Security Tab
Original instructions
Overview
The Security tab allows you to configure the security level of the services.
The default settings represent the maximum level of security level. The increased security reduces the communication capabilities and the access to communication ports.
NOTE: For general information about security, refer to the Modicon Controllers Platform, Cyber Security, Reference Manual.
Properties
This table describes the properties of the Security tab:
Parameter
Description
Global Policy
Enforce Security
Reset all the services to the default settings and implement the highest level of security.
Unlock Security
Use the lowest level security settings (opposite of default settings).
Services
Enable or disable (default) firmware upgrade.
Enable or disable (default) the Web access service.
Enable or disable (default) the diagnostic access service.
EIP
Enable or disable (default) the diagnostic access service for exchanging I/Os and diagnostic information with the CPU.
Access Control
Enabled (by default)
Ethernet services access authorized for the listed addresses.
Disabled
There is no restriction on which network devices can access EtherNet services. The BMECXM module accepts EtherNet/IP requests from any device.
Services
For security reasons, all the communication ports of the BMECXM module are disabled by default.
If EIP service is disabled, exchanging with the CPU is not possible. Therefore, you have to enable at least the EIP service in the Security tab so that the scanner can access the BMECXM module.
If FTP service is disabled, an FTP upgrade is not possible.
Set the Security tab parameters before downloading the application to the CPU.
NOTE: Schneider Electric recommends disabling services that are not being used.
Enabling Access Control
When the Access Control is enabled, it restricts access to the BMECXM module services declared in the list.
In the box, you can add the IP addresses of:
You must ensure that the corresponding CPU scanner address is filled in the list of authorized addresses.
NOTE: Using the BMECXM module in RIO/DIO requires to add the corresponding RIO/DIO scanner IP address in the Access Control list (ACL).
Adding Devices to the Access Control List
NOTE: Before declaring a new address in the list, you must enable the corresponding service in the section Services.
To add devices, follow these steps:
Step
Action
1
Enable the Access Control.
2
Click Add.
3
Enter the address of the device to access the BMECXM module with either of these methods:
  • Add a single IP address: Enter the IP address of the device and select No in the Subnet column.
  • Add a subnet: Enter a subnet address in the IP Address column. Select Yes in the Subnet column. Enter a subnet mask in the Subnet Mask column.
    NOTE: The subnet in the IP Address column can be the subnet itself or any IP address in the subnet. If you enter a subnet without a subnet mask, an on-screen message states that the modification cannot be validated.
NOTE: A red exclamation point (!) indicates a detected error in the entry. You can save the configuration only after the detected error is addressed.
4
Select one or more of the following methods of access you are granting the device or subnet: FTP, HTTP, SNMP, EIP.
5
Repeat these steps 2 to 4 for each additional device or subnet to which you want to grant access to the BMECXM module.
NOTE: You can enter up to 128 authorized IP addresses or subnets.
6
Click Apply.
NOTE: You can remove a device by selecting its IP address and clicking Delete.