Is Siemens S7 Lockdown Possible

[abhijeetmhatre]

Hi

I am trying to do data acquisition on an existing system which has an
S7 300 PLC connected to an HMI using ethernet.

The problem is that I am not able to ping any of the nodes on the network.

* I logged in on HMI and pinged on its own IP address. 192.168.1.151 ... no response.

* Disabled firewall...... Same. ... no response.

* Added a Linux machine on the LAN with IP address 192.168.1.153 ... and ran nmap -sP 192.168.1.0/24 ... no hosts detected.

* Added a WinXP machine on the LAN with Simatic manager ... PLC not detected.


Could someone tell me what could the problem be? Can a s7300 PLC be configured to accept requests from only a particular HMI through lock on mac id or some such means?

 

[sthompson]

Hi

I am trying to do data acquisition on an existing system which has an
S7 300 PLC connected to an HMI using ethernet.

The problem is that I am not able to ping any of the nodes on the network.

* I logged in on HMI and pinged on its own IP address. 192.168.1.151 ... no response.

* Disabled firewall...... Same. ... no response.

* Added a Linux machine on the LAN with IP address 192.168.1.153 ... and ran nmap -sP 192.168.1.0/24 ... no hosts detected.

* Added a WinXP machine on the LAN with Simatic manager ... PLC not detected.


Could someone tell me what could the problem be? Can a s7300 PLC be configured to accept requests from only a particular HMI through lock on mac id or some such means?

Welcome to the Forum!

It sounds like you have bigger problems than just your S7 PLC. There is something not right on your Network. You should be able to Ping something on the Network. Normally you would be able to Ping the S7 PLC. I don't know if it is possible to disable ICMP, but I have Pinged S7 PLCs on Ethernet without a problem.

Put a Windows PC on the Network, and install Wireshark.

http://www.wireshark.org/

It is a Packet Sniffer and Analyzer Program.

Are you sure of your IP Addresses? You seem to have a good grasp of Network Topology.

Stu....

 

[L D[AR2P#0.0]]

Unplug the network connection on the plc and plug your pc network connection into the same port and then ping the plc.

 

[sthompson]

Unplug the network connection on the plc and plug your pc network connection into the same port and then ping the plc.

Wouldn't that require a Crossover Cable, or are the S7 Ethernet Ports Auto Sensing?

Maybe he has a bad Switch, but he said he couldn't Ping the HMI from itself. However, he didn't tell us what HMI he was using either.

Stu....

 

[JesperMP]

If it is an old S7, then maybe it uses ISO mode, and does not even have an IP address.
edit: New CP343-1 modules allow to disable TCP/IP and only use ISO mode.

Please state the exact type number of the CPU, and the exact type number of the CP343-1.

edit again: If the CP343-1 does use ISO mode, then you should still be able to scan for it with STEP7. The CP343-1 should be detectable by its MAC address.

 

[L D[AR2P#0.0]]

Wouldn't that require a Crossover Cable, or are the S7 Ethernet Ports Auto Sensing?

I do not use a cross-over cable (tested connection to a 317F)

 

[JesperMP]

Unlikely, but not impossible that the port has been configured to disable autonegotiation.
But if you try to ping from the HMI PC, then that cannot be the explanation.

 

[abhijeetmhatre]

Just to be sure that the laptop LAN configurations are correct, I connected second laptop in the network and successfully pinged to the second laptop.

The PLC model number is 315A and HMI is ESeries HMI.

 

[L D[AR2P#0.0]]

What about post#3?

Where did you read 315A from - post a picture.

 

[L D[AR2P#0.0]]

Here's an example pic...

 

[CalleLundin]

Well.. to make this the easy way.

Put your PG in the switch of the network.

In Step 7 manager
Set your PC/PG interface to Ethernet card
Open menu PLC
Click Display accesible nodes

wait untill you see all nodes/hmi/plc and so on..

if nothing shows up, change your pc/pg interface if you have more then one ethernet based interface. repeat steps above.

If still nothing shows, look under your ethernetcard settings on your PG so you have the same IP area.

If problem still are there, check program so its on static IP based system and not DHCP and uses simatic names instead of IP adresses, if they run Profinet they should be using names to assign ID of nodes and so on. and not IP adresses.

I think you are on the wrong subnet.. but thats my best guess.

 

[JesperMP]

No get the EXACT type number.
Not "315A" or "317F-2PN/DP".
It must be something like "6ES7315-2EH14-0AB0".
Same for the CP343-1 if there is one.

 

[abhijeetmhatre]

No get the EXACT type number.
Not "315A" or "317F-2PN/DP".
It must be something like "6ES7315-2EH14-0AB0".
Same for the CP343-1 if there is one.

Number on the top is 315A - 2PN/DP
Number at the bottom 315-2EH14-0AB0

 

[abhijeetmhatre]

Well.. to make this the easy way.

Put your PG in the switch of the network.

In Step 7 manager
Set your PC/PG interface to Ethernet card
Open menu PLC
Click Display accesible nodes

wait untill you see all nodes/hmi/plc and so on..

if nothing shows up, change your pc/pg interface if you have more then one ethernet based interface. repeat steps above.

If still nothing shows, look under your ethernetcard settings on your PG so you have the same IP area.

If problem still are there, check program so its on static IP based system and not DHCP and uses simatic names instead of IP adresses, if they run Profinet they should be using names to assign ID of nodes and so on. and not IP adresses.

I think you are on the wrong subnet.. but thats my best guess.

> Put your PG in the switch of the network.
Done:

>In Step 7 manager
>Set your PC/PG interface to Ethernet card
>Open menu PLC
>Click Display accesible nodes
>wait untill you see all nodes/hmi/plc and so on..
Done... Img Attached
Shows only one node. checked its properties, they correspond to my laptop

>if nothing shows up, change your pc/pg interface if you have more then one >ethernet based interface. repeat steps above.
We have only one ethernet interface

>If still nothing shows, look under your ethernetcard settings on your PG so >you have the same IP area.
>If problem still are there, check program so its on static IP based system and >not DHCP and uses simatic names instead of IP adresses, if they run Profinet >they should be using names to assign ID of nodes and so on. and not IP >adresses.
>I think you are on the wrong subnet.. but thats my best guess.

Ip address is in the same range