Restricting Access to the BMENOP0300 Module
Using the Modicon IEC 61850 Configuration Tool, you can open
Communication Settings → Security tab and restrict access to the module by:
-
disabling the module service
-
disabling the module service
-
disabling the module IPsec service
-
specifying the Ethernet devices that may make TCP port 502 connections with the module
Enabling and Disabling the FTP, SNMP, and IPsec Services
The BMENOP0300 module uses the FTP service to support firmware upgrades, and uses the SNMP service to provide access to diagnostic information for the module.
You can enable and disable these services using the Modicon IEC 61850 Configuration Tool in the Security tab of the Communication Settings window:
-
Select Enable FTP to enable the FTP service. De-select it to disable the service.
-
Select Enable SNMP to enable the SNMP service. De-select it to disable the service.
-
Select the Enable IPsec check box to enable the IPsec service. Then, enter a 16-ASCII-character string in the Pre-Shared Key field. De-select the Enable the Enable IPsec check box to disable the service.
When you finish editing the services, click Apply to preserve your edits.
Configuring Access Control
You can also use the
Security tab of the
Communication Settings window to specify the Ethernet devices that may make FTP, Port 502, and IEC 61850 connections with the module, in its role as server. When you select
Access Control, add the IP addresses of the devices that may open a connection with the module.
When you enable access control, consider adding the following devices to the list of Authorized Addresses and Subnet mask so that they may communicate with the module:
-
any client device that may send a request to the BMENOP0300 module, in its role as IEC 61850 Server
-
your own maintenance PC so that you can communicate with the PLC via Control Expert to configure and diagnose your application
-
any target device to which the BMENOP0300 module may be accessed
Adding and Removing Devices in the Authorized Address List
To add a device to the Authorized Addresses list:
|
Step
|
Description
|
|
1
|
In the Access Control area, select the Access Control check box.
|
|
2
|
In the Access Control editable table, select an empty field in the IP Address column and enter the appropriate IP address.
|
|
3
|
Enter the respective subnet mask address for each IP address in the Subnet mask column.
|
|
4
|
For each IP address you add, select Yes or No in the Subnet column.
|
|
5
|
For each of the IP addresses you entered:
Parameters:
-
FTP
-
Port 502
-
IEC 61850 Server
-
SNMP
|
|
6
|
Repeat steps 2 through 5, for each additional device to which you want to grant access to the BMENOP0300 module.
NOTE: Add an IP address only once. Duplicate IP addresses are not allowed.
|
|
7
|
When you finish making access control edits, click Apply to save your edits.
|
NOTE: You can authorize access control for a maximum of 128 devices.
