Application Examples do not represent customer-specific solutions; they are only intended to provide support for typical applications. You are responsible for ensuring that the described products are used correctly. These Application _Examples do not relieve you of the responsibility of safely and professionally using, installing, operating and servicing equipment. When using these Application Examples, you recognize that we cannot be made liable for any damage/claims beyond the liability clause described. We reserve the right to make changes to these Application Examples at any time and without prior notice. If there are any deviations between the recommendations provided in this Application Example and other Siemens publications e.g. catalogs the contents of the other documents have priority.

We do not accept any liability for the information contained in this document. Any claims against us based on whatever legal reason resulting from the use of the examples, information, programs, engineering and performance data etc., described in this Application Example shall be excluded. Such an exclusion shall not apply in the case of mandatory liability, e.g. under the German Product Liability Act (Produkthaftungsgesetz), in case of intent, gross negligence, or injury of life, body or health, guarantee for the quality of a product, fraudulent concealment of a deficiency or breach of fundamental contractual obligations (wesentliche Vertragspflichten). The compensation for damages due to a breach of a fundamental contractual obligation is, however, limited to the foreseeable damage, typical for the type of contract, except in the event of intent or gross negligence or injury to life, body or health. The above provisions do not imply a change in the burden of proof to your disadvantage. Any form of duplication or distribution of these Application Examples or excerpts hereof is prohibited without the expressed consent of Siemens Industry Sector.

Security informa-

tion

Siemens provides products and solutions with industrial security functions that support the secure operation of plants, solutions, machines, equipment and/or networks. They are important components in a holistic industrial security concept. With this in mind, Siemens products and solutions undergo continuous development. Siemens recommends strongly that you regularly check for product updates.

For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept. Third-party products that may be in use should also be considered. For more information about industrial security, visit http://www.siemens.com/industrialsecurity.

To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visit http://support.automation.siemens.com.

Table of Contents


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Table of Contents Warranty and Liability ................................................................................................. 2 Preface .......................................................................................................................... 5 1 Task ..................................................................................................................... 6

1.1 Overview............................................................................................... 6 1.2 Description of the automation task ....................................................... 6

2 Solution............................................................................................................... 7

2.1 Overview............................................................................................... 7 2.2 Hardware and software components ................................................. 11 2.2.1 Validity ................................................................................................ 11 2.2.2 Components used .............................................................................. 11

3 Basics on DNP3 ............................................................................................... 13

3.1 DNP3 addresses ................................................................................ 13 3.2 DNP3 objects and SINAUT TD7 objects ............................................ 14 3.3 DNP3 classes ..................................................................................... 15 3.3.1 Static data (class 0) ............................................................................ 15 3.3.2 Events................................................................................................. 15 3.4 Index ................................................................................................... 16 3.5 Group and variation ............................................................................ 17 3.6 Implementation level .......................................................................... 17 3.7 Assignment of terms ........................................................................... 17

4 Program Overview ........................................................................................... 19

4.1 STEP 7 V5 project (S7-300) ............................................................... 19 4.2 STEP 7 V12 project (S7-1200) ........................................................... 20 4.3 WinCC project (DNP3 master) ........................................................... 21 4.4 Overview of the data objects .............................................................. 21 4.5 IP addresses in the example .............................................................. 22

5 DNP3 Configuration for S7-300 ...................................................................... 23

5.1 Configuration with the SIMATIC Manager .......................................... 23 5.1.1 Hardware and network configuration ................................................. 23 5.1.2 Time synchronization ......................................................................... 25 5.2 Configuration with the SINAUT ST7 configuration tool ...................... 26 5.2.1 Connection configuration.................................................................... 26 5.2.2 Subscriber administration ................................................................... 27 5.2.3 Configuring the SINAUT TD7 objects ................................................ 28

6 DNP3 Configuration for S7-1200 .................................................................... 31

6.1 Device configuration ........................................................................... 31 6.2 Data point configuration ..................................................................... 35 6.3 E-mail configuration ............................................................................ 39

7 DNP3 Configuration for DNP3 Master ........................................................... 42

7.1 Inserting the DNP3 driver ................................................................... 42 7.2 Settings for the master ....................................................................... 42 7.3 Settings for the connection node TIM / CP ........................................ 43 7.4 Settings for the CPU ........................................................................... 44 7.5 Tag configuration ................................................................................ 48

8 VPN Tunnel Configuration .............................................................................. 51

8.1 Configuration with the SCT tool ......................................................... 52 8.1.1 Creating project and modules ............................................................ 52

Table of Contents


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

8.1.2 Configuring the VPN tunnel ................................................................ 54 8.1.3 Loading the configuration ................................................................... 55 8.2 Configuration with the SCALANCE M874-3 WBM ............................. 56 8.2.1 Insert SIM card and log on to WBM ................................................... 56 8.2.2 Setting the access for the mobile radio network ................................ 57 8.2.3 Configuring the IP address ................................................................. 59 8.2.4 Set system time .................................................................................. 59 8.2.5 VPN tunnel configuration.................................................................... 60 8.2.6 Configuring the SCALANCE M874-3 for the S7-1200 station............ 66

9 Installation ........................................................................................................ 67

9.1 Installation of the hardware ................................................................ 67 9.2 Installation of the software.................................................................. 68 9.3 Installation of the application software ............................................... 68

10 Commissioning ................................................................................................ 69

10.1 Loading the stations ........................................................................... 69 10.1.1 Loading the S7-300 station ................................................................ 69 10.1.2 Loading the S7-1200 station .............................................................. 70 10.2 Configuration for the communication via VPN tunnel ........................ 71 10.2.1 Configuring the e-mail address (S7-1200) ......................................... 71 10.2.2 Adjusting the IP address .................................................................... 72 10.2.3 VPN tunnel configuration.................................................................... 76

11 Operation of the Application .......................................................................... 78 11.1 Overview............................................................................................. 78 11.2 Operating the Pipeline (S7-300) station ........................................... 79 11.3 Operating the Oil Tanks (S7-1200) station ...................................... 80

12 Diagnostics ...................................................................................................... 82

12.1 Wireshark ........................................................................................... 82 12.2 SINAUT Diagnostics and Service tool ................................................ 83 12.3 TIA Portal ........................................................................................... 87 12.4 SMTP server diagnostics (e-mail) ...................................................... 90

13 Related Literature ............................................................................................ 91 14 History............................................................................................................... 91

Preface


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Preface The documentation of this application is divided into the following main parts.

Section Chapter

Application Description & Basics

1 Task 2 Solution 3 Basics on DNP3 4 Program Overview

Introduction into the application example and the DNP3 protocol

Configuration Description

5 DNP3 Configuration for S7-300 6 DNP3 Configuration for S7-1200 7 DNP3 Configuration for DNP3 Master 8 VPN Tunnel Configuration

Description of the configurations which have led to the supplied program

Commissioning & Control

9 Installation 10 Commissioning 11 Operation of the Application

Instructions on how to commission the supplied program.

Appendix 12 Diagnostics 13 Related Literature 14 History

Additional information

1 Task 1.1 Overview


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

1 Task 1.1 Overview

Overview of the automation task The outstations Pipeline and Oil Tanks must be controlled and monitored from a central control station. The figure below provides an overview of the automation task. Figure 1-1

Control Station

Pipeline Oil Tanks

Direction of communication

1.2 Description of the automation task

Requirements of the automation task

The control station must be capable of requesting process data from the outstations.

The control station must be able to send commands and setpoint values unsolicited to the outstations.

The outstations must be able to send process data to the control station unsolicited.

In the case of a cancelled connection, process data must be saved in the outstations and be sent to the master after the connection has been established again.

For the implementation, a standardized protocol must be used.

2 Solution 2.1 Overview


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed


The control station uses telecontrol protocol DNP3 to communicate with the outstation via Ethernet. In the application example, the following types of message frames were configured. Commands (binary command) Measured values (analog input event) Binary messages (binary input event) Setpoint values (analog output event) Static data (class 0) as well as events of all DNP3 event classes (class 1, 2 and 3) were configured in order to illustrate the properties and differences of the classes. This application shows a complete configuration of a DNP3 system with SIMATIC components. The two following solutions were offered for the hardware configuration.

Configuration via internet/VPN diagram At the control station, the WinCC TeleControl software is installed, which makes the control station the DNP3 master. An S7-300 CPU with TIM3V-IE DNP3 as DNP3 station is installed on outstation Pipeline. Outstation Oil tanks consist of an S7-1200 CPU and a CP 1243-1 DNP3. (The CP is responsible for the communication with the control station.) A Virtual Private Network (VPN) is configured for the master to communicate with the stations via the internet. In this example, a DSL connection is available at the master. In addition, a SCALANCE S612 VPN module is installed. In each of the outstations, a SCALANCE M874-3 UMTS and VPN router (incl. SIM card and antenna) is used, which establishes the VPN tunnel to the SCALANCE S612 in the control station. This enables a secure communication via the internet / mobile radio network. The figure below gives a schematic overview of the most important components of the solution:



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Figure 2-1

VPN tunnel 2

VPN tunnel 1

SCALANCEM874-3

SCALANCEM874-3Industrial Ethernet

Master

S7-300 Station Pipeline

S7-1200 Station Oil tanks

WinCC with WinCC TeleControl (as DNP3 master)

CP 1243-1 DNP3

TIM 3V-IE DNP3

Mobile Network

SCALANCE S612

DSL Router

Internet

Service Personnel

E-mail

This solution also provides the option to send alarms from the S7-1200 station to the service personnel via e-mail; for example, if the CPU in goes to STOP mode or a connection with the master is terminated. Application-specific information can also be sent automatically via e-mail upon the occurrence of previously defined events (e.g. exceeding of thresholds).

Note The function of sending alarms via e-mail is not available at the DNP3 TIM of the S7-300 station at the time of generating the application.

Note Instead of using the DSL router, a DSL modem can also be used if the version of the SCALANCE S 612 is V3 or higher.

In this case, the PPPoE function must be configured for SCALANCE S 612 in Security Configuration Tool.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Configuration via LAN diagram As an alternative for the solution via internet/VPN, the solution via a switch is offered. In this case, the master and the stations are connected via a local network (LAN). The figure below gives a schematic overview of the most important components of the solution: Figure 2-2

Industrial Ethernet

Master

S7-300 Station PipelineS7-1200 Station Oil tanks

WinCC with WinCC TeleControl (as DNP3 master)

CP 1243-1 DNP3TIM 3V-IE DNP3

SCALANCE X

Advantages The solution presented here offers you the following advantages: Using the standardized DNP3 protocol Efficient and secure monitoring and control of process engineering plants Homogenous SIMATIC solution since the SIMATIC Portfolio offers software

and hardware for DNP3 master and outstations. Connection to all standardized DNP3 master systems Flexible expansion to up to 65519 outstations



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Scenario The application example is operated via WinCC Runtime. The user interface is displayed in the figure below. Figure 2-3

In station Pipeline (S7-300), pressure and flow rate are measured and sent to the master as unsolicited message frames. At the master, the operator can enter a setpoint for the flow rate. In station Oil Tanks (S7-1200), temperature and filling level are measured. The filling level is sent to the master as unsolicited message frame. If the tank is filled up to 80%, a message is sent to the master with the information that the tank is full. At the same time, the message (alarm) is sent to the service personnel via an e-mail. At the master, the operator has the option to open the valve so the tank is not overfilled. A command is sent to the station via the Valve icon. The measured values of the temperature are saved in the station and only sent after the master has been polled. The old values are sent along and displayed in WinCC Runtime as a trend.

Delimitation This application does not contain any description of the basics of SIMATIC WinCC V7: Basic knowledge of this topic is required.

Assumed knowledge Basic knowledge of configuration & programming with STEP 7 V5 and STEP 7 V12 is assumed.

2 Solution 2.2 Hardware and software components


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

2.2 Hardware and software components

2.2.1 Validity

This application is valid for: STEP 7 V5.5 SP3 SINAUT ST7 Engineering V5.3 S7-300 CPUs (restrictions see link \3\) STEP 7 V12 SP1 or higher S7-1200 CPU as of firmware version 3.0 WinCC V7.0 SP3 Upd 3 WinCC Telecontrol V7.0 SP3

2.2.2 Components used

The application was set up with the following components:

Hardware components Table 2-1

Component No. Article number Note

FieldPG 1 6ES7716-.....-0... PC requirements in system manual!

CPU 315-2 PN/DP 1 6ES7315-2EH14-0AB0 TIM 3V-IE DNP3 1 6NH7803-3BA00-0AA0 MMC card 1 6ES7953-8LP20-0AA0 CPU 1211C DC/DC/DC

1 6ES7211-1AE31-0XB0 as of firmware version V3.0

CP 1243-1 DNP3 1 6GK7243-1JX30-0XE0 SCALANCE X304-2FE

6GK5304-2BD00-2AA3

IE FC TP Standard Cable GP 2x2

6XV1840-2AH10 Sold by the meter

IE FC RJ45 Plug 2x2

6 6GK1901-1BB10-2AA0

IE FastConnect Stripping Tool

1 6GK1901-1GA00

SCALANCE M874-3 2 6GK5874-3AA00-2AA2 Solution via VPN ANT794-4MR 2 6NH9860-1AA00 Solution via VPN SIM card 2 Solution via VPN SCALANCE S 612 V4

1 6GK5612-0BA10-2AA3 Solution via VPN

DSL router 1 Solution via VPN , with port forwarding and IPsec pass through

2 Solution 2.2 Hardware and software components


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Software components Table 2-2

Component No. Article number Note

WinCC V7.0 SP3 Upd 3, RC512

1 6AV6381-2BN07-0AX0

SIMATIC TeleControl 7.0 SP3 for WinCC Basic Engineering

1 6DL5000-7AA07-0XA5

SIMATIC TeleControl 7.0 SP3 for WinCC Server Runtime (6 stations)

1 6DL5002-7AA07-0XA0

TeleControl DNP3 Driver

1 6DL5101-8EX00-0XB0

STEP 7 PROF V12 SP1

1 6ES7822-1AA02-0YA5

STEP 7 V5.5 SP3 1 6ES7810-4CC10-0YA5 SINAUT ST7 Engineering V5.3

1 6NH7997-0CA53-0AA0

Security Configuration Tool V4

1 Solution via VPN. This software is supplied with SCALANACE S.

Sample files and projects The following list includes all files and projects that are used in this example. Table 2-3

Component Note

87447188_DNP3_Telecontrol_CODE_v10.zip This zip file includes: STEP 7 V5 project (incl.

SINAUT project) STEP 7 V12 project WinCC project (incl.

WinCC TeleControl project)

SCT configuration SCALANCE M

configuration 87447188_DNP3_Telecontrol_v10_e.pdf This document.

3 Basics on DNP3 3.1 DNP3 addresses


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

3 Basics on DNP3 DNP3 is a telecontrol protocol which enables transmitting process data via serial or IP based communication. This protocol was standardized by the DNP Users Group and is often used in the sectors water/waste water as well as power distribution. As opposed to the IEC 60870-5 and SINAUT ST7 protocols, which are widespread in Europe, DNP3 is often used in the USA and Asia. An important aspect of the DNP3 protocol is the higher compatibility and interoperability between devices from different manufacturers. This chapter discusses the basics on the DNP3 protocol relevant for this configuration in SIMATIC S7-300 and S7-1200.

Note An overview of the DNP3 protocol is given in the DNP3 Protocol Primer (link \10\) and the manuals of the respective DNP3 modules (link \3\ and link \4\).

3.1 DNP3 addresses

The DNP3 protocol defines a master, the computer for example, where the service personnel can operate and monitor the plant and the outstations; these are the remote stations, often also referred to as RTU (Remote Terminal Unit). Each DNP3 device must have a unique address. This address is used for sending the message frames to the correct partner. The source and target address of a message frame is sent along with the process data. The receiver then knows who to respond to. In this application example, process data is send/received to/from 3 devices. Communication occurs between the master and the S7-300 / S7-1200 station. Cross-communication between the S7-300 and the S7-1200 via DNP3 protocol is not possible at the time of creating the application. The addresses are, in this application, assigned as follows.

3 Basics on DNP3 3.2 DNP3 objects and SINAUT TD7 objects


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Figure 3-1

Industrial Ethernet

Master

S7-300 Station Pipeline

S7-1200 StationOil tanks

WinCC Telecontrol

STEP7 V5.5 &SINAUT ST7 Configuration Tool

STEP7 V12 SP1

DNP3 address

1

2

3

ConfigurationHardware with addresses Logic Function

You can choose an address between 1 and 65520.

Note The DNP3 configuration for the master and the station is performed via different engineering tools (see Figure 3-1), therefore, a cross-system plausibility check of the addresses cannot be performed.

3.2 DNP3 objects and SINAUT TD7 objects

The configuration of the DNP3 data objects for S7-300 is performed via the SINAUT ST7 configuration tool in the form of TD7 objects. For example, in order to configure a message/alarm/binary signal, the TD7 object Bin04B_S must be configured in the tool. Object group and variation are not displayed in the SINAUT ST7 configuration tool.

3 Basics on DNP3 3.3 DNP3 classes


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Figure 3-2

Note The assignment of the DNP3 objects to SINAUT TD7 objects is available in the tables in chapter DNP3 objects and parameters at SINAUT under the link \3\. In these tables, the DNP3 objects supported by the DNP3-TIMs are listed.

3.3 DNP3 classes

The DNP3 protocol classifies the process data as static data and events.

3.3.1 Static data (class 0)

Any analog and binary values pending in DNP3 stations, such as messages, measured values, or count values, are referred to as static data. Only the current values/states are transferred when requested by the master. Intermediate values, or values produced during a connection failure, are not buffered.

3.3.2 Events

An event is a message, alarm, measured value etc, where a significant change occurs. For a binary input, for example, this might be a change from 0 to 1. For a measured value, an event occurs if the analog value exceeds a threshold value. For transferring the saved events, the DNP3 protocol defines two options: the DNP3 master can poll the saved events of one or all of the event classes

and read them like static data. the station can transfer events unsolicited. The configuration of the DNP3 master defines whether the station reports unsolicited events. The unsolicited sending of events through the station is prompted by the master through a respective control frame to the station.

Note In order for the data to be sent unsolicited, the following function must be activated: Unsolicited reporting in STEP 7 5.5, Unsolicited transfer in STEP 7 V12 SP1, and Unsolicited responses in WinCC TeleControl.

The events are divided into the following three classes:

3 Basics on DNP3 3.4 Index


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Class 1 This class is recommended for critical events. All changes of a process value are stored in the event memory and immediately sent to the master.

Class 2 The class 2 events are handled in the same way as the class 1events; i.e., all changes of a process value are stored in the event memory and immediately sent to the master.

Class 3 Handling the class 3 events is a proprietary solution for the DNP3-TIMs and the CP 1243-1. Only the last change of a process value is stored in the event memory. The current, changed value is transferred to the control station when the control station polls the events of event class 3. Event class 3 is, for example, suitable for transferring count states, since only the last count value is of interest.

3.4 Index The DNP3 protocol specifies the index for characterizing one individual data point within a DNP3 object group. There are the following groups: binary input, analog input, counter input, control output and analog output. Within a DNP3 object group, each individual process value is addressed via a unique index. The DNP3 index is continuously assigned during configuration, starting with index 0.

Index assignment at S7-300 The data points transferred in the send and receive channels are numbered consecutively with rising index. The Bin04B_S data object, for example, contains 4 channels 1 byte for sending binary data. In each channel, 8 data points are given a rising index according to the 8 bits. Channel 1 comprises index 0...7, channel 2 comprises index 8...15 etc.

Note For data objects with several channels, a non-configured channel also assigns an index. The Bin04B_S object, for example, contains 4 channels 1 byte; i.e., it assigns 4 x 8 indices, which makes a total of 32 indices. If you have configured the Bin04B_S object with start index 0, and you wish to configure a second object of the same DNP3 object group, you should assign number 32 as the start index.

Note A table with the SINAUT objects and their index assignments is available in chapter TD7 object, DNP3 object group and index assignment, link \3\.

Index assignment at S7-1200 In TIA Portal, the index is counted up automatically when creating data points of the same type. You can also change the index manually. The TIA Portal ensures that the index is only assigned once per DNP3 object group.

3 Basics on DNP3 3.5 Group and variation


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

3.5 Group and variation

Group The DNP3 protocol specifies object groups which in the SINAUT configuration tool correspond to the data objects. At TIA Portal, the object group is listed under Type of data point. Individual items of data or groups of data are addressed via data objects which differ depending on the data type (binary, analog, command, etc) and send or receive direction.

Variation The DNP3 object group specifies the respective data types. Within some data objects, the variation of the data format specifies the variation of the data format of the process value. Each object group has a typical set of variations. The most important variations specify the following data formats: Counter, binary and analog values: with or without time stamp Analog value formats: 16 or 32 bit, fixed point number or floating point value

3.6 Implementation level

The DNP3 protocol specifies implementation levels for the implementation of the protocol for the different DNP3 devices. Level 1 is the lowest level which only supports the basic functions. Level 2 supports more groups and variations than level 1. Additionally, level 2 and 3 also support time stamps and buffering for binary inputs. Level 4 and level 5 additionally support time stamps and buffering for analog input and counter input. The DNP3 Device Profile of each DNP3 module includes information on the highest level supported by this module. When configuring the stations, the highest implementation level supported by the master must be entered.

3.7 Assignment of terms

In STEP 7V5.5, STEP 7 V12 and in WinCC TeleControl partly different names are used for the same parameters. In order to facilitate the configuration, a table with the names of the parameters is available in German and another one in English.

3 Basics on DNP3 3.7 Assignment of terms


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

German terms Table 3-1

WinCC TeleControl

SINAUT ST7 Projektierungstool

TIA Portal (STEP7 V12 SP1)

Verbindungsadresse Link Address

Teilnehmernr. Stationsadresse Master-Stationsadresse

Not displayed DNP3 Konformitts-Stufe DNP3 level Variable Objekt Datenpunkt Klasse Ereignisklasse Ereignisklasse Index DNP3-Startindex Index der Datenpunkte Gruppe Objekt Name

(s. Hinweis am Ende der Tabelle)

Typ des Datenpunkts Variation Wird nicht angezeigt

Datenverarbeitungs-Modus

Endung _S zum Senden, Endung _R zum Empfangen im Object Name z. B. Bin04B_S

Wird nicht angezeigt, da es vom Type of data point erkennbar ist

Unaufgeforderte Rckmeldungen

Spontanes Melden (wird in STEP7 V5 konfiguriert und angezeigt)

Spontane bertragung

English terms Table 3-2

WinCC TeleControl

SINAUT ST7 Configuration Tool

TIA Portal (STEP 7 V12 SP1)

Link address Subscriber no. Station address Master station address

Not displayed DNP3 conformity level DNP3 level Tag Object Data point Class Event class Event class Index DNP3 start index Data point index Group Object name

(see note at the end of the table)

Type of data point Variation Not displayed

Data processing mode

Suffix _S for sending, suffix _R for receiving in Object Name e.g. Bin04B_S

Not displayed since it can be recognized by Type of data point

Unsolicited responses Unsolicited reporting (configured and displayed in STEP 7 V5)

Unsolicited transfer

4 Program Overview 4.1 STEP 7 V5 project (S7-300)


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

4 Program Overview In this chapter, the program structure of the application example is described. The supplied code contains the following files: for the S7-300 station: STEP 7 V5 project, incl. SINAUT project for the S7-1200 station: STEP 7 V12 project for the DNP3 master and the visualization: WinCC project, incl. WinCC

TeleControl project for the VPN configuration: SCT project and SCALANCE M configuration

4.1 STEP 7 V5 project (S7-300)

Configuring the DNP3 objects does not require any programming in STEP 7, since the objects are configured in the SINAUT configuration tool. However, since there are no real measured values and binary data for this example, the data is simulated in STEP 7. This simulation serves for explaining the function of the DNP3 protocol and does not reflect a real application. The structure of the program is displayed in the picture below. The blocks are described in the STEP 7 comments. Figure 4-1

IDB 4

IDB 7

User program System blocks Data blocks

MAIN[OB 1]

Set CPU time [FC1]

Start/Stop Demo [FC2]

Set Flow [FC3]

Pressure Simulation

[FC4]

Flow Simulation

[FC5]

SET_CLK[SFC0]

SINAUT_Data[DB1]

Time[DB2]

TON[SFB4]

IDB 3

IDB 8

CTU[SFB0]

In Set CPU time [FC1], the time in the CPU is described using SET_CLK [SFC0] In Start/Stop Demo [FC2], the demo is started or terminated at a positive edge of the respective command by the master. In Flow Simulation [FC5], the values for the flow rate are simulated. The operator has the option of entering a setpoint value for the flow rate from the master. In Set flow [FC3], the setpoint is written in the current value of the flow rate.

4 Program Overview 4.2 STEP 7 V12 project (S7-1200)


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Similar to the flow rate for Flow Simulation [FC5], a pressure simulation is performed at Pressure Simulation [FC4]. In SINAUT_Data [DB1], the PLC tags to be used for the TD7 objects were specified. The DT-type variable required for setting the CPU time was defined in Time [DB2].

4.2 STEP 7 V12 project (S7-1200)

As for the S7-300 station, programming in STEP 7 is not necessary for configuring the DNP3 objects. The data objects are configured in the Data points field in STEP 7. However, since there are no real measured values and binary data for this example, the data was simulated in STEP 7. This simulation servers for explaining the function of the DNP3 protocol and does not reflect a real application. The structure of the program is displayed in the picture below. The blocks are described in the STEP 7 comments. Figure 4-2

IDB 2

IDB

User program System blocks Data blocks

MAIN[OB 1]

Timesync[FC1]

Oil level[FC5]

Temperature[FC7]

CP Time[DB1]

CP Data[DB3]

IEC_Timer

IDB 10

IEC_Counter

SimulationData[DB7]

In CP Time [DB1], the PLC tags required for the time synchronization were defined. The CP Time.CPU time sync cycle tag has a start value of five minutes (300s). After this time has elapsed, a trigger is set in Timesync [FC1] which writes the time of the DP in the CPU using the WR_SYS_T Set time-of-day. In the Oil level [FC5] and Temperature [FC7] blocks, the values for filling level and temperature are simulated. The tags required for this were defined in Simulation Data [DB 7]. In CP_Data [DB3], the PLC tags were defined which are used for configuring the data points.

4 Program Overview 4.3 WinCC project (DNP3 master)


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

4.3 WinCC project (DNP3 master)

In SIMATIC WinCC, the configuration of the HMI systems takes place. Additionally, the configuration of the DNP3 master is performed by the WinCC TeleControl add-on software. The DNP3 configuration of the master is described in detail in chapter 7. For the process data, one respective folder for each station was created in Tag Management. The names of the tags need not match those of the objects in the CPU configuration; however, it is important that the configuration of the objects matches the configuration in the CPU (group, variation, class etc.).

Figure 4-3

4.4 Overview of the data objects

The following figure gives you an overview of the data points configured in this application example. The configured objects in the SINAUT configuration tool dont have names but numbers. The assignment of the WinCC objects to the TD7 objects in S7-300 is performed via: the DNP3 object group (WinCC) and the TD7 object type (S7-300), see the

table with the assignment of the objects in Figure 3-1. the index: the index in WinCC must match the index in the SINAUT

configuration tool. For example, the Flow object in WinCC (group 32, index 0) is the object 4 in S7-300 (Ana04W_S, Index 0), since the DNP3 group 32 corresponds to the TD7 object type Ana04W_S (see Figure 3-1) and the index for both objects is identical. In order to facilitate the assignments of the objects in this example, we have configured them so the order of the objects in the SINAUT configuration tool matches the order of the objects in WinCC. Hence, the fourth listed object in WinCC (Flow tag, group 32, index 0) corresponds to the fourth listed object in the SINAUT configuration tool (object 4, Ana04W_S, index 0). For the S7-1200 in this example, the name of the WinCC variable is equal to the name of the data point in TIA Portal. The TD7 object type for S7-300, or the data point type for S7-1200, shows which objects / data points are commands, binary, or analog values. The class shows whether it relates to data or events.

4 Program Overview 4.5 IP addresses in the example


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Figure 4-4

WinCC VariablesFor the S7-300 Station Pipeline

For the S7-1200 Station Oil tanks

S7-300 Station Pipeline TD7 Objects

S7-1200 Station Oil tanks Data points

4.5 IP addresses in the example

For the configuration of the example in LAN (see Figure 2-2) the following IP addresses are used. Table 4-1

Station Module IP address

Internal External

Master PG/PC 192.168.0.100/24 S7-300 TIM 3V-IE DNP3 192.168.0.101/24 S7-1200 CP 1243-1 DNP3 192.168.0.102/24

For the configuration via internet/VPN, the IP addresses need to be adjusted, as described in chapter 10.2.2. Here you use the IP addresses from chapter 8.

5 DNP3 Configuration for S7-300 5.1 Configuration with the SIMATIC Manager


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

5 DNP3 Configuration for S7-300 Chapters 5, 6 and 7 show the necessary steps for DNP3 configuration of an S7-300, an S7-1200 and the WinCC TeleControl (master) in detail. If you only wish to test the completed configuration, go to chapter 9.

Process data for S7-300 For the S7-300 station, the following process data is displayed in this application: Commands: StartDemo and StopDemo Events:

Class 1 binary event: Demostarted (shows the current status of the demo)

Class 1 analog events: Flow, Set_Flow and Pressure

In order to facilitate the assignment of the DNP3 objects (configured as TD7 objects) to the PLC tags, we have stored the configuration data of the TD7 objects as comment for the PLC tags. (see SINAUT_Data [DB1] block in the STEP 7 project.) Figure 5-1

The hardware configuration for the S7-300 station is performed in the SIMATIC Manager (chapter 5.1). Subsequently, the DNP3 objects are configured in the SINAUT configuration tool (chapter 5.2).

5.1 Configuration with the SIMATIC Manager

5.1.1 Hardware and network configuration

Table 5-1

No. Action Remarks

1. In the SIMATIC Manager you create a new project via Project > New. 2. Open NetPro via Configure Network and add a SIMATIC 300 station via drag&drop.

3. Double-click on the SIMATIC 300 station to open HW Config.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. Insert the desired CPU and the DNP3-TIM. The DNP3-TIM module is available at SIMATIC 300 > SINAUT ST7 > TIM IE > TIM3V-IE DNP3.

5. Double-click on the TIM in your station. The window with the properties of the TIM opens. 6. Go to the Interfaces tab and select the

Ethernet interface.

7. Set the IP address of the TIM via Properties

and connect the interface with the Ethernet(1) subnet.

8. Ensure that the Connection mode has been

set to DNP3 station. Then click on DNP3 Parameters to make the DNP3 settings.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

9. Set the Unsolicited reporting parameter to Yes and acknowledge the setting with OK. This transfers the DNP3 data unsolicited to the DNP3 master.

10. Compile the hardware configuration.

11. In order for the S7-300 station to communicate with the DNP3 master, it must know the IP

address of the master. Enter Other Station in NetPro. 12. Double-click on the DNP3 master. Then create a new Industrial Ethernet interface and assign an

IP address. 13. Compile the project.

5.1.2 Time synchronization

The TIM receives the current time via the DNP3 master. It provides the time to your local CPU via the I/O addresses. The time information has an offset of 8 bytes to the initial value of the inputs. From there, the time can be read and evaluated by the user program of the CPU.

5 DNP3 Configuration for S7-300 5.2 Configuration with the SINAUT ST7 configuration tool


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Table 5-2

No. Action Remarks

1. Open the properties of the TIM. Switch to the Addresses tab. Read the start value of the inputs. In this example, it is 256.

2. The time information is located in the I/O address as of:

start value of the inputs + 8 bytes In this example, this is the I/O address 264 (256 + 8).

3. Write the time to the CPU using the SFC0 SET_CLCK block.

See the Set CPU Time [FC1] block in the application example.

Note Further information on the time synchronization is available in the chapter Time synchronization of S7-CPUs (link \3\)

5.2 Configuration with the SINAUT ST7 configuration tool

5.2.1 Connection configuration

Table 5-3

No. Action Remarks

1. Start the SINAUT ST7 configuration tool via: Start > all programs > Siemens Automation > SIMATIC > SINAUT ST7 > SINAUT ST7configuration

2. Open the STEP 7 project which you have created in chapter 5.1. 3. Select Connection Configuration and start

with OK.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. In the right window pane the possible connections are displayed which result from the network configuration in NetPro. Select the desired connections via right mouse button on the connection > Add.

5. The configured connection is shown in the left

window pane.

6. Save this configuration and go to the

Subscriber Administration dialog.

5.2.2 Subscriber administration

Table 5-4

No. Action Remarks

1. Subscriber Administration lists all of the subscribers.

2. You have the option of changing the subscriber number. However, is not required.

Select the desired subscriber from Change subscriber No via the right mouse button. Then enter a new subscriber number.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

3. Select the All Destination Subscribers field and select the DNP3 master in the right window pane. Then enter the highest conformity level supported by your DNP3 master.

5.2.3 Configuring the SINAUT TD7 objects

Table 5-5

No. Action Remarks

1. In the left window pane you mark the TIM module under TIMs with TD7onTIM and then click on the TD7onTIM library icon.

2. The window with the TD7onTIM library

opens. Select the object you wish to configure and then click on Paste into Project. Then close the library with Close.

3. The objects now inserted in the project are listed in the left and right window pane. Now you can configure these objects. In the right window pane you select the data object you wish to configure.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. The object properties are displayed in the bottom window. For all data objects the partner which the data is sent to/received from needs to be defined. In the Available partners list you select the DNP3 master and adopt it as partner by clicking on the red arrow.

After this setting has been made, the partner is also displayed in the Selected partners list.

5. Enter the DNP3 start index. Please also take into account the note at the end of the table. 6. Select the desired event class.

7. Now select the data object in the left window pane in order to activate the send/receive channels. The number and the data type of the channels depend on the data object; for example, there are 4 byte-type channels for the Bin04B_S object. If you wish to send all 4 bytes, you need to activate all channels and configure them accordingly. Select the channel you wish to configure.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

8. Activate the channel via the check box Channel active. Set the desired send trigger. In this example, the data is sent at a value change of 1. Then enter the Input address where the data to be sent can be read on the CPU.

9. Save the SINAUT project.

Note An index must only be assigned once per DNP3 object group (not even per SINAUT object). When selecting the index please consider the description of the index assignment for the SINAUT objects in chapter TD7 object, DNP3 object group and index assignment under the link \3\.

Note A detailed description of the SINAUT objects is contained in chapter Configuring the SINAUT objects under the link \3\.

6 DNP3 Configuration for S7-1200 6.1 Device configuration


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

6 DNP3 Configuration for S7-1200 The configuration of the hardware and the DNP3 configuration for the S7-1200 is performed in STEP 7 V12 SP1. No additional tool is required.

Process data for S7-1200 For the S7-1200 station, the following process data is displayed in this application: Commands:

Start demo and Stop demo Open valve and Close valve

Events: Class 1:

Binary events: Fill_level_alarm, valve_closed and demo_started Analog event: Fill_level

Class 2: Analog event: Temperature

An overview of the configured process data is available in the following figure. (Data configuration in TIA Portal) Figure 6-1

Alarm via e-mail In addition to the process data sent to the master, an alarm is also configured here which is sent to the service personnel via e-mail if the fill_level_alarm is set. The text for the alarm looks as follows: Oil tank is almost full. Fill level: 81.463470 Configure the S7-1200 station as described in the chapters below.

6.1 Device configuration In the Device configuration, the hardware as well as the DNP3 parameters relevant for the entire station are configured. Please make the following settings:

Table 6-1

No. Action Remarks

1. In TIA Portal you create a new project via Create new project. 2. Go to the Project view. 3. Add the desired CPU and go to Device

configuration. Note: CPU with firmware version V3.0 or higher.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. Go to Hardware catalog > Communication modules > Industrial Remote Control > CP 1243-1 Double-click on the order number of the CP to add it to the configuration.

5. Select the CPU. The CP 1243-1 properties are displayed. Go to Communication types and activate the communication type Teleservice. The STEP 7 project can be loaded to the CPU via the CP.

6. Set the IP address of the CP via Ethernet interface > Ethernet addresses > IP protocol.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

7. Go to CP identification and enter the station address (DNP3 address). In this application example, the station address for the S7-1200 station is number 3, see Figure 3-1. Note this address since you need it for configuring the master.

When selecting the station address please take into account the notes in chapter 3.1.

8. Go to Time synchronization to synchronize the time of the CP from the DNP3 master. Select the Activate time-of-day synchronization checkbox and set the desired synchronization cycle and time interval.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

9. Go to Transmission settings - DNP3. Make sure that Unsolicited transfer is active. (Default settings)

10. Go to Partner stations and enter the Master station address according to Figure 3-1. Then

enter the IP address of the DNP3 masters in the Partner IP address field.

6 DNP3 Configuration for S7-1200 6.2 Data point configuration


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

11. In the Advanced settings tab you select the DNP3 level of the master. Then you select the Report partner status check box. This function shows the status of the communication with the remote partner, in this example with the DNP3 master. Create a PLC tag with data type WORD and enter this tag in the PLC tag for partner status field. In this tag, the status of the partner is displayed. Bit 0 is set to 1, for example, if the partner is accessible.

12. In the Communication with the CPU > CP Time tab you can set the time synchronization of the

CPU from the CP. Activate the Enable CP time checkbox. Create a PLC tag with data type BOOL and enter this tag in the CP time trigger variable field. If this tag is set in the user program, the CP writes its current time to the PLC tag CP time variable (data type DTL) and resets the "time trigger variable" to 0. The time must then be set in the user program of the CPU using the WR_SYS_T block (see block Timesync FC1 in the application example).

6.2 Data point configuration The properties for the respective data points (data objects) are configured in the Data points field. Please make the following settings:

Table 6-2

No. Action Remarks

1. Create a data block with the PLC tags you wish to send to the master or with tags where data received by the master is saved.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

2. In the project navigation you go to Local modules > CP 1243-1 and double-click on the Data points field.

3. The Data point and alarm configuration window opens.

Double-click on Add new to add a new data point.

4. Click on the arrow in Tag source.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

5. Select the data block where you saved the PLC tag you wish to send to the DNP3 master. Select the tag and click on the green check mark to accept the tag.

6. The tag has been added. TIA Portal adopts the tag name as the data point name.

Make a selection in Type of data point. In this example, Binary Input Event(2). Note: apart from the type of the data point, the DNP3 object group is shown in brackets. In this example it is n object from group 2. You need this information for configuring the tag at the DNP3 master. (See chapter 7.5). The groups are defined in the DNP3 protocol. In the data point configuration only those groups are displayed which match the type of the configured tag.

7. Select the desired Event class.

Note: the Data point index is automatically assigned by the TIA Portal. You need the index number for the configuration of the tag at the DNP3 master. (see chapter 7.5)

8. Select the partner to which the data shall be sent.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

9. The bottom window pane of the TIA Portal displays the properties of the data point. Go to the Trigger tab. Select the checkbox for the type of the trigger you wish to configure. In this example, the data point is triggered if the data changes by 1. (In this case the value cannot be adjusted since it is a binary tag.)

10. Compile and save the TIA project.

Note An overview of the DNP3 object types supported by CP 1243-1 DNP3 is available in chapter Data point types under the link \4\.

6 DNP3 Configuration for S7-1200 6.3 E-mail configuration


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

6.3 E-mail configuration The configuration of the alarms sent via e-mail only makes sense when using an SMTP server. Please make the following settings:

Table 6-3

No. Action Remarks

1. Open the CP 1243-1 properties. 2. Go to the DNS configuration tab and enter the LAN IP address of the SCALANCE M 874-3 as

DNS server.

3. Go to the E-mail configuration tab. Enter the data of your e-mail provider.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. In the project navigation you go to Alarms via Local modules > CP 1243-1.

5. Double-click on Add new to add a new message/alarm.

6. In the bottom window pane of the TIA Portal, the properties of the alarm are displayed.

Enter the receiver address, subject and text for the e-mail. Note: string $$ is the wildcard for the value of the PLC tag. (If the trigger of the alarms has been set to Use PLC tag. (See step below).



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

7. Go to the Trigger tab. (1) Select the type of the trigger in the drop-down menu. In this example, a PLC tag was used

as trigger. (2) In the drop-down list you select the PLC tag which is used as trigger. (3) It is recommended to activate the Enable status identifier checkbox and select a DWORD-

type PLC tag in External status. In this tag the status messages from the SMTP server are displayed.

(4) Select the Include value checkbox and in the PLC tag for value field you select the PLC tag to be sent with the alarm.

8. Compile and save the TIA project.

1

2 3

4

7 DNP3 Configuration for DNP3 Master 7.1 Inserting the DNP3 driver


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

7 DNP3 Configuration for DNP3 Master The DNP3 configuration of the master is performed in SIMATIC WinCC. The Add-on Software WinCC TeleControl is necessary for this. Make the settings in WinCC as described in the chapters below.

7.1 Inserting the DNP3 driver Table 7-1

No. Action Remarks

1. Create and open a WinCC project with WinCC V. 7.0. 2. In the WinCC Explorer you right-click on Task

Management and then select Add New Drive.

3. Search the Telecontrol channel tcChannel.chn and open it.

This installs the telecontrol channel.

7.2 Settings for the master Table 7-2

No. Action Remarks

1. Select the telecontrol channel with the right mouse button and click on System Parameter.

2. The Connection Configuration window opens.

Go to the PC Station View tab.

7 DNP3 Configuration for DNP3 Master 7.3 Settings for the connection node TIM / CP


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

3. Enter the Link Address for the DNP3 master according to Figure 3-1.

Click Apply to apply the setting.

7.3 Settings for the connection node TIM / CP

In order to establish the communication with the station, the properties of the TIM / CP must be known to the master. Make the necessary settings:

Table 7-3

No. Action Remarks

1. (1) Go to the AS View tab. All RTUs and their communication devices (TIMs, CPs) connected to the DNP3 master are configured here.

(2) Right-click into the empty space in the Components window pane. (3) Select Add DNPCONN' AS Source Node in the dialog field.

Note: all of the DNP RTUs need to be connected via one or two DNP connections. First, the DNP connections (DNPCONN) and then the DNP RTUs (DNPRTU) need to be configured.

1

2

3

7 DNP3 Configuration for DNP3 Master 7.4 Settings for the CPU


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

2. The DNPCONN AS properties dialog field is displayed. (1) In the AS Node Name field you enter a name for the DNP connection node (CP or TIM). (2) In Protocol Type you activate the TCP radio button. (3) In the Connection Address field you enter the IP address of the TIM or the CP.

Apply the settings with OK.

3. Repeat the steps 2-3 for the CP.

7.4 Settings for the CPU

At the DNP3 master, settings need to be made for each DNP3 station. These settings specify, for example, how the master shall treat the events of the various classes for this station. Please make the following settings:

1

2

3



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Table 7-4

No. Action Remarks

1. (1) Right-click into the empty space in the Components window pane. (2) Select Add DNPRTU AS Source Node in the dialog field.

2. The DNP RTU AS properties dialog field is displayed.

In the AS Node Name field you enter a name for the DNP-RTU node (CPU). Click on Configure Connection to configure the connection with the RTU.

1

2



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

3. Enter the Link Address for the CPU according to Figure 3-1. Then select the DNP connection node from the drop-down list and acknowledge the settings with OK.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. Click on Configure Parameters. The window with the DNP parameters for this station is displayed. Activate the Unsolicited Responses function for class 1 and 3. In this application example, the class 2 events shall be archived in the CPU and only be sent after requested from the master. Deactivate the Integrity Poll on Class xData Bit set checkbox.

7 DNP3 Configuration for DNP3 Master 7.5 Tag configuration


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

5. Close all windows with OK. The system variables are created and displayed in the right window.

6. Repeat the steps 1-5 for the S7-1200 CPU.

Note The system tags are automatically created after the TIM (or CP) and the CPU were configured in System Parameter. The description of this tag is available in the User manual for WinCC TeleControl, which was supplied with the WinCC TeleControl software.

7.5 Tag configuration In order for the master to be able to send/receive the DNP3 objects, they need to be configured in the Tag Management field. Please make the following settings:

Table 7-5

No. Action Remarks

1. In Tag Management > TCCHANNEL > TCUNIT > Telecontrol you right-click into the right window pane. Then select New Tag.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

2. The Tag properties dialog field is displayed. (1) Assign a name to the tag. (2) Select the desired data type from the drop-down list. (3) Click on the Select button.

1

2

3



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

3. The system configuration for this tag is displayed. (1) In the AS Node field, you select the CPU to/from which this tag is to be sent/received. (2) Select the desired Data Processing Mode

Reading RP process data (receiving data from the CPU) Writing WP process data (sending data to the CPU)

(3) Select the event class in Class. (4) Enter the index. Please consider the Notes in chapter 3.4.

(5) Select the group. (The groups are defined in the DNP3 protocol. Here, only those groups are displayed which match the type of the configured tag.) (6) Select the variation. (7) Apply the settings with OK.

Note Class, index, group and variation of the tag must match the settings in the CPU. For the S7-300, these settings are made in the SINAUT configuration tool, for the S7-1200 in the data point configuration in STEP 7 V12 (see chapter 5.2.3 for the S7-300 and chapter 6.2 for the S7-1200).

1 2

4

5

6

3

7

8 VPN Tunnel Configuration 7.5 Tag configuration


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

8 VPN Tunnel Configuration If you wish to operate the Configuration via internet/VPN, a VPN tunnel must be established between the master and the respective station. The configuration is shown in the figure below. The colored bubbles represent the different networks. Devices which are shown in the same bubble are located in the same network. Figure 8-1

VPN tunnel 2

VPN tunnel 1

SCALANCEM874-3

SCALANCEM874-3Industrial Ethernet

Master

S7-300 StationPipeline

S7-1200 Station Oil tanks

WinCC with WinCC TeleControl (as DNP3 Master)

CP 1243-1 DNP3

TIM 3V-IE DNP3

Mobile radio network

SCALANCE S612

DSL router

Internet

The table below contains the IP addresses which were used for this configuration: Table 8-1

Station Module IP address

Internal External

Master PG/PC 192.168.3.100/24 SCALANCE S612 V3 192.168.3.1/24 192.168.2.2/24 DSL router 192.168.2.1/24 Fixed IP from provider

or DynDNS S7-300 TIM 3V-IE DNP3 192.168.0.101/24

SCALANCE M874-3 192.168.0.10/24 Dynamic from APN S7-1200 CP 1243-1 DNP3 192.168.1.102/24

SCALANCE M874-3 192.168.1.10/24 Dynamic from APN

Note Before starting the VPN configuration, you reset the SCALANCE S and SCALANCE M devices to factory settings.

8 VPN Tunnel Configuration 8.1 Configuration with the SCT tool


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Note At the DSL router, you set a port-forwarding for port 500 and port 4500 to the external IP address of SCALANCE S612.

8.1 Configuration with the SCT tool

The certificates for the VPN tunnel are created using the Security Configuration Tool (SCT). The configuration of SCALANCE S612 is also performed in the SCT. Make the settings as described in the subchapters below:

8.1.1 Creating project and modules

Table 8-2

No. Action Remarks

1. Open the Security Configuration Tool (SCT) via: Start > All programs > SIEMENS Automation > SIMATIC > Security > Security Configuration Tool.

2. Create a new project via Project > New.

3. In the following dialog you create a new user

with user name and respective password. Confirm the dialog with OK.

4. The Selection of a module or software

configuration window opens. The first module you configure is the SCALANCE S: (1) Select the product type and version of your

module. (In this application example, SCALANCE S612, firmware version V4 is used.)

(2) Enter a name and the MAC address for this module. (The MAC address is printed on the front of the SCALANCE S.)

(3) Select Routing mode and enter the internal and external IP address according to Table 8-1.

(4) Click OK to confirm the settings.

1

3

4

1

1

2 2 3

3



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

5. Enter the internal IP address of your DSL router as Standard router in the module line. (See Table 8-1).

6. Insert a new module with Insert -> Module.

7. Configure the SCALANCE M874-3 for the

S7-300 station as follows: (1) Select product type and module as in the

picture. (2) Assign a name and enter the internal IP

address according to Table 8-1. (3) Click OK to confirm the settings.

Note: the SCT requires an external IP address for the SCALANCE M874-3. Since this IP address is assigned dynamically by the mobile service provider, it cannot be entered here. For this reason, just use the default IP address of the SCT (here: 192.168.10.1).

4 8. Repeat steps no. 6-7 to configure the SCALANCE M874-3 of the S7-1200 station.

The configured modules are displayed at All Modules.

1

2

3

1

1

2



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

8.1.2 Configuring the VPN tunnel

Table 8-3

No. Action Remarks

1. Go to View > Advanced Mode to select the advanced mode of the SCT. Confirm the following dialog box with Yes. In the advanced mode, there are extended settings options required for the VPN tunnel configuration.

2. With the right mouse button you click on VPN

groups. Now create a new group via Insert VPN group.

3. The modules S612 and S7-300 (M874-3 for the S7-300) are placed in Group1.

Select the individual modules S612 and S7-300 and move them to Group1 via drag&drop. 4. Both modules have now been assigned to Group1. Double-click on Group1.

5. The window with the properties of the VPN

group opens. Change the SA lifetimes to 1440 minutes. Close the dialog box with OK.

6. Repeat steps no. 2-5 to configure the SCALANCE M874-3 of the S7-1200 station in Group1. 7. Double-click on the S612.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

8. The window with the properties of the SCALANCE S612 opens. 1. Go to the VPN tab. 2. Set the Time interval for the Dead-Peer-Detection to 180 seconds. This function prevents the display of obsolete VPN tunnels in online view. 3. The SCALANCE S waits for the connection of the SCALANCE M874-3. Change the permission to initiate the connection accordingly to Wait for partner (responder). 4. Enter the fixed IP address (or the domain name) of your DSL routers in the WAN IP address/FQDN field. 5. Click on OK to confirm the settings.

Note: the Dead-Peer-Detection time interval must be set higher than in M874-3. The default setting for the M874-3 is 150 seconds.

9. Save your project.

Note Alternatively you can configure all modules in the same group. This makes the VPN properties and the certificates for all SCALANCE M identical.

Note A group represents a VPN connection. Only nodes which are part of this group can participate in the VNP communication.

8.1.3 Loading the configuration

Table 8-4

No. Action Remarks

1. Set the IP address of the PG/PC to 192.168.2.100, for example.

The IP address of the PG/PC must be located in the same network as the IP address of the SCALANCE S612, via which the module is loaded.

2. Connect the PC/PG with the external port of the SCALANCE S.

The SCALANCE S has no default IP address. The download occurs via the given MAC address. Note: the SCALANCE S can also be loaded via the internal port.

3. Download the configuration to the SCALANCE S. Select the line of the SCALANCE S module in the right window pane of the SCT and click on Transfer to module.

1

2

3 4

8 VPN Tunnel Configuration 8.2 Configuration with the SCALANCE M874-3 WBM


S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. Start the transmission to SCALANCE S by pressing Start.

5. Create a directory where the configuration for the SCALANCE M874-3 of the S7-300 station is

stored. 6. Select the S7-300 module line in the right

window pane of the SCT and click on Transfer to module.

7. As a target directory you specify the just generated directory for the configuration files and

certificates. 8. Acknowledge the following dialog with Yes and assign a new password for the certificate. 9. Repeat steps no. 5-8 for the SCALANCE

M874-3 of the S7-1200 station. Save the certificates for the second station into a new directory as recommended. Otherwise the peer certificates with the same name are saved to the same directory and will be overwritten there.

10. In the target directory, the following data is stored for each SCALANCE M:

Peer certificate (.cer) Configuration file (.txt) PKCS12 file (.p12)

8.2 Configuration with the SCALANCE M874-3 WBM The configuration of the SCALANCE M is performed at the Webbased Manager of SCALANCE M. The certificates created with Security Configuration are required here (see chapter 8.1). Make the settings as described in the subchapters below:

8.2.1 Insert SIM card and log on to WBM

Table 8-5

No. Action Remarks

1. Switch off the voltage supply of the SCALANCE M874-3. 2. Then insert the SIM card into the slot on the

backside of the device. Please consider the Notes in the operating instructions, link \7\.

3. Switch on the power supply. The LED L on the SCALANCE M874-3 lights green.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. Set the IP address of the PG/PC to 192.168.1.100.

The IP address of the PG/PC must be located in the same network as the default IP address of the SCALANCE M874-3. According to the factory settings, the SCALANCE M874-3 has the address 192.168.1.1.

5. Connect the PC/PG with LAN port P1 of the SCALANCE M. 6. Start a browser and specify the IP address of SCALANCE M (192.168.1.1) as the address. 7. The Web Based Management (WBM) of

SCALANCE M is displayed.

If the Web Based Management of the SCALANCE M is not displayed, ensure that the requirements in chapter 3.1, link \9\ have been met.

8. Enter user name and password. Acknowledge the entry with Login and acknowledge the message with OK. The default settings are: User name: admin Password: admin

9. Assign a new password and acknowledge the

settings with Set Values.

8.2.2 Setting the access for the mobile radio network

Table 8-6

No. Action Remarks

1. Go to Interfaces > Mobile. 2. Activate the mobile radio interface via the

Enable Mobile Network Interface checkbox. Enter the PIN of the SIM card and acknowledge the settings with Set Values.

3. Go to the Operator tab.

When the APN for your SIM card is displayed in the list, make sure that the Enabled checkbox has been activated.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

4. When the APN for your SIM card is not displayed in the list, activate the Manual APN and enter the APN for your mobile service provider.

PIN and APN are available in the documents of your mobile service provider.

5. Confirm the setting by selecting Set Values. The LEDs L and SC on the SCALANCE M874-3 light green.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

8.2.3 Configuring the IP address

Table 8-7

No. Action Remarks

1. Go to System > Agent IP. 2. Enter a new IP address for the SCALANCE M

of the S7-300 station. (See Table 8-1). Confirm the setting by selecting Set Values.

3. Set the IP address of the PG/PC to

192.168.0.100. (see Remarks) The IP address of the PG/PC must be located in the same network as the default IP address of the SCALANCE M874-3.

4. Enter the new IP address of the SCALANCE M in your browser and log on to the WBM.

8.2.4 Set system time

Table 8-8

No. Action Remarks

1. Go to System > System time. 2. Click on Use PC time and acknowledge the

settings with Set Values.

3. Go to the NTP Client tab.

Activate the NTP Client checkbox to activate the automatic time synchronization via NTP. (see picture in step 8)

4. In the Time Zone field you specify your used time in the format "+/- HH:MM".

The time zone refers to UTC standard world time. Settings for summer or winter time are taken into account when you specify the time offset in this field.

5. Enter the IP address of the NTP server. 6. Enter the port of the NTP server. 7. Here you enter the time interval between two time requests. In this field you specify the poll

interval in seconds.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

8. Confirm the setting by selecting Set Values.

8.2.5 VPN tunnel configuration

On the M874, the correct time has been set. The required certificates have been saved on the PC in the last chapter and a password has been assigned for the private key. The information required for the configuration of the VPN tunnels are available in the .txt-file which you have created in chapter 8.1.3. .txt-file for the S7300 station SCALANCE M 874-x

{

Configuration of SCALANCE M 874-x: S7-300

--------------------------------------------------------------------------------

S7-300 in connection with S612

Download certificates (Table 8-9) Go to System -> Load&Save -> Passwords and store the Certificate-Password in IPSecCert row.

Go to System -> Load&Save -> HTTP and use IPSecCert row to upload the following files:

Configuration [email protected]

Configuration 1.Group1.S612.cer

VPN peer configuration (Table 8-10) ..Go to Security -> IPSecVPN -> Remote End

Create a new table item with the following information:

Remote Mode: Standard

Remote Type: manual

Remote Address: 91.19.6.84

Remote Subnet: 192.168.3.0/24

VPN connection configuration (Table 8-11) Go to Security -> IPSecVPN -> Connections

Create a new table item with the following information:



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

Keying Protocol: IKEv1

Remote End: choose the Remote End you created

Local Subnet: 192.168.0.0/24

VPN authentication configuration (Table 8-12) Go to Security -> IPSecVPN -> Authentication

Set for your connection the following values:

Authentication: Remote Cert

Local Certificate: Configuration [email protected]_Cert.pem

Local ID: U91C0BB08@GA27A

Remote Certificate: Configuration 1.Group1.S612.cer

Remote ID: UF58CB8E6@GA27A

Phase 1 and phase 2 configuration (Table 8-13) Go to Security -> IPSecVPN -> Phase 1

Encryption: 3DES168

Authentication: SHA1

DH-Group: Group2

Keying Tries: 0 (=infinite)

Lifetime [min]: 1440

DPD: restart

DPD Delay [sec]: default

DPD Timeout [sec]: default

Aggressive Mode: No

Go to Security -> IPSecVPN -> Phase 2

Encryption: 3DES168

Authentication: SHA1

Lifetime [min]: 1440

Lifebytes: 0

Establish and activate VPN connection (Table 8-14) Go to Security -> IPSecVPN -> Connections

Operation: start

Go to Security -> IPSecVPN -> General

Check Activate IPSec VPN

}

Download certificates Table 8-9

No. Action Remarks

1. Open the .txt-file which you have created for the S7-300 station in chapter 8.1.3. 2. Go to System > Load & Save and switch to the Passwords tab.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

No. Action Remarks

3. Enter the password you have defined for the PKCS12 file in chapter 8.1.3. Activate the Enabled checkbox and acknowledge the settings with Set Values.

4. Switch to the HTTP tab.

At Type IPSecCert, you click on Load to load the files .cer and .p12 individually.

5. Go to Security > IPSec VPN > Certificates. Check whether the loaded certificates have the

status "valid".



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

VPN peer configuration Table 8-10

No. Action Remarks

1. Go to the Remote End tab. 2. Assign a name for the VPN peer, e.g. S612 and acknowledge with Create.

3. Enter the data of the .txt-file (section VPN peer configuration), as in the picture.

Confirm the setting by selecting Set Values.

VPN connection configuration Table 8-11

No. Action Remarks

1. Switch to the Connections tab. 2. Assign a name for the VPN connection and acknowledge with Create. 3. Configure the VPN connection using the data of the .txt-file (section VPN connection

configuration), as in the picture. In the Remote End field you select the VPN peer you have created in Table 8-10.

Confirm the setting by selecting Set Values.



S

iem

ens

AG 2

014

All r

ight

s re

serv

ed

VPN authentication configuration Table 8-12

No. Action Remarks

1. Go to the Authentication tab. 2. Select Remote Cert option in the Authentication field. (see picture in step no.5) 3. In the Local Certificate field and the Remote Certificate field you select the certificates which

are offered for selection. (You have loaded these certificates in Table 8-9) 4. Copy the Remote ID from the .txt-file (section VPN authentication configuration) and enter it in

the respective field. 5. Confirm the setting by selecting Set Values.

Phase 1 and phase 2 configuration Table 8-13

No. Action Remarks

1. Switch to the Phase 1 tab.

2. Configure phase 1 using the data of the .txt-file (section Phase 1 and phase 2 configuration), as

in the picture.

Confirm the setting by selecti

Documents

87447188 DNP3 Telecontrol v10 e