Siemens S7-400 Equipment Manual
  1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Controller
  5. Simatic S7-400
  6. Equipment manual

Siemens S7-400 Equipment Manual

Simatic net industrial ethernet
Hide thumbs Also See for S7-400:
Table of Contents

Advertisement

Quick Links

Download this manual
CP 443-1 Advanced
SIMATIC NET
S7-400 - Industrial Ethernet
CP 443-1 Advanced
Equipment Manual
Manual Part B
03/2023
C79000-G8976-C256-07
Preface
Properties and services
Performance data
Requirements for use
LEDs
Installation, connection,
commissioning, removal
Configuration and
operation
Diagnostics and upkeep
Technical specifications
Approvals
Documentation references
1
2
3
4
5
6
7
8
9
A

Advertisement

Table of Contents
loading

Related Manuals for Siemens S7-400

Summary of Contents for Siemens S7-400

  • Page 1 CP 443-1 Advanced Preface Properties and services SIMATIC NET Performance data Requirements for use S7-400 - Industrial Ethernet CP 443-1 Advanced LEDs Installation, connection, commissioning, removal Equipment Manual Configuration and operation Diagnostics and upkeep Technical specifications Approvals Documentation references Manual Part B...
  • Page 2 Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.

  • Page 3: Preface

    Preface Legend: X = placeholder for hardware product version CPLUG (at rear) Firmware version LEDs Gigabit interface: 1 x 8-pin RJ-45 jack Security function: The padlock symbol identifies the interface to the external subnet. PROFINET interface: 4 x 8-pin RJ-45 jack Security function: Interface to the internal, protected subnet Printed text of MAC addresses of the interface Figure 1...
  • Page 4 This edition of the manual no longer contains information on PROFINET CBA / S7-Beans / Applets. If you require information on these topics, please refer to the 06/2021 edition of the manual, which is available on the following Siemens Industry Online Support page: Link: (https://support.industry.siemens.com/cs/ww/en/view/59187252) Replaced manual edition Edition 06/2021 New functions of the firmware V3.2.17:...
  • Page 5 Preface Notes on this document Product names/abbreviations • CP In this document, the term "CP" is also used instead of the full product name CP 443-1 Advanced. • EX11 / EX41 / GX20 / GX30 The abbreviations used in this manual for the modules (for example "GX20" or "EX41") correspond to the last four characters of the mid-section of the article number of the respective module.
  • Page 6 You will find license conditions in the following document on the supplied data medium: • OSS_CP4431_99.pdf Firmware The firmware is signed and encrypted. This ensures that only firmware created by Siemens can be downloaded to the device. CP 443-1 Advanced...
  • Page 7 Therefore, Siemens can no longer ensure that the firmware/software does not contain any known security-critical vulnerabilities. Siemens will provide software updates for the CP until the official end of the software support (date not yet known). This entails examining new vulnerabilities that could also affect the CP, correcting such vulnerabilities and/or providing instructions on how to eliminate or mitigate the vulnerabilities.
  • Page 8 Feed under Link: (https://www.siemens.com/cert) SIMATIC NET glossary The SIMATIC NET glossary describes terms that may be used in this document. You will find the SIMATIC NET glossary in the Siemens Industry Online Support at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/view/50305045) Decommissioning Shut down the device properly to prevent unauthorized persons from accessing confidential data in the device memory.

  • Page 9: Table Of Contents

    Table of contents Preface ..............................3 Properties and services ........................13 Properties of the CP......................13 Enhanced functions ......................14 Communication services ....................15 Further services and characteristics of the CP..............17 Performance data ..........................21 General characteristic data ....................21 Characteristics of S7 communication ..................
  • Page 10 Table of contents Commissioning ........................48 5.4.1 Commissioning ........................48 5.4.2 CPLUG (configuration plug)....................49 5.4.3 Controlling the mode ......................51 Disassembly ........................51 Configuration and operation ....................... 53 Security recommendations....................53 Controlling the mode ......................56 Effects of protection levels ....................57 Configuration in STEP 7......................
  • Page 11 Table of contents 6.11 Time-of-day synchronization ....................74 6.12 SNMP..........................75 6.13 Ping: Permitted length of ICMP packets ................77 6.14 Use in the H system ......................77 6.15 H-connections over VPN ..................... 78 Diagnostics and upkeep........................81 Diagnostics ........................81 7.1.1 Diagnostics options ......................
  • Page 12 Table of contents CP 443-1 Advanced Equipment Manual, 03/2023, C79000-G8976-C256-07...

  • Page 13: Properties And Services

    Properties of the CP Application The CP is intended for use in an S7-400 or S7400H (high availability) automation system. It allows the S7400 / S7400H to be connected to Industrial Ethernet. For information on the special features of tunneled H-connections, see section H-connections over VPN (Page 78).

  • Page 14: Enhanced Functions

    • Read out service data (via the online functions of STEP 7 Professional) • Load firmware via the CPU You can find details on other firmware versions on the Siemens Industry Online Support pages. Refer to the preface for the link.

  • Page 15: Communication Services

    Properties and services 1.3 Communication services • PROFINET IO – IRT with the option "high performance" – Full PROFINET IO diagnostics on the gigabit interface – Full PROFINET IO diagnostics on all interfaces also in the expansion rack • Use in fault-tolerant systems (H systems) is also possible on the gigabit interface. Expansions on the interface to the user program •...
  • Page 16 – FETCH/WRITE services (server services; corresponding to S5 protocol) via ISO transport connections, ISO-on-TCP connections and TCP connections; Here, the SIMATIC S7-400 with the CP is always the server (passive connection establishment) while the read or write access (client function with active connection establishment) is always initiated by a SIMATIC S5 or a third-party device / PC.

  • Page 17: Further Services And Characteristics Of The Cp

    Properties and services 1.4 Further services and characteristics of the CP – FTP FTP functions (File Transfer Protocol) for file management and access to data blocks in the CPU (client and server functions) – E-mail Sending e-mail via SMTP or ESMTP. The CP supports t SMTP-Auth for authentication on an email server and STARTTLS.
  • Page 18 Properties and services 1.4 Further services and characteristics of the CP • Media redundancy Within an Ethernet network with a ring topology, the CP supports the media redundancy protocol MRP. You can assign the role of redundancy manager to the CP. •...
  • Page 19 Properties and services 1.4 Further services and characteristics of the CP • IP configuration For the PROFINET interface and the gigabit interface, you can configure how and with which method the CP is assigned the IP address, the subnet mask and the address of a gateway.
  • Page 20 Properties and services 1.4 Further services and characteristics of the CP • Detection of double IP addressing in the network To save you timeconsuming troubleshooting in the network, the CP detects double addressing in the network. The reaction of the CP when double addressing is detected varies as follows: Characteristics of the PROFINET interface –...

  • Page 21: Performance Data

    Measured values of transmission and reaction times in Ethernet, PROFIBUS and PROFINET networks for a series of configurations can be found on the Internet at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/view/25209605) General characteristic data Note that the maximum configuration limits of the CP also depend on the CPU type used.

  • Page 22: Characteristics Of S7 Communication

    Performance data 2.2 Characteristics of S7 communication Characteristics of S7 communication S7 communication provides data transfer via the ISO Transport or ISO-on-TCP protocols. Characteristic Explanation / values Total number of S7 connections on Industrial 128 max., Ethernet of those max. 62 H connections LAN interface - data field length generated by CP per protocol data unit •...
  • Page 23 Performance data 2.3 SEND/RECEIVE interface Characteristic Explanation / values Maximum data length for AG_SEND and AG_SEND and AG_RECV were shipped with predecessors of the CP and AG_RECV program blocks allow the transfer of user data with a length from 1 to 240 bytes. The version of the CP described here continues to support these blocks.

  • Page 24: Number Of Simultaneous Send/Receive Calls

    Performance data 2.3 SEND/RECEIVE interface • UDP frame buffering Length of the frame buffer with buffering enabled: 2 KB Note: Following a buffer overflow, newly arriving frames are discarded. 2.3.2 Number of simultaneous SEND/RECEIVE calls The number of SEND/RECEIVE calls that can be used at the same time is limited both by the CPU and by the CP.

  • Page 25: Characteristics Of Open Tcp/Ip Communication

    Performance data 2.4 Characteristics of open TCP/IP communication Table 2- 1 Dependency of the maximum number of RECEIVE calls long (AG_LRECV FC60) used at the same time on the number of SEND calls (CPU 412/414) Number of simultaneous 3, 4 8, 9 SEND calls Max.

  • Page 26: Characteristic Data For Profinet Io

    Performance data 2.5 Characteristic data for PROFINET IO Characteristic data for PROFINET IO PROFINET IO communication of the CP is IRTcompliant. The CP supports the following maximum configuration as a PROFINET IO controller: Characteristic Explanation / values Number of CPs that can be operated as PROFINET IO controllers within an S7400 station Number of possible PROFINET IO devices , of which...

  • Page 27: Characteristic Data For Ftp / Ftps Mode

    Performance data 2.7 Characteristic data for FTP / FTPS mode Authentication The CP supports the following authentication methods: • PLAIN • LOGIN • CRAM-MD5 • DIGEST-MD5 For more detailed information, refer to the manual /2/ (Page 103). If your service provider requires authentication, you need to import the certificate you received from your service provider into the CP to authenticate the CP with the server.

  • Page 28: Characteristic Data Of Tcp Connections For Http / Https

    Performance data 2.8 Characteristic data of TCP connections for HTTP / HTTPS Older program blocks for FTP client mode The program blocks used in the predecessor modules for FTP transfer can continue to be used. • FTP_CONNECT, FTP_STORE, FTP_RECTRIEVE, FTP_DELETE, FTP_QUIT Restriction: FTPS mode is not possible with these program blocks even when the security functions are enabled..

  • Page 29: Characteristic Data Of The Integrated 4Port Switch

    Performance data 2.10 Characteristic data of the integrated 4port switch Meaning of the memory areas • Flash area in the CPLUG (nonvolatile memory): The flash area allows data to be stored and retained if there is a power down. Note The flash area of the file system allows a limited number of write cycles (approximately 100 000).
  • Page 30 Performance data 2.10 Characteristic data of the integrated 4port switch The switch monitors the age of the learned addresses. Addresses that exceed the "aging time" are deleted. The aging time is 5 minutes. Ports can be deactivated individually The ports of the switch integrated in the CP can be deactivated individually in STEP 7 in the "Port parameters"...

  • Page 31: Requirements For Use

    The number of CPs operating as PROFINET IO controllers depends on the number of CP 443-5 Extended modules operating as DP masters in the S7-400 station. A total of 10 CPs can be operated as controllers for the distributed I/O (PROFINET IO controllers or DP masters);...
  • Page 32 Requirements for use 3.2 System environment Restrictions for CPUs with older firmware versions • With CPUs with firmware version V4.1, the CP only has the range of functions of the predecessor module CP 443-1 Advanced (6GK7 443-1EX41-0XE0). • The use of the program blocks AG_SSEND (FC53) and AG_SRECV (FC63) is only possible with CPUs as of firmware version V5.1.
  • Page 33 Requirements for use 3.2 System environment Article number of As of CPU a = multiprocessor mode the CPU: 6ES7... firmware b = number of operable CPs version c = CPU resources for SEND/RECEIVE jobs d = LOCK/UNLOCK e = PROFINET IO CPU 414-3 ..414-3EM06-0AB0 as of V6.0.2...

  • Page 34: Project Engineering

    Requirements for use 3.3 Project engineering Article number of As of CPU a = multiprocessor mode the CPU: 6ES7... firmware b = number of operable CPs version c = CPU resources for SEND/RECEIVE jobs d = LOCK/UNLOCK e = PROFINET IO CPU 410-5H ..410-5HX08-0AB0 As of V8.0.x...

  • Page 35: Softnet Security Client For Vpn Tunnels With Pcs

    * You can find the HSP at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/view/23183356) ** You will find the SCT on the STEP 7 DVD. *** You can find updates of the program block library at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/ps/15353/dl)
  • Page 36 Using current block versions We recommend that you always use the latest block versions for all module types. You will find the current blocks to download from the Internet in Siemens Industry Online Support at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/ps/15335/dl) With older module types, this recommendation assumes that you are using the latest firmware for the particular module type.

  • Page 37: Leds

    LEDs LED display The following LEDs on the front panel show the operating and communication status of the Figure 4-1 LEDs front panel CP 443-1 Advanced The LEDs have the following meaning: • INTF: Internal error • EXTF: External error •...
  • Page 38 LEDs Table 4- 2 Meaning of the LED displays INTF EXTF BUSxF STOP MAINT CP operating mode (red) (red) (red) (green) (yellow) (yellow) Starting up (STOP->RUN) • Temporary LED pattern during startup (a few seconds) • With permanent LED pattern: Hardware fault in the CP Running (RUN) Stopping (RUN->STOP)
  • Page 39 LEDs INTF EXTF BUSxF STOP MAINT CP operating mode (red) (red) (red) (green) (yellow) (yellow) • The gigabit interface is networked in STEP 7 but no Ethernet cable is connected. • A duplicate IP address was detected after the CP was in RUN. •...
  • Page 40 LEDs CP communications status / LED display patterns Display Meaning TXD (green) CP sending over Ethernet. Note: Sending over PROFINET IO is not signaled here. RXD (green) CP is receiving over Ethernet. Note: Receiving over PROFINET IO is not signaled here. X1P1 Port has no connection over Ethernet.

  • Page 41: Installation, Connection, Commissioning, Removal

    Installation, connection, commissioning, removal Important notes on using the device The following safety notices must be adhered to when setting up and operating the device and during all associated work such as installing, connecting, replacing or removing devices. 5.1.1 Notices on use in hazardous areas WARNING The device may only be operated in an environment with pollution degree 1 or 2 as described in EN/IEC 60664-1, GB/T 16935.1.

  • Page 42: Notes On Use In Hazardous Areas According To Ul Hazloc / Fm

    Installation, connection, commissioning, removal 5.1 Important notes on using the device WARNING Suitable cables at high ambient temperatures in hazardous area Use heat-resistant cables with an ambient temperature ≥ 60 °C; these cables must be rated for an ambient temperature that is at least 20 °C higher. The cable entries used on the housing must comply with the IP degree of protection required by EN IEC 60079-0 / GB 3836.1.

  • Page 43: Installation, Removal And Repairs In Hazardous Areas

    Installation, connection, commissioning, removal 5.2 Installation, removal and repairs in hazardous areas WARNING EXPLOSION HAZARD The equipment is intended to be installed within an ultimate enclosure. The inner service temperature of the enclosure corresponds to the ambient temperature of the module. Use installation wiring connections with admitted maximum operating temperature of at least 30 ºC higher than maximum ambient temperature.

  • Page 44: Installing And Connecting

    • Observe the device approvals applicable for your country. WARNING Unauthorized repair of devices in explosion-proof design Risk of explosion in hazardous areas • Repair work may only be performed by personnel authorized by Siemens. Installing and connecting NOTICE Improper mounting Improper mounting may damage the device or impair its operation.
  • Page 45 Installation, connection, commissioning, removal 5.3 Installing and connecting WARNING Open equipment The devices are "open equipment" acc. to the standard IEC 61010-2-201 or UL 61010-2-201 / CSA C22.2 No. 61010-2-201. To fulfill requirements for safe operation with regard to mechanical stability, flame retardation, stability, and protection against contact, the following alternative types of installation are specified: •...
  • Page 46 Installation, connection, commissioning, removal 5.3 Installing and connecting Installing and connecting up the CP The steps for installing and connecting up the CP are explained below. 1. Turn off the power supply when you have configured the CP for PROFINET IO communication.
  • Page 47 Installation, connection, commissioning, removal 5.3 Installing and connecting Note Autocrossing mechanism - effects on the connections For small local area networks or for connecting several Ethernet devices, a 4port switch has been integrated in the CP 443-1 Advanced. With the autocrossing mechanism integrated in the switch, it is possible to use a standard cable to connect the PG/PC.

  • Page 48: 5.4 Commissioning

    Result: The CP is reachable in the network and has been supplied with configuration data. Follow the steps outlined below: 1. Download the configuration data from your STEP 7 project to the S7-400 station. Requirement: You have configured the CP in a STEP 7 project for the properties and services you want to use.

  • Page 49: Cp 4431 Advanced

    Installation, connection, commissioning, removal 5.4 Commissioning 5.4.2 CPLUG (configuration plug) Exchangeable C-PLUG The CP has an exchangeable configuration plug (CPLUG). This can store up to 32 MB of data in nonvolatile memory. • The retentive parameters include: – IP address and IP parameters –...
  • Page 50 Installation, connection, commissioning, removal 5.4 Commissioning Removing the C-PLUG Remove the C-PLUG from the compartment using a screwdriver. Figure 5-3 Removing the C-PLUG It is only necessary to remove the C-PLUG if a fault occurs on the CP. Function If the C-PLUG has not been written to (factory status), when the device starts up all configuration data of the CP is automatically backed up.

  • Page 51: Controlling The Mode

    Installation, connection, commissioning, removal 5.5 Disassembly 5.4.3 Controlling the mode You can change the mode of the CP between RUN and STOP using the STEP 7 configuration software or using STEP 7 special diagnostics. Change from STOP to RUN: The CP loads configured and/or downloaded data into the work memory and then changes to RUN mode.
  • Page 52 Installation, connection, commissioning, removal 5.5 Disassembly CP 443-1 Advanced Equipment Manual, 03/2023, C79000-G8976-C256-07...

  • Page 53: Configuration And Operation

    • Do not connect the device directly to the Internet. Operate the device within a protected network area. • Check the Siemens Web pages regularly for the latest information. – You can find information on Industrial Security here: Link: (http://www.siemens.com/industrialsecurity) –...
  • Page 54 Configuration and operation 6.1 Security recommendations • Protection levels Configure access to the CPU under "Protection". • Leave access to the Web server of the CPU (CPU configuration) and to the Web server of the CP disabled. • Logging function Enable the function in the security configuration and check the logged events regularly for unauthorized access.
  • Page 55 Configuration and operation 6.1 Security recommendations Certificates and keys • Use a certification authority including key revocation and management to sign certificates. • Make sure that user-defined private keys are protected and inaccessible to unauthorized persons. • It is recommended that you use password-protected certificates in the PKCS #12 format. •...

  • Page 56: Controlling The Mode

    Configuration and operation 6.2 Controlling the mode • Default port status – Open The port is open at the start of the configuration. – Closed The port is closed at the start of the configuration. • Configurable port – ✓ The port can be configured.

  • Page 57: Effects Of Protection Levels

    Configuration and operation 6.3 Effects of protection levels Change from RUN to STOP: The CP changes to STOP (transitional phase with LED display "Stopping"). The reaction is as follows in STOP: • Established connections (ISO transport, ISOonTCP, TCP, UDP connections) are terminated. •...

  • Page 58: Configuration In Step 7

    Configuration and operation 6.4 Configuration in STEP 7 Protection levels of the CPU If you configure a protection level ≥ 2 in the configuration of the CPU ("Options” tab), this has the following effects on the operation of the CP: •...

  • Page 59: Interface Configuration

    Configuration and operation 6.5 Interface configuration Interface configuration 6.5.1 Network settings 6.5.1.1 IP address assignment and communications path Networking the gigabit interface and PROFINET interface If the communications partner can be reached via the PROFINET interface and a router, you should not network the gigabit interface with the subnet of the communications partner at the same time.
  • Page 60 Configuration and operation 6.5 Interface configuration Automatic setting or individual network settings As default, the CP is configured for automatic detection (autosensing). Note In normal situations, the basic setting ensures troublefree communication. You should only change this in exceptional situations. If you create a manual configuration for the CP and disable the autonegotiation option, the automatic negotiation of the network settings (autonegotiation) is no longer effective.

  • Page 61: Transmission Speed Of The Gigabit Interface

    Configuration and operation 6.5 Interface configuration Further notes: • 10/100 Mbps network components without "autonegotiation" If you use 10/100 Mbps network components that do not support "Autonegotiation", it is possible that you will have to set the mode manually. • Forcing a specific mode instead of "Automatic settings" If your application requires a specific mode instead of the automatic settings, you will need to match up the partner devices.

  • Page 62: Ip Configuration And Dhcp

    Configuration and operation 6.5 Interface configuration 6.5.2 IP configuration and DHCP 6.5.2.1 S7 connections and DHCP Configured S7 connections cannot be operated if the IP address is assigned over DHCP Note If you obtain the IP address using DHCP, any S7 connections you may have configured will not work.

  • Page 63: Unused Profinet Interface Without Bus2F Indicator

    Configuration and operation 6.6 Port configuration with redundant partners 6.5.3 Unused PROFINET interface without BUS2F indicator BUS2F display for a PROFINET interface that is not connected If no cable is connected to any port of the PROFINET interface, with a networked PROFINET interface in the configuration this causes the "BUS2F"...

  • Page 64: Profinet Io Mode

    Configuration and operation 6.7 PROFINET IO mode PROFINET IO mode 6.7.1 How PROFINET IO devices start up in a large configuration When operating the module with a large configuration (up to 128 communications connections and up to 128 PROFINET IO devices), it may take several minutes when the station starts up before all PROFINET IO devices have received configuration data from the PROFINET IO controller.

  • Page 65: Irt Communication: Types Of Synchronization

    Configuration and operation 6.7 PROFINET IO mode There is a significant improvement in speed even in the following situations: • Applications that generally require a fast start-up time for the IO devices after turning on the power or following station failure/station return. •...

  • Page 66: Operating Profinet Io Devices With A Current Firmware Version

    • IM151-3PN with article number 6ES7151-3AA20-0AB0 • IM151-3PN with article number 6ES7151-3BA20-0AB0 You will find the current firmware versions on the Internet at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/ps/14081/dl) 6.7.6 Shared device - using the router address Shared devices allow more than one PROFINET IO controller to access different submodules of the same PROFINET IO device.

  • Page 67: Media Redundancy

    Configuration and operation 6.8 Media redundancy Remedy The IO device being used as a shared device will only take part in data exchange if the higher- level I/O controllers are configured identically in terms of using routers. You should therefore configure the PROFINET interfaces on the other IO controllers as follows: •...

  • Page 68: Programmed Communication Connections With Ip_Config

    Configuration and operation 6.9 Interface in the user program 6.9.2 Programmed communication connections with IP_CONFIG Downloading the configuration using FB55 FB55 allows programcontrolled transfer of the configuration data. Note If the CP is in STOP mode and the configuration is downloaded using FB55, the CP then changes automatically to RUN.

  • Page 69: Programmed Communications Connections - Assigning Parameters To The Ports

    Configuration and operation 6.9 Interface in the user program 6.9.4 Programmed communications connections - assigning parameters to the ports The CP supports the following settings when assigning parameters to the ports in the parameter block for TCP connections and UDP connections: •...

  • Page 70: Recommendation For Use With A High Communications Load

    Configuration and operation 6.9 Interface in the user program Note: The TSAPs can be 2-16 bytes long. The first two bytes must be occupied as described, you can use the other bytes to suit your task. Note Note that the number of dynamically established connections also depends on the number of configured, statically established connections.

  • Page 71: Security

    Configuration and operation 6.10 Security 6.10 Security Note Restrictions of the security functions Refer to the notes in Preface (Page 3). 6.10.1 Settings for online security diagnostics and downloading to station with the firewall activated Note Additional services for online security diagnostics and download If you wish to use the "Online security diagnostics"...

  • Page 72: Using Vpn - Effects On Communication

    Configuration and operation 6.10 Security 6.10.2 Using VPN - effects on communication Communication via VPN tunnel Communication via a VPN tunnel reduces speed compared with communication outside a VPN tunnel. In mixed operation with S7 communication and connections of the open communications services (SEND/RECEIVE interface), remember that the CP handles the open communications services with higher priority.

  • Page 73: Security And Step 7 Special Diagnostics Activated - Configuration Activities Blocked

    Configuration and operation 6.10 Security You import the certificate using the certificate manager in STEP 7. Follow the steps outlined below: 1. Open the certificate manager. – STEP 7 V5 / SCT: "Options" > "Certificate manager...". – STEP 7 Professional: “Global security settings > Certificate manager” 2.

  • Page 74: Time-Of-Day Synchronization

    Configuration and operation 6.11 Time-of-day synchronization 6.11 Time-of-day synchronization General rules The CP supports the two modes explained below for timeofday synchronization: • SIMATIC mode • NTP / NTP (secure) The secure method NTP (secure) uses authentication with symmetrical keys according to the hash algorithms MD5 or SHA-1.

  • Page 75: Snmp

    Configuration and operation 6.12 SNMP 6.12 SNMP SNMP (Simple Network Management Protocol) SNMP is a protocol for managing networks. To transmit data, SNMP uses the connectionless UDP protocol. The information on the properties of SNMPcompliant devices is entered in MIB files (MIB = Management Information Base).
  • Page 76 Configuration and operation 6.12 SNMP Exceptions / restrictions: • Write access is permitted only for the following MIB objects of the system group: – sysContact – sysLocation – sysName A set sysName is sent as the host name using DHCP option 12 to the DHCP server to register with a DNS server.

  • Page 77: Ping: Permitted Length Of Icmp Packets

    If you use an SNMP tool, you will find the MIB files relevant to the CP in the STEP 7 installation in the following folder: <Drive>\<Installation folder>\Siemens\Step7\S7DATA\snmp\mib For the Automation System MIB, for example, these are the following files: • automationPS.mib •...

  • Page 78: H-Connections Over Vpn

    Configuration and operation 6.15 H-connections over VPN 6.15 H-connections over VPN Scope of services The CP does not support operation of fault-tolerant S7 connections (H-connections) within a VPN tunnel. A maximum of 10 fault-tolerant S7 connections are supported per CP. Restrictions The following restrictions apply to operation: •...
  • Page 79 Configuration and operation 6.15 H-connections over VPN Requirements • Software versions: – STEP 7 as of version V5.6 – Security Configuration Tool (SCT) as of Version V5.0 • S7-400H CPU firmware – H-CPU with firmware as of V4.5: V4.5.7 – H CPU with firmware as of V6.0: V6.0.8 –...
  • Page 80 Configuration and operation 6.15 H-connections over VPN • "Perfect Forward Secrecy" can be enabled. • All nodes of a VPN group must be able to reach one another. If you insert modules that are connected to different physical networks in a VPN group, the VPN group cannot be successfully established.

  • Page 81: Diagnostics And Upkeep

    Diagnostics and upkeep Diagnostics 7.1.1 Diagnostics options Overview of the Diagnostics options The following diagnostics options are available: • LEDs of the module For information on the LED displays, refer to the section LEDs (Page 37). • Web diagnostics For information on Web diagnostics using HTTP, refer to the section The CP as Web server (Page 82).

  • Page 82: Online Security Diagnostics Via Port 8448

    Diagnostics and upkeep 7.2 The CP as Web server Using the CP as an intermediary for diagnostics data If you only want to use the CP as an intermediary for diagnostics data of the station, as of firmware version 3.2 you can network only the gigabit interface and, for example, establish a VPN tunnel to a PC via this interface.

  • Page 83: Maintenance

    Diagnostics and upkeep 7.3 Maintenance Diagnostics buffer entries When supplied, diagnostics buffer entries shown on diagnostics pages are always in English. This is not influenced by the language selected for display of the Web pages. How to download other languages to the CP and further information about Web diagnostics can be found in the general Part A of this manual /2/ (Page 103).

  • Page 84: Replacing Older Modules: Module Replacement / Upgrading

    Diagnostics and upkeep 7.3 Maintenance 7.3.1 Replacing older modules: module replacement / upgrading Distinction When replacing existing modules with the module described here, the following variants must be distinguished: • Replacing a device Describes the situation when an existing module can be replaced with a new module simply by pulling/plugging without changing the configuration.
  • Page 85 Diagnostics and upkeep 7.3 Maintenance Upgrading The following predecessor products can be upgraded to the CP 443-1 Advanced (6GK7 443-1GX30-0XE0) described here: • CP 443-1 (6GK7 443-1EX20-0XE0) • CP 443-1 Advanced (6GK7 443-1EX40-0XE0) Module replacement with a CP 443-1 Advanced (GX20 / EX40 / EX41) Note the following procedure when replacing an older module (GX20, EX40 or EX41) with the new module (GX30): Step 1: Replacing the CP...

  • Page 86: Replacing Older Modules: Cps With Configurable Data Management

    Diagnostics and upkeep 7.3 Maintenance Note If you have been operating an EX40 with PROFINET communication, the EX40 can only be replaced with a GX30 if you are using a CPU as of firmware version 5.2 (see section System environment (Page 31)). In this case, you may need to adapt the configuration. 7.3.2 Replacing older modules: CPs with configurable data management Other older modules (GX11) can be replaced in different ways depending on the type of data...

  • Page 87: Replacing A Module Without A Programming Device

    Diagnostics and upkeep 7.3 Maintenance • Variant B: STEP 7 project unchanged If you do not want to use any of the new features, you can replace the module as follows without any further configuration: 1. Remove the module to be replaced from the rack. 2.

  • Page 88: Loading New Firmware

    Diagnostics and upkeep 7.3 Maintenance Note Reloaded IP access control list Entries entered later in the IP access control list by HTTP / HTTPS are not saved on the CPU. After a module has been replaced, previous entries that had been entered later must be reloaded in the IP access control list.
  • Page 89 Diagnostics and upkeep 7.3 Maintenance • The update center of the Web server You can reach the update center using Web diagnostics. The CP supports the storage of several firmware versions. Using the firmware load function in the update center, you can activate the required firmware version. Requirement: The "Firmware download via Web"...

  • Page 90: Memory Reset / Reset To Factory Defaults

    Diagnostics and upkeep 7.3 Maintenance What to do if a download is interrupted Disturbances or collisions on the network can lead to packets being lost. In such cases, this can lead to an interruption of the firmware download. The firmware loader then signals a timeout or negative response from the module being loaded.
  • Page 91 Diagnostics and upkeep 7.3 Maintenance How to use the functions You can start the memory reset functions in STEP 7. The CP must be in STOP. When you reset memory using special diagnostics, the CP is automatically changed to STOP. •...
  • Page 92 Diagnostics and upkeep 7.3 Maintenance Figure 7-1 Memory following a memory reset Reset to factory defaults - effects After resetting to factory defaults, the CP always retains the factory set MAC address (as supplied). The IP address and the configuration data in the CP RAM are deleted. The configuration data is retained on the CPU.
  • Page 93 Diagnostics and upkeep 7.3 Maintenance Figure 7-2 Memory after Reset to Factory Settings Security configuration data when running a memory reset in STEP 7 V5.5 The behavior of the configuration data for the security functions when memory is reset depends on the STEP 7 version used for the reset. •...
  • Page 94 Diagnostics and upkeep 7.3 Maintenance CP 443-1 Advanced Equipment Manual, 03/2023, C79000-G8976-C256-07...

  • Page 95: Technical Specifications

    Technical specifications Table 8- 1 Technical specifications of the CP 443-1 Advanced Technical specifications Article number 6GK7443-1GX30-0XE0 Connection to Industrial Ethernet Quantity 1 x gigabit interface 1 x PROFINET interface with 4port switch Design of gigabit interface Connector 1 x RJ-45 jacks Transmission speed 10/100/1000 Mbps Design of PROFINET interface (4port...
  • Page 96 Technical specifications Technical specifications Design, dimensions and weight Module format Compact module for S7-400, single width Degree of protection IP20 Weight Approx. 700 g Dimensions (W x H x D) 25 x 290 x 210 mm Installation options Mounting in an S7-400 rack...

  • Page 97: Approvals

    You will find the declarations of conformity listed below and certificates of the product on the Internet at the following address: Link: (https://support.industry.siemens.com/cs/ww/en/ps/15353/cert) You can see the current versions of the standards in the relevant certificate, which you will find on the Internet at the address specified above.
  • Page 98 Directive of the European Parliament and of the Council of 8 June 2011 on the restriction of the use of certain hazardous substances in electrical and electronic equipment UK Declaration of Conformity Importer UK: Siemens plc Sir William Siemens House Princess Road Manchester M20 2UR The product meets the requirements of the following regulations: •...
  • Page 99 • EN IEC 60079-0 - Explosive atmospheres - Part 0: Equipment - General requirements • EN 60079-7 - Explosive Atmospheres - Part 7: Equipment protection by increased safety 'e' Importer UK: Siemens plc (see above) CCC-Ex Classification: Ex ec IIC T4 Gc The product meets the requirements of the following standards: •...
  • Page 100 Approvals RoHS The CP meets the requirements of the following directives: • EU directive 2011/65/EU on the restriction of the use of certain hazardous substances in electrical and electronic equipment. • SI 2012/3032 The Restriction of the Use of Certain Hazardous Substances in Electrical and Electronic Equipment Regulations 2012 Applied standard: EN IEC 63000 c(UL)us...
  • Page 101 SIMATIC NET products are regularly submitted to the relevant authorities and approval centers for approvals relating to specific markets and applications. If you require a list of the current approvals for individual devices, consult your Siemens contact or check the Internet pages of Siemens Industry Online Support: Link: (https://support.industry.siemens.com/cs/ww/en/ps/15351/cert)
  • Page 102 Approvals CP 443-1 Advanced Equipment Manual, 03/2023, C79000-G8976-C256-07...

  • Page 103: Documentation References

    • Documentation in the STEP 7 V5 installation Manuals that are included in the online documentation of the STEP 7 installation on your PG/PC can be found in the start menu ("Start" > "All Programs" > "Siemens Automation" > "Documentation").
  • Page 104 Link: (https://support.industry.siemens.com/cs/ww/en/view/109773062) SIMATIC NET Diagnostics and configuration with SNMP Diagnostics manual Siemens AG Link: (https://support.industry.siemens.com/cs/ww/en/ps/15392/man) SIMATIC S7 Automation System S7-400, M7-400 Siemens AG • Installation: Installation manual Link: (https://support.industry.siemens.com/cs/ww/en/view/1117849) • Module Data: Reference Manual Link: (https://support.industry.siemens.com/cs/ww/en/view/19539653) • CPU data: Device Manual Link: (https://support.industry.siemens.com/cs/ww/en/view/53385241)
  • Page 105 Documentation references A.2 For configuration and programming with STEP 7 / NCM S7 SIMATIC Programming with STEP 7 Siemens AG (Part of the STEP 7 documentation package STEP 7 Basic Knowledge) (Part of the online documentation in STEP 7) Link: (https://support.industry.siemens.com/cs/ww/en/view/18652056)
  • Page 106 A.3 On program blocks On program blocks /14/ SIMATIC NET Program blocks for SIMATIC NET S7 CPs Programming Manual Siemens AG Link: (https://support.industry.siemens.com/cs/ww/en/view/62543517) /15/ SIMATIC NET Version history of the SIMATIC NET program blocks for S7 CPs Reference manual Siemens AG Link: (https://support.industry.siemens.com/cs/ww/en/view/109474421)

  • Page 107: Index

    Index Abbreviations, 5 Port 8448, 82 PROFINET CBA Documentation, 4 Beans / Applets Documentation, 4 Recycling, 8 Redundancy, 63 Router address, 66 Change from RUN to STOP, 51 Change from STOP to RUN, 51 Controlling the mode, 51 C-PLUG, 49 Security diagnostics, 82 Service &...

This manual is also suitable for:

Cp 443-1 advanced

Table of Contents