ISO transport protocol

ISO transport connections are used for data exchange between S7 stations and for communication with PC stations, S5 stations and third-
party systems.

Properties of the ISO transport connection:

 Communication between stations is based on MAC addresses.

 Data transmission with data blocks is suitable for data volumes of up to 8 Kbytes.
 Data transmission can take place with the "SEND/RECEIVE" and "FETCH/WRITE" services.
 Data reception is confirmed by the partner by means of an acknowledgment on layer 4 of the ISO reference model.
 Data can not be conducted over a router (no protocol with routing capability, because communication is based on MAC
addresses and not IP addresses).
ISO-on-TCP protocol
ISO-on-TCP connections are used for data exchange between S7 stations and for communication with PC stations, S5 stations and third-
party stations.

Properties of the ISO-on-TCP connection:

 Communication between stations is based on IP addresses.

 Data transmission with data blocks is suitable for data volumes of up to 8 Kbytes.
 Data transmission can take place with the "SEND/RECEIVE" and "FETCH/WRITE" services.
 Data reception is confirmed by the partner by means of an acknowledgment on layer 4 of the ISO reference model.
 Data can be conducted over a router (protocol with routing capability).
 Corresponds to the TCP/IP standard with the RFC1006 extension based on layer 4 of the ISO reference model. More
information about the RFC1006 protocol extension is available in Entry ID: 15048962.
TCP protocol
Data exchange between stations (including third-party stations) is implemented through the configuration of TCP connections.

Properties of the TCP connection:

 Corresponds to the TCP/IP standard

 Data transmission with data blocks is suitable for data volumes of up to 8 Kbytes.
 Data transmission can take place with the "SEND/RECEIVE" and "FETCH/WRITE" services.
 The operating system's existing TCP/IP implementation can usually be used on the PC.
 Data can be conducted via a router (protocol with routing capability).
UDP protocol
Data exchange between two stations is implemented through the configuration of UDP connections.

Properties of the UDP connection

 UDP protocol
 Non-secure transmission of associated data blocks between two nodes (a block of 2048 bytes is split into 2 packages
(MaxTpduSize =1496)).
 Support for Multicast
By setting up Multicast circles, Multicast allows groups of stations to receive messages together and to send them to
this group.
 Data transmission is conducted with the "SEND/RECEIVE" service.
 Data can be conducted via a router (protocol with routing capability).
S7 Communication:
Data exchange between S7 stations and with PC stations is implemented through the configuration of S7 connections.

Properties of the S7 connection:

 Connection available in all S7 / M7 devices.

 Can be used on all subnets (MPI, PROFIBUS, Industrial Ethernet).
 S7 communication via Industrial Ethernet is based on the ISO transport protocol and ISO-on-TCP protocol.
 Secure transmission of data between SIMATIC S7/M7-300/400 stations (using "BSEND/BRCV" or "PUT/GET" FBs).
 High-speed, non-secure transmission of data depending on the time-related processing of the partner (using the
"USEND/URECV" FBs).
 In the case of secure transmission of data using "BSEND/BRCV" and "PUT/GET" FBs, the data transmission of the
partner is acknowledged on layer 7 of the ISO reference model.
 In the case of high-speed, non-secure transmission of data using "USEND/URCV" FBs, the data transmission is not
acknowledged on layer 7.
IT communication
 E-mail function
The S7 station can send event-triggered e-mails. Usually, the e-mail consists of fields for sender, recipient, subject and
body text. Binary data can also be added at the end of the body text. The maximum length of an e-mail is 8192 bytes for
all the defined fields together.
 HTTP / HTTPS
The CPs have a web server. Among other things, JavaBeans are also available for supplying and visualizing the HTML
pages with S7 variables. Applications written with JAVA can access S7 variables with the JavaBeans using the HTTP
protocol.
In the case of CP343-1 GX31 the secure protocol HTTPS can be enabled.
 FTP / FTPS function (as server and client)
The FTP server function is used to save files (HTML pages, image files, ...) in the CP's file system. Values can also be
read directly from and written directly to data blocks via a file.
As FTP client, the IE CP sets up the connection to the FTP server to save or get the data in files on/from the FTP
server.
In the case of CP343-1 GX31 the encrypted data transfer using the FTPS protocol can be enabled.
 Web diagnostics
Various information, such as the diagnostic buffer and connection statistics, can be read from the CP using HTTP /
HTTPS.
IP access protection (IP-ACL)
IP access protection allows the user to restrict communication via the CP on the local S7 station to partners with specific IP addresses.
IP configuration
The user can configure the path or process by which the CP is assigned the IP address, the subnet mask and the address of the router. In
addition, the connection configure can be assigned to the CP alternatively via STEP 7, as well as over a block interface in the user
program (FB55: "IP_CONFIG").
Remark: not applicable to S7 connections.
PG/OP communication
Programming and configuring the S7 station with STEP 7 via Industrial Ethernet. The programming device is connected with the
Ethernet interface of the CP.
 S7 routing
From STEP 7 V5.0 SP3 HF3 onwards you can reach ST stations online over and beyond subnet limits with the PG/PC,
in order, for example, to load user programs or a hardware configuration or in order to execute test and diagnostic
functions. You can connect a PG at any place within the network and connect online to any stations which are reached
through gateways. When the project is compiled, the routing data is generated automatically by the network
configuration of the S7 project in STEP 7 and saved in the system data in SDB999. You must configure all the stations
that lie between the start device and the PLC in a STEP 7 project.
SNMP (Simple Network Management Protocol)
SNMP Agent
The CP support data querying over SNMP in Version V1. Here, it provides the contents of specific MIB objects according to Standard
MIB II, LLDP MIB, Automation System MIB and MRP Monitoring MIB.

When Security is enabled, the CP343-1 GX31 supports SNMPv3 for secure transmission of network analysis functions.

PROFINET
PROFINET is the standard used by the PROFIBUS Users Organization (PNO) which defines an inter-manufacturer communication and
engineering model.
 PROFINET IO
A PROFINET IO system has a distributed configuration of the following devices:
o PROFINET IO controller
A PROFINET IO controller is a control system (PLC, PC) that controls the automation task.
 o PROFINET IO device
A PROFINET IO device is a field device which is monitored and controlled by a PROFINET IO controller. A
PROFINET IO device may comprise multiple modules and submodules (ET200S, for example).
 PROFINET CBA
A PROFINET CBA system comprises different automation components. A component comprises all the mechanical,
electrical and IT variables. The component may have been created with the normal programming tools, STEP 7, for
example. A PROFINET Component Description (PCD) file is created in XML. A planning tool loads these descriptions
and permits the creation of the logical connections between the individual components for the purposes of creating a
plant.
Time synchronization
Time synchronization over Industrial Ethernet according to the following configurable procedures.
 SIMATIC procedure
The CP receives MMS time-of-day messages and synchronizes its local time of day. The user can choose whether to
forward the time of day to the CPU. In addition, the direction of forwarding can be determined.
 NTP procedure (Network Time Protocol)
The CP transmits time-of-day queries to an NTP server at regular intervals and synchronizes its local time of day.
In addition, the time of day can be automatically forwarded to the CPU in the S7 station, thereby synchronizing the time
of day in the entire S7 station.
When Security is enabled, the CP343-1 GX31 supports the NTP protocol (secure) for secure time synchronization.
Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to
implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and
solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.