SIEMENS
2/535
Siemens IK PI · 2015
PROFINET/Industrial Ethernet
Communication for SIMATIC S7-1500
CP 1543-1
2
■
Overview
The SIMATIC CP 1543-1 communications processor securely
connects the new SIMATIC S7-1500 controller to Industrial
Ethernet networks. By combining a variety of security features
such as an SPI (Stateful Packet Inspection) firewall, VPN and
data encryption protocols such as FTPS and SNMPv3, the
communications processor protects individual S7-1500 stations
or even entire automation cells against unauthorized access.
The CP can also be used for linking the S7-1500 station into an
IPv6-based network. All functions are configured by means of
STEP 7 Professional V12 (TIA Portal) or higher.
The CP 1543-1 supports the following communications services:
•
PG/OP communication
•
S7 communication
•
Open communication (SEND/RECEIVE, FETCH/WRITE)
•
IT communication
- FTP functions (File Transfer Protocol FTP/FTPS) for file
management and access to data blocks in the CPU
(client and server function)
- Sending e-mails via SMTP or ESMTP with "SMTP-Auth" for
authentication on an e-mail server (also with IPv6)
•
Security functions
- Stateful Packet Inspection (layers 3 and 4) firewall
- Secure communication via VPN (IPsec)
- Secure access to the Web server of the CPU via the HTTPS
protocol
- Secure file transfer using FTPS
- Secure transfer of the time of day (NTP)
- SNMPv3 for tap-proof transfer of network analysis infor-
mation
•
Integration of the S7-1500 into IPv6-based networks;
An IPv6-compliant IP address can be used for the following
communication services:
- FETCH/WRITE access (CP as server)
- FTP server mode
- FTP client mode with addressing by program block
- E-mail transfer with addressing by program block
■
Benefits
•
Reachability of the SIMATIC S7-1500 station from an
IPv6-based infrastructure
•
Optimum support of maintenance due to
- Simple diagnostics via the central Web server
- Remote programming via LAN
- Monitoring with IT network management tools (SNMP)
- Module replacement without a PG
•
Securing the system against unauthorized access with
- Central access protection for any S7 station
- Secure access to the central Web server
•
Network separation for setting up identical machines with the
same IP address
•
Simple alerting by e-mail and transfer of production data to
master computer using FTP
•
Protection of investment thanks to simple integration of the
SIMATIC S7-1500 system in existing networks with
SIMATIC S7-300 / S7-400 / S5 via Industrial Ethernet using
the CP 1543-1
■
Application
The CP 1543-1 is used to connect the SIMATIC S7-1500 to
Industrial Ethernet networks. With its own processor, it relieves
the CPU of communications tasks and facilitates additional
connections.
The CP 1543-1 provides communication options with:
• PGs/PCs,
•
master computers
•
operator control and monitoring systems,
•
other SIMATIC S5/S7 systems.
This can be used to protect the SIMATIC S7-1500 from unauthor-
ized access from an Ethernet network. The CP 1543-1 allows
safe remote access via a LAN and allows data transfer between
devices or network segments to be protected from data
manipulation/espionage.
G_IK10_XX_10353
S7/S5
PG/OP
IP-R
IT
MRP
PN
TCP/
UDP
ISO
© Siemens AG 2014