Description
This entry gives you an overview of the ports used by the various services for data transfer by means of TCP and UDP.

If the data is transferred over routers or if firewalls are used, the port must be enabled in the router or firewall according to the service implemented.
 

Service	Destination port	Transport protocol	Description
FTP	20, 21	TCP	The "File Transfer Protocol" is used for transferring files to and from a remote computer system. Here, the protocol uses TCP/IP as the underlying protocol. Using the File Transfer Protocol you can execute commands for files and directories, for example: List or delete files and directories on the remote system. Access files in the IT CP or Advanced CP (the IT CP or Advanced CP is FTP server). Direction of access This function allows you to download files (your own HTML pages, for example) from a PC into the IT CP or Advanced CP using an FTP client.
Telnet	23	TCP	Telnet helps set up a terminal session on the Telnet server to the Telnet client. This client/server protocol is based on TCP and is used for web-based management on OSM and ESM.
SMTP	25 465 (encrypted)	TCP	The Simple Mail Transport Protocol is used in the internet to deliver e-mails to a mail server and exchange mails between two mail servers. SMTP is used to gain access to the mail client (IT CP or Advanced CP is SMTP client) on a mail server (SMTP server). Direction of access With an IT CP or Advanced CP you can send e-mails from the user program. This is done by sending a message to Port 25 and the IP address of the configured mail server.
DNS	53	TCP, UDP	The Domain Name System (DNS) is responsible for assigning names and resolution in IP-based networks.
bootps (DHCP)	67 (Server)	UDP	The Dynamic Host Configuration Protocol (DHCP) permits you to assign the network configuration to clients by means of a server.
bootpc (DHCP)	68 (Client)	UDP
TFTP	69	UDP	The Trivial File Transfer Protocol (TFTP) is a simple protocol for file transfer. Each file package is acknowledged separately. TFTP is used for OSM/ESM to download firmware or save and load configurations. More information is available in the manual "SIMATIC NET Industrial Ethernet OSM/ESM Network Management", section 6.3 in Entry ID 8677203.
HTTP	80	TCP	The Hypertext Transfer Protocol (HTTP) is a transfer protocol for transferring information in the World Wide Web (WWW). HTTP is used to gain access to an HTML page in the IT CP or Advanced CP (IT CP is HTTP server). Direction of access On an IT CP or Advanced CP you can store HTML pages with which you can read the process values from the controller.
RFC1006	102	TCP	RFC 1006 is based on the TCP protocol and permits a reliable connection between two systems. RFC 1006 is used for standard connections in the SIMATIC environment. Areas of application: STEP 7 remote programming via LAN STEP 7 remote programming via ISDN ISO-on-TCP connections S7 connections via Industrial Ethernet The TCP Port 102 must be enabled in all areas of application. Note Port 102 is blocked by default in routers and firewalls and must be enabled for the complete transfer route.
NTP	123	UDP	The Network Time Protocol (NTP) is a standard for time synchronization in IP-based networks.
SNMP	161,162	UDP	Simple Network Management Protocol (SNMP) is a UDP-based protocol that has been specified specially for the administration of data networks. The SNMP is for managing and configuring the different network components. In this way routers, switches and other components that are usually widely distributed can be managed from a central workstation.
HTTPS	443	TCP	HyperText Transfer Protocol Secure (HTTPS) is for encryption and authentication of the communication between web server and browser in the World Wide Web.
ISAKMP	500	UDP	The Internet Security Association and Key Management Protocol (ISAKMP) is a protocol for establishing security associations (SA) and exchanging cryptic codes in the internet.
Modbus	502	TCP, UDP	Modbus TCP
Syslog	514	UDP	The syslog protocol is for transferring syslog messages. Syslog messages contain short text messages (less than 1024 bytes) and are transferred unencrypted.
IPSec	4500	TCP, UDP	Internet Protocol Security (IPS) is a security protocol that provides the following protection goals for communication over IP networks: Confidentiality Authenticity Integrity It is used to establish virtual private networks (VPN).

Table 01

The table below lists the product groups with the UDP/TCP protocols.
 

Service	Product groups
	SCALANCE X with Management functions	Wireless LAN	PLC	PLC CPs	PC CPs	IE/AS-i Link, IE/PB Link, IWLAN/PB Link
FTP server	X	X	-	X3)2)	X	-
Telnet	X	X	-	-	X	X7)
SMTP	X	X	-	-	X	X5)
DNS	-	-	-	-	X	-
bootpc (DHCP client)	X	X	-	X2)	X	X5)
TFTP client	X	X	-	-	X	X5)
HTTP	X	X	X12)	X2)	X	X5)
RFC1006	-	-	X12)	X2)	X	X6)
NTP	X8)	X8)9)	X12)	X2)	X	X
SNMP	X	X	X12)	X2)	X	X
HTTPS	X	X	X12)	-	X	-
Syslog client	X10)	X	-	-	-	-
ISAKMP	-	-	-	-	X	-
Modbus TCP	-	-	X11)	X4)	-	-
IPSec	-	-	-	-	X	-

Table 02

¹⁾ The integrated FTP server is for downloading the firmware in the module.
²⁾ Information about which Industrial Ethernet CPs support theseservices is available in Entry IDs: 16767769 and 15368142.
³⁾ The FTP service is supported by IT CPs and Advanced CPs.
⁴⁾ The Modbus TCP service is supported with the "OPEN MODBUS / TCP CP" product. You can find more information about OPEN MODBUS / TCP communication in Entry ID: 22660304.
⁵⁾ This service is supported only by IE/AS-i Link.
⁶⁾ This service is supported only by IE/PB Link and IWLAN/PB Link.
⁷⁾ This service is supported only by IWLAN/PB Link.
⁸⁾ SCALANCE X and SCALANCE W support the Simple Network Time Protocol (SNTP), the simple form of the Network Time Protocol (NTP).
⁹⁾ SCALANCE W in compliance with IEEE 802.11n supports Network Time Protocol (NTP). An overview of the SIMATIC NET Industrial Wireless LAN components in compliance with IEEE 802.11n is available in Entry ID: 56692761.
¹⁰⁾ SCALANCE X-300, X-400 and X-500 can be used as Syslog client.
¹¹⁾ The Modbus TCP service is supported with the "OPEN MODBUS / TCP CP" product. You can find more information about OPEN MODBUS / TCP communication in Entry ID: 22660304.
¹²⁾ Information about which CPUs support this service is available in Entry ID: 18909487.

Further information
More information about the products mentioned above is available in the manuals below:
 

Manual	Entry ID
Industrial Ethernet Switches SCALANCE X-200 Operating instructions	25508728
Industrial Ethernet Switches SCALANCE X-300 Operating instructions	26046091
Industrial Ethernet Switches SCALANCE X-400 Operating instructions	19625216
SCALANCE X-500 Web Based Management Configuration Manual	56699325
SCALANCE X-500 Command Line Interface Configuration Manual	56699784
SIMATIC NET SCALANCE W700 Web Based Management Configuration Manual	57269008
SIMATIC NET SCALANCE W700 Command Line Interface Configuration Manual	57269842
IE/PB Link PN IO	19299692
IWLAN/PB Link	21379908
IE/AS-i Link	22712154

Table 03

Description:
Remote access is made to an automation system (e.g. SIMATIC S7) via the Internet. In this case, only one controller can be reached by the remote access via port forwarding. Access to other controllers in the automation cell is via PG routing.

Fig. 01

PG functions are used with STEP 7 to access an automation system (e.g. SIMATIC S7) in the local network from the external network. Access is made via a gateway that uses the NAT (Network Address Translation) and NAPT (Network Address Port Translation) services. 

Fig. 02

In the above-mentioned examples, the PG functions permit the following with STEP 7:

• Downloading of the configuration and user program to the CPU
• Monitoring of blocks and tags

The PG functions, S7 communication etc. use Port 102 (TCP).
Information on the which protocol uses which TCP port is available in Entry ID: 8970169.

In the above-mentioned applications, you set the port forwarding in the DSL Modem/Router on the plant side and in the gateway so that the messages of Port 102 from the external network are forwarded to Port 102 of the IP address of the SIMATIC S7. The IP address of the SIMATIC S7 is in the local network.

Example of port forwarding:
 

Example	External IP address	External port	Internal IP address	Internal port	Application
Remote access via Internet using port forwarding	217.91.8.166	102	172.168.2.10	102	STEP 7
Access via NAT/NAPT	192.168.2.1	102	172.168.2.10	102	STEP 7

For the following applications, attention must be paid to the fixed external IP address of the standard DSL modem/router on the plant side and the external IP address of the gateway:

• Monitor blocks,
  so that it is possible to monitor blocks on the SIMATIC S7 CPU online via STEP 7.
• Download interface,
  so that it is possible to download the configuration via STEP 7.

Monitor blocks
You must make the following change in the hardware configuration of the SIMATIC S7 to enable monitoring of blocks on the SIMATIC S7 CPU online via STEP 7.

In the hardware configuration of the SIMATIC S7, you replace the IP address of the interface that enables access to the Internet (e.g. IE CP or integrated PN interface of the CPU) with the external IP address of the DSL modem/router on the plant side.

The changed hardware configuration is only for monitoring the blocks and must not be loaded into the CPU, because this information is stored in the project and thus the system data is changed in the project. A download changes the settings of the CPs or the CPU and thus renders further online monitoring impossible.

A download of the system data or the hardware configuration with changed IP address prevents further online monitoring via port forwarding.

Download interface
No changes are made in the project when you set the download interface in STEP 7. The original IP address is retained in the project. Only the IP address of the download target is replaced by the external IP address of the DSL modem/router on the plant side.

Thus, it is also possible to download the system data and hardware configuration without the online connection being cut after the download. However, no block monitoring is possible here.

Fig. 03

Note:
With the remote access options mentioned above, the local network is not protected against unauthorized access. We therefore recommend that you use a VPN (Virtual Private Network) for remote access via the Internet. Via VPN, you can use the PG functions with STEP 7:

• without changing the IP address of the Industrial Ethernet interface in the hardware configuration to monitor the blocks and
• without changing the IP address of the download interfaces to download the hardware configuration or user program into the CPU.

Instructions for configuring a VPN with SCALANCE S6x and SOFTNET Security Client are available in the following entries:

• Entry ID: 32447942
• Entry ID: 24968210

A description of the various WAN access methods for remote access to automation systems (e.g. SIMATIC S7) is available in Entry ID: 26662448.

QUESTION:
What happens when several routes to an end station are available with PG Channel Routing?

ANSWER:
The route used depends on the order of the entries in the routing SDBs. The system data blocks are generated automatically by STEP 7. As user you have no influence on this.

Note:
In NETPRO configure only the interfaces which are in fact networked and are in a ready-to-operate state.

QUESTION:
What settings do I have to make to be able to practice teleprogramming with STEP 5 via Industrial Ethernet?

ANSWER:
You wish to practice teleprogramming in STEP 5 via Industrial Ethernet (ISO Industrial Ethernet, TC/IPA protocol).

You must meet the following requirements for ISO Industrial Ethernet:

1. Your PC must have a network card that is known to the operating system.
2. The "Softnet IE PG" software from the SIMATIC NET CD must be installed.
3. Set the "Siemens ISO Industrial Ethernet" protocol in the network settings.
   Windows 9x:
   The "ISO Industrial Ethernet" protocol is located in the network settings under "Protocols" at "Siemens AG".
   Windows NT:
   The "Siemens ISO Industrial Ethernet" protocol is in the network settings of your computer.
   Windows 2000 or Windows XP:
   The protocol has already been installed with SIMATIC NET CD 7/2001 or 11/2002 and does not have to be installed again.
4. Open the Control Panel via "Start >Settings > Control Panel" and double-click the icon "Set PG/PC Interface".
5. Set the access point "CP_H1_1:" to "ISO Industrial Ethernet >Network Card". (Please do not forget to enter the colon too!)
6. Start STEP 5.
7. In the STEP 5 menu "File > Project > Set", you can now select the interface "Industrial Ethernet (Sinec H1)".

If you are using Industrial Ethernet (TCP/IP), then the same settings are valid for Windows NT as for ISO Industrial Ethernet:

1. Your PC must have a network card that is known to the operating system.
2. The "Softnet IE PG" software from the SIMATIC NET CD must be installed.
3. For implementing in Windows95/98 you need the additional package "PG/OP Communication for CP1430 TCP" (only necessary for TCP, not for TF modules).
   This package is available as an option under order number 2XV9450-1AU04.
4. Now add the "TCP/IP protocol" to the network settings of your computer if the protocol is not yet available.
5. Open the Control Panel via "Start > Settings > Control Panel" and double-click the icon "Set PG/PC Interface".
6. Set the access point "CP_H1_1:" to "TCP/IP >Network Card". (Please do not forget to enter the colon too!)

Fig. 1: Network properties in Windows 9x

7. Restart your computer.
   
   WARNING:
   Points 7 to 9 apply only for Windows 9x. They are not relevant if you are using Windows NT, Windows 2000 or Windows XP.
8. Start the "pgbus.exe" file from the "PG/OP Communication for CP1430 TCP" additional package.
9. The window that now opens shows that the TCP/IP driver is now enabled.

Fig. 2: Message about enabled TCP/IP driver

10. Now open the "snet_sw /S5_sw.bat" file from the additional package. This starts STEP 5.
11. Now start STEP 5 (only for Windows NT, Windows 2000 or Windows XP).

11. In the STEP 5 menu "File > Project > Set" you can now select the interface "Industrial Ethernet (Sinec H1)".

12. With the bus path, please note that only an MAC address can be specified. In this case you must convert the IP address into a hexadecimal number and enter it into the first 4 bytes of the MAC address (e.g. IP address: 140.80.0.20 is 8C.50.00.14.00.00 as MAC address).
    
    Einstellungen_STEP5.pdf ( 45 KB )  

Warning:
No dial-up adapter may be installed, because then the the interface "Industrial Ethernet (Sinec H1)" is not displayed in STEP 5.
In Windows 9x  please check in the menu "Start > Settings > Control Panel > Network". If a Dial-up Adaptor is displayed there, then please delete it.

Note:
If the access point "CP_H1_1:" is not in the PG/PC interface in "Access Point of the Application", then you can add it manually. Please specify the access point exactly as described in Point 5.

QUESTION:
What settings do I have to make to be able to practice teleprogramming with STEP 7 via Industrial Ethernet?

ANSWER:
You wish to practice teleprogramming in STEP 7 via Industrial Ethernet (ISO Industrial Ethernet, TC/IP protocol). You must meet the following requirements for ISO Industrial Ethernet:

1. Install a network card.
2. Install the "Softnet IE S7" or "Softnet IE PG" software from the SIMATIC NET CD.
3. Now set the "ISO Industrial Ethernet" protocol in the network settings.
   Windows 9x:
   The "ISO Industrial Ethernet" protocol is located in the network settings under "Protocols" at "Siemens AG".
   Windows NT:
   The "Siemens ISO Industrial Ethernet" protocol is in the network settings of your computer.
   Note: 
   From SIMATIC NET CD 7/2001 no protocol installation is required in Windows 2000 or Windows XP (from SIMATIC NET CD 11/2002).
4. Open the Control Panel via "Start >Settings > Control Panel" and double-click the icon "Set PG/PC Interface".
5. Set the access point "S7(ONLINE)STEP7" to "ISO Industrial Ethernet > Network Card".
6. Start the SIMATIC Manager.
7. Load your offline project via MPI into the controller and go online by clicking the "Online" button in the SIMATIC Manager.
   Note: 
   CPs of the *X11 series do not have to be loaded via MPI, because they have been equipped ex works with a permanently set MAC address. This then also provides a direct loading function via Ethernet.

If you are using Industrial Ethernet (TCP/IP), then the same settings are valid for Windows NT and Windows 9x as for ISO Industrial Ethernet:
Note: 
Here, too, from SIMATIC NET CD 7/2001 no protocol installation is required in Windows 2000 or Windows XP (from SIMATIC NET CD 11/2002), because this already be done to a great extent by the operating system.

1. Install a network card.
2. Install the "Softnet IE S7" or "Softnet IE PG" software from the SIMATIC NET CD.
3. Now add the "TCP/IP protocol" to the network settings of your computer if the protocol is not yet available.
4. Open the Control Panel via "Start > Settings > Control Panel" and double-click the icon "Set PG/PC Interface".
5. Set the access point "S7ONLINE (STEP7)" to "TCP/IP->Network Card".

Fig. 1: Setting the PG/PC interface

6. Now start the SIMATIC Manager.
7. Load your offline project via MPI into the controller and go online by clicking the "Online" button in the SIMATIC Manager.
   Note: 
   CPs of the *X11 series do not have to be loaded via MPI, because they have been equipped ex works with a permanently set MAC address. Here, since STEP 7 V5.1 SP 2, using the function "Assign Ethernet Address" it is possible to assign an IP address via the DLC protocol. This then also provides a direct loading function via Ethernet.

Warning:

• In the case of older CPs, the Hardware Configuration must be loaded into the controller via MPI.
• CPs of versions up to and including version EX10 can only be addressed via your address after you have loaded the offline project into the controller.

Description:
The following requirements must be fulfilled for the "Routing" function with SIMATIC S7 modules via MPI, PROFIBUS and Industrial Ethernet connections:

Software requirements:

• MPI and PROFIBUS connections:

• At least STEP 7 V5.0+SP1, however a current version of STEP 7 is recommended.
• For the Softnet PROFIBUS cards (CP 5411 (ISA), CP 5511 (PCMCIA), CP 5611 (PCI), CP 5611 (on board)) you don't need any other drivers, because they are provided by STEP 7.
• For the Hardnet PROFIBUS cards (CP 5412(A2) (ISA), CP 5613/5614 (PCI)) you need the associated drivers from the SIMATIC NET CD.

• Industrial Ethernet connections:

• At least STEP 7 V5.0+SP1, however a current version of STEP 7 is recommended.
• With CP1612/ CP1512 ,CP1515 and commercially available network cards you need a current release of the SIMATIC NET Softnet IE PG driver (at least Softnet IE PG V3.1).
• With CP1613 and CP1413 you need the products SIMATIC NET IE PG 1613 and SIMATIC NET IE PG1413 respectively.

• For implementation of a TS Adapter:

• TeleService S7 V5.0 or higher.

Hardware requirements:

• You need routing-compatible modules. Refer to Entry ID 584459 for routing-compatible modules, or take them directly from the hardware catalog of the STEP 7 Hardware Configuration.
  
  
  Fig. 01
  
  
  You still need one of the Online CPs mentioned under "Software requirements" or the TS Adapter V5.0 or a PC Adapter V5.0.

Note:

• The last module that is to be addressed via the routing function does not have to be routing-compatible.
• If you wish to route via an S7 CPU which is configured as a PROFIBUS DP slave, you have to activate the "Test, Commissioning, Routing" option in the HWCONFIG > DP interface properties > "Operating Mode" tab. You can also find this information in the STEP7 Online Help ("Operating Mode" tab).

Configuration procedure:
You must configure all the stations that lie between the Start device and the target device in one STEP 7 project.
 

No.	Procedure
1	Insert a station of the type "PG/PC". Fig. 02
2	Configure all the physically available network connections (MPI, PROFIBUS, Industrial Ethernet) in NETPRO or in the HW Config. This also applies for networks that are not directly in the path, but are connected to the route stations. This does not mean that you must use all the interfaces available. You must only configure the communication connections that are also physically available. Fig. 03
3	Open the Properties of the "PG/PC station" by double-clicking the PG/PC object.
4	Switch to the "Interfaces" tab and create a new node ("New" button). From the list that is displayed select the type of your node and acknowledge with "OK".
5	From the next window you select the network that is physically connected to your PG/PC. If you have not yet configured a network, then you must do it now. Warning: The "PG/PC station" must be given the same address as set in the program "Set PG/PC interface" (also applies for CP 1413 and CP 1613).
6	Switch to the "Assignment" tab and assign the Routing entry point to your PG/PC. First you select the node in the "Configured Interfaces:" pane and then in the second pane you specify the CP or the PC Adapter with the relevant network identification via which you want to go online. Fig. 04
7	Save and compile your network configuration.
8	Transfer your configuration into the CPU.
9	Create an online connection via the offline project. This cannot be done via "Accessible Nodes".

Sample configurations:

• Routing with modem and TS Adapter
  
  
  Fig. 05  
   
• Routing with ISDN Router:
  
  
  Fig. 06