Security

Restricting Access to the 140 NOP 850 00 Module

Using the Modicon IEC61850 Configuration Tool, you can open Communication Settings → Security tab and restrict access to the module by:

Disabling the module FTP service
Disabling the module SNMP service
Specifying the Ethernet devices that may make TCP port 502 connections with the module

Enabling and Disabling the FTP and SNMP Services

The 140 NOP 850 00 module uses the FTP service to support firmware upgrades, and uses the SNMP service to provide access to diagnostic information for the module.

You can enable and disable these services using the Modicon IEC61850 Configuration Tool in the Access Control tab of the Communication Settings window:

Select Enable FTP to enable the FTP service. De-select it to disable the service.
Select Enable SNMP to enable the SNMP service. De-select it to disable the service.

When you finish editing FTP and SNMP services, click Apply to preserve your edits.

Both services are disabled by default.

If the FTP service has been enabled in Control Expert using the Modicon IEC61850 Configuration Tool, it can also be enabled or disabled at run time using an MBP_MSTR block with operation code FFF0 (hex).

Configuring Access Control

You can also use the Security tab of the Communication Settings window to specify the Ethernet devices that may make TCP port 502 connections with the module, in its role as either a Modbus TCP server. When you select Access Control, you need to add the IP addresses of the devices that may open a connection with the module.

When you enable access control, consider adding the following devices to the list of Authorized Addresses so that they may communicate with the module:

Any client device that may send a request to the 140 NOP 850 00 module, in its role as either Modbus TCP server
Your own maintenance PC so that you can communicate with the PLC via Control Expert to configure and diagnose your application
Any target device to which the 140 NOP 850 00 module may send a Modbus TCP explicit message

NOTE: You do not need to list the IP address of a target device to which the 140 NOP 850 00 module may send an IEC61850 message.

Adding and Removing Devices in the Authorized Address List

To add a device to the Authorized Addresses list:

Step	Description
1	In the Access Control area, select Access Control.
2	In the Authorized Address area, click the + button. A new row appears in the list, displaying a placeholder IP address.
3	Double-click the placeholder IP address. The IP address field becomes editable.
4	In the new IP address field, type the IP address of the device that is authorized to access the 140 NOP 850 00 module, then press Enter.
5	Repeat steps 2 through 4, above, for each additional device for which you want to grant access to the 140 NOP 850 00 module. NOTE: You can add a specific IP address only once. Duplicate IP addresses are not allowed.
6	When you finish making access control edits, click Apply to preserve your edits.

To remove a device from the Authorized Addresses list, select its IP address in the list, then click the – button. The selected IP address is removed.