EasyManua.ls Logo

Siemens SIMATIC NET S7-1200 - Partner Stations > Security Options (DNP3)

Siemens SIMATIC NET S7-1200
74 pages
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Configuration and operation
5.8 Notes on configuring individual functions
CP 1243-1 DNP3, CP 1243-1 IEC
48 Operating Instructions, 02/2014, C79000-G8976-C312-02
5.8.4
Partner stations > Security options (DNP3)
Partner stations > Partner 'X' > "Security options" (DNP3 CP only)
Preliminary remarks: Authentication and key exchange
If the security function is enabled, the DNP3 master and station (DNP3 CP) authenticate
themselves with a secret key, the pre-shared key.
With the help of the common pre-shared key, after the first connection establishment
between master and DNP3 CP, session keys are agreed that are then renewed cyclically.
Renewal of the session keys is normally initiated by the master. The criteria for renewing the
key are specified in the following parameters.
Key exchange interval
Authentication requests before key exchange
As soon as one of these conditions is met, the session key is renewed.
These and several other parameters are explained below.
Parameters
Key length
Specifies the length of the pre-shared key in bytes.
Permitted range: 16 ... 128. Depending on the secure hash algorithm configured in STEP
7 above, the following lengths are preset:
For SHA-1: 16
For SHA-256: 32
The value 0 (zero) is not permitted.
Max. number of key exchange requests
Maximum number of requests of a master within the key exchange interval configured
below. If the configured number of requests of the master is exceeded within the key
exchange interval, the DNP3 CP enters a message in the diagnostics buffer of the CPU.
Permitted range: 2 ... 255. Default setting: 5.
Authentication requests before key exchange
Maximum number of authentication requests of the DNP3 CP with the master. When this
number is reached, the session key is renewed. The value 0 (zero) is not permitted.
Recommendation: Set the number for the DNP3 CP twice as high as for the master.
Key exchange interval
Exchange interval for the session key. When time set for this interval is reached, the
session key is renewed.
If the key exchange interval is set to 0 (zero), the key is renegotiated according to the
configured "Authentication requests before key exchange".
Recommendation: Set the key exchange interval for the DNP3 CP twice as high as for
the master.

Table of Contents

Other manuals for Siemens SIMATIC NET S7-1200

Preview: Compact Operating Instructions
Compact Operating Instructions50 pages

Related product manuals