This post is a resolution:
This is my scenario:
-
I have a Siemens HMI TP700 which has the OPC UA server (not the S7-1200 PLC)
-
There is a Scalance (Siemens managed switch: Scalance XC208) connected from the HMI and PLC to translate the local IP addresses (PLC: 192.168.100.103, and HMI: 192.168.100.102 into our organization's IP addresses (HMI: x.x.x.x)
-
The goal is to connect the OPC UA server to Ignition using our translated IP address from the HMI by the Scalance. This IP address is again (not the local IP but...) our organization's IP address.
-
The first step is to configure the settings in the HMI for enabling the HMI OPC UA server and enable the "Use router" to be able to ping the HMI via the Scalance:
1.1 Ensure that the highlighted boxes are checked:
Note: the “None” box has to be checked for me to browse the tags (see the screenshot below): Reference: page 12 on this document: https://cache.industry.siemens.com/dl/files/236/63481236/att_917850/v2/63481236_Part4_Panel_Server_und_OPC-Scout_Client_en.pdf
1.2 Ensure that the "User router" box is checked:
-
The next is to configure the Scalance:
2.1 The managed switch has a total of 8 ports: 4 ports (1-4) will be configured for vlan1 and the other 4 ports (5-8) will be configured for vlan2.
2.2 Configure the Scalance IP address using the SinecPNI software:
Give it an IP address belonging to your organization's network
2.3 Layer 2 Configuration: Internal (INT) and External (EXT). Set the vlan1 to be EXT (because it will be translating the IP address from the INT) and vlan2 to be INT. This way ports 1-4 are configured for the EXT and ports 5-8 are configured for the INT.
2.4 Layer 3 Configuration:
Configure the Inside local address to be the address of the HMI (because the HMI has the OPC UA server).
The Inside Global Address to be the IP address of your organization.. and this will be the IP address of the OPC UA server (translated IP from the local HMI IP) to be used later for connecting to Ignition. Note: To change these IP addresses, you may have to delete the entry (by checking the box) and then create the entry again:
2.5 Check the configuration for vlan1:
Vlan1 must have the IP address of your scalance:
2.6 Check the configuration for vlan2:
Vlan2 must have the router/gateway IP address of the local HMI (in our case it will be 192.168.100.1
2.7 Check the configuration for vlan1 and vlan2 in the Overview: Note: remember vlan1 must have the Scalance IP address and vlan2 must have the router/gateway IP address of the local HMI:
2.8 For the Default Gateway, enter the router/gateway IP address of your organization (automation) network:
2.9 Lastly, we just check the idle timeout:
- Make the connection with Ignition
3.1 When setting up the connection in Ignition, the port must be 4870
Also for reference, check page 11 on this link:
https://cache.industry.siemens.com/dl/files/236/63481236/att_917846/v2/63481236_Part2_Panel_Server_und_RT_Adv_Client_en.pdf
3.2 One important thing is that after attempting to connect to the Siemens HMI OPC UA server, the connection is going to be faulted in Ignition. Why? Because the OPC UA server will generate a certificate and its system will place it into a "Reject" folder. So what you need to do is to get into the HMI OPC UA server Windows system, cut (not copy) the certificate from that "Rejected" folder and paste it into another folder named "Certs". For reference, check out the following link on page 15: https://cache.industry.siemens.com/dl/files/236/63481236/att_917846/v2/63481236_Part2_Panel_Server_und_RT_Adv_Client_en.pdf
After that cut and paste of the certificates, you should get a fully connected connection between Ignition and the Siemens HMI OPC UA server.
3.3 If you cannot browse the tags in the Ignition OPC client, do the following: Per this Forum post, change the Max per Operation property in Advanced to 64. Change it from the default value of 8,192 to 64.
