Obsidean_VM/.obsidian/plugins/text-extractor/cache/5103893b6395c63a5d1a53bc2341be47.json

{"path":"01-Documentation/SIEMENS & WINCC/PLC Siemens/adjuntos/STEP 7 and WinCC Engineering V18 - IP forwarding.pdf","text":"IP forwarding Forwarding of IP packets with IP forwarding IP forwarding is a function of devices to forward IP packets between two connected IP subnets. Enable/disable the IP forwarding function in STEP 7. When IP forwarding is enabled, the S7‑1500 CPU forwards received IP packets not addressed to the CPU to locally connected IP subnets or to a configured router. The following figure shows how a programming device accesses data of an HMI device. Programming device and HMI device are located in different IP subnets. The IP subnets are connected to the two interfaces X1 and X2 of the CPU. Figure 1 Access of a programming device to an HMI via IP forwarding Areas of application • Easy access from the control level to the field level for configuration and parameter assignment of field devices, e.g. via PDM or web browser • Simplified integration of devices for remote access, e.g. for diagnostics during remote maintenance or firmware update Requirements for using IP forwarding • S7‑1500 CPU as of firmware version V2.8 • Number of Ethernet interfaces: ― The CPU has at least two Ethernet interfaces. ― Or the CPU has one Ethernet interface, and a CP 1543-1 as of firmware version V2.2 provides the other Ethernet interface. In this case, the \"Access to PLC via communication module\" function must be enabled for the CP in the CPU. STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024 • IP forwarding is enabled. • Suitable standard gateways/routes are configured in each participating device along the outgoing and return paths of the IP packets. IP route table When IP forwarding is enabled, the CPU forwards received IP packets that are not addressed to itself. How the CPU forwards the IP packets is defined in its internal IP route table. The CPU automatically creates the IP route table from the following information of the loaded hardware configuration: • IP configuration of the Ethernet interfaces • Configured router Example of a configuration with IP forwarding The following figure shows a sample configuration along with the required IP address settings and router settings. • A PC on the IP subnet 192.168.4.0 communicates with an HMI device on the IP subnet 192.168.2.0. • The IP address of a router (\"Standard Gateway\") is configured at the CPU, Ethernet interface X3; in the figure below it is the device that is designated as \"IP Router\". In STEP 7, you configure a router in the interface properties under \"Ethernet Addresses\" > \"IP Protocol\". • For the PC, the IP router, the IO device and the HMI device, the IP addresses of a standard gateway or the corresponding routes are also entered. Figure 2 Configuring the router This example configuration results in the following IP routing table for the CPU. STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024 Figure 3 Sample configuration Table 1 IP route table of the CPU Network destination Interface Gateway 0.0.0.0/0 10.10.0.10 10.10.0.1 192.168.1.0/24 192.168.1.1 - 192.168.2.0/24 192.168.2.1 - 10.10.0.0/24 10.10.0.10 - For IP communication between the PG/PC and the HMI device, you need to set up additional IP routes to the IP subnet of the HMI device both in the PC and in the IP router. In the HMI device, you configure the IP address of the CPU interface X1 as the standard gateway. In a Windows computer, for example, you set up an additional IP route from the command prompt using the command \"route add <destination IP subnet> mask <subnet mask> <gateway>\". However, you need certain access rights for this. For this example, enter the following prompt: • \"route add 192.168.2.0 mask 255.255.255.0 192.168.4.20\" STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024 In an IP router, you set up additional routes, e.g. via a web interface. Set up the following route for this example: • Destination IP subnet: 192.168.2.0 • Subnet mask: 255.255.255.0 • Gateway: 10.10.0.10 Restrictions You cannot configure any additional IP routes other than the router (\"Standard Gateway\") for an S7-1500 CPU. The network destination is either a connected IP subnet, or the network destination can be reached via exactly one configurable router. Because the S7‑1500 CPU does not support additional IP routes, you cannot build bi-directional IP router cascades. In the following configuration, you can configure either \"Router 1\" or \"Router 2\" in the CPU. \"Router 1\" is configured as an example. In this case, you cannot configure \"Router 2\". IP communication between the PC and the HMI device is not possible because the route is not continuous in both directions. Figure 4 Unsupported IP router cascade STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024 IP forwarding via the interface of a CP IP forwarding also works via the interface of a CP. For this you have to activate the \"Access to PLC via communication module\" function for this CP in the CPU. How you enable the \"Access to PLC via communication module\" function is described in the online help of STEP 7. Linux of the CPU 1518 4 PN/DP MFP via interfaces X1 or X2 If you activate PN/DP MFP IP forwarding for the CPU 1518 4 PN/DP, you will not only reach devices in the IP subnet of interface X3 via interfaces X1 and X2, but also Linux. From the Linux of the CPU 1518 4 PN/DP MFP, you reach all devices in the IP subnets of the interfaces X1, X2 and X3. Constraints: • IP forwarding is activated for the CPU 1518 4 PN/DP MFP. • The IP address of Linux and the IP address of interface X3 are located in the same IP subnet. • The routes to the IP subnets at X1 and X2 are entered in Linux. In Linux, enter a route with the following command: \"Route add-net <Destination IP subnet> mask <Subnet mask> gw <Gateway> The following figure shows a configuration in which a PC accesses Linux of the CPU 1518-4 PN/ DP MFP via interface X2. Figure 5 Access to Linux via interface X2 Take network security into account for IP forwarding If you activate IP forwarding for a CPU, you enable \"external\" access to devices that are actually only accessible and controlled by the CPU. These devices are therefore usually not protected against attacks. STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024 The following figure shows how to protect your automation system against unauthorized access. • The CPU accesses all devices within the dark green IP subnets B and C close to the CPU via the interfaces X1 and X2. Figure 6 Network security for IP forwarding • A SCALANCE S router is configured in the CPU. The CPU accesses the devices in the remote, light green IP subnet A via the router. • The \"Access to PLC via communication module\" function is enabled for the CP 1543 in the CPU. The CPU reaches all devices within the IP subnet D via interface W1. If IP forwarding is activated in the CPU, a device from IP subnet A can access any device within IP subnets B, C and D close to the CPU. Protect your automation system and connected devices against unauthorized access from outside. Separate the CPU-related IP subnets from the remote IP subnets with a firewall. For example, use the SCALANCE S security modules with integrated firewall. This application example describes how to protect an automation cell with a firewall using the SCALANCE S602 V3 and SCALANCE S623 security modules. Enabling/disablng IP forwarding To enable IP forwarding, proceed as follows: 1. Select the CPU in the network view of STEP 7 (TIA Portal). 2. In the properties of the CPU of the Inspector window, navigate to \"General\" > \"Advanced Configuration\" > \"IP forwarding\". 3. In the \"Configuration IPv4 Forwarding\" area, select the check box \"Activate IPv4 for interfaces of this PLC\". STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024 Figure 7 Enabling IP forwarding Result: IP forwarding is enabled for all interfaces of the S7-1500 CPU. You disable IP forwarding by clearing the check box \"Enable IPv4 forwarding for interfaces of this PLC\". IP forwarding with redundant systems S7-1500R/H For information on configuring IP forwarding of an S7-1500R/H system, refer to the section \"Communication with the redundant system S7-1500R/H\" in the Communication function manual. See also → Useful information on configuring PROFINET/Industrial Ethernet → Settings for interconnecting Ethernet devices → Overview of the CPU properties Application example SCALANCE S (https://support.industry.siemens.com/cs/ww/en/view/22376747) STEP 7 and WinCC Engineering V18 IP forwarding This document constitutes a free excerpt compiled by the user himself/herself from the documentation provided by Siemens for this product. Siemens disclaims all liability for the completeness of this document. It shall only be used for the user's own internal purposes. It shall not be passed on to third parties. 4/17/2024","libVersion":"0.3.1","langs":""}