Configuring the Ethernet Port of the CPU
 
About us
Configuration
In the application browser, you can create an Ethernet network from the Communication node similar to the older versions of Control Expert (formerly Unity Pro).
To link the network to the Ethernet port of the CPU, use the Ethernet configuration screen.
Open the Ethernet configuration screen:
Creating a Network
Create a logical Ethernet network:
Step
Action
1
In the Project Browser, right-click the Network subdirectory in the Communication directory and select the New Network option.
Result: The Add Network screen appears.
2
Choose Ethernet in the List of available networks and choose a meaningful name for your selection:
3
Click OK. A new logic network will be created.
Accessing a Network Configuration
Access the logical Ethernet network configuration:
Step
Action
1
Open the project browser in order to see the logic networks of your application.
2
Right-click the Ethernet logic network to be configured and select Open.
Result: The Ethernet configuration screen is displayed.
3
Scroll to choose the Model Family of your network.
The configuration screen is divided into several zones:
Linking the Ethernet Network to the Embedded Ethernet
Configure the Ethernet link and link the Ethernet network created in the communication manager:
Step
Action
1
Open the Ethernet configuration screen.
2
Configure the Ethernet link with the ETH TCP IP function.
3
Link to the Ethernet network.
Services available for the MC80 CPU
These Network Services are configured inside Control Expert for the MC80 CPU:
Security
This Security Service applies to the Cyber Security of the MC80 network.
Access the Security tab from the index page:
Step
Action
1
Access the module configuration screen.
2
Select the Security tab as shown in the following figure.
This is the Security tab:
This table describes the features behavior with limited checks:
Feature
Characteristic
FTP
Enabled or Disabled
Access Control
Enabled or Disabled
ACL with 128 lines
1 hidden reserved for USB
NOTE: By default, the Security is Enforced (FTP Disabled and Access Control Enabled).
Access Control List (ACL)
The list of authorized addresses applies only to the devices that can communicate with the MC80 CPU via the port 502 server. The list also applies to the CPU firmware downloads.
When the access control is enabled, add the IP addresses of the authorized addresses. The devices can communicate only with authorized addresses.
To define the list of authorized addresses, you can enter one of the following:
NOTE: The subnet in the IP Address column can be the subnet itself or any IP address of the subnet. If you enter a subnet without a subnet mask, a detected error displays stating that the screen cannot be validated.
You can enter up to 128 authorized IP addresses.
File Transfer Protocol (FTP)
The Schneider Electric Ethernet devices use FTP for various tasks including firmware loading and retrieving error logs.
Schneider Electric recommends you to disable FTP when not required, as FTP is vulnerable to various cyber security attacks.
IP Configuration
Access the IP configuration tab from the index page:
Step
Action
1
Access the module configuration screen.
2
Select the IP configuration tab as shown in the following figure.
This is the IP configuration tab:
These are the configuration parameters for IP addresses:
Zone
Description
IP address configuration
On the IP Configuration tab, you can define the IP address of a module in the IP address configuration zone. The options are:
  • Configured: Manually enter the IP address, subnetwork mask, and gateway address.
  • From a server: The configuration is supplied by a server device.
NOTE: To configure IP addresses, obtain the appropriate network address and subnetwork mask from your system administrator.
Configured
Selecting the Configured option allows manual configuration according to your own requirements:
  • IP Address: The IP address of the module
  • Subnetwork mask: The mask defines the part allocated to the subnetwork identifier in the IP address.
  • Gateway Address: The gateway address is the IP address of the default gateway to which messages for other networks are transmitted.
NOTE:
  • If the module is connected to an existing TCP/IP network, the IP addresses are administered globally, therefore the IP parameters must be configured. Otherwise there may be an instance of duplice IP addresses on the existing network.
  • The configured IP address is valid only when the lower rotary switch turns to "Stored" position.
From a server
Selecting the From a server option allows the configuration of module’s IP address from a remote device acting as a DHCP server. When the From a server button is active:
  • Leaving the Device Name field empty facilitates communications that are compatible with any setting on the rotary switches.
  • To use a device name in the Device Name field, set the lower rotary switch to its STORED position. If you set the switch any other position, the result depends on the setting of the lower rotary switch, as described in the Ethernet Port Status table.
  • The configured IP parameters have no effect and are grayed out.
NOTE: The maximum length for the device name is 16 characters. Valid characters include alphanumerics (0…9, A…Z) and underscores.
NOTE: TCP/IP communications use the Ethernet II frame format, which complies with the RFC 894 standard.
Port Status
The status of the Ethernet port depends on the IP address configuration in the application and the setting on the rotary switches:
Application
Switch Setting
DHCP (device name from rotary switches)
DHCP
STORED
CLEAR IP
DISABLED
None
DEFAULT: Get IP address. (1)
DEFAULT: Get IP address. (1)
DEFAULT: Use default IP address. (1)
DEFAULT: This switch setting implements device’s default IP parameters regardless of the application type.
LED off. This switch setting stops communications between the module and the network, so the application type is inconsequential.
Configured
MISMATCH: Get IP address. (1)
MISMATCH: Get IP address. (1)
NO ERROR: Get IP address from application. (2)
Configured
From a server without device name (3)
NO ERROR: Get IP address. (2)
NO ERROR: Get IP address. (2)
NO ERROR: Get IP address with DHCP. (2)
From a server without device name (3)
From a server with device name
NO ERROR: Get IP address. Device name derived from switches (2) (5)
MISMATCH: Get IP address. (1)
NO ERROR: Get IP address with DHCP (device name from application). (2)(4)
From a server with device name
(1) Start default services only
(2) Start application-configured services
(3) Leaving the From a server/Device Name field empty on the IP Configuration tab facilitates communications that are compatible with any rotary switch setting.
(4) To use the device name from the IP Configuration tab in the Control Expert application, the lower rotary switch must be set to one of its STORED positions.
(5) When the server returns a name that matches the one you configure on the IP Configuration tab, communications are OK. When there is a mismatch, there is a communications error.
(6) The MC80 Ethernet modules will not receive an IP address from a DHCP server on application download if the IP configuration has not changed.
CAUTION
UNINTENDED EQUIPMENT OPERATION
The communications port can enter the idle state when the position of the rotary switches does not match the port network configuration in the application. For example, the switches may be set to DHCP while the application calls for a fixed IP address.
Failure to follow these instructions can result in injury or equipment damage.
SNMP
Access the SNMP tab from the index page:
Step
Action
1
Access the module configuration screen.
2
Select the SNMP tab as shown in the following figure.
This is the SNMP tab:
This procedure gives the configuration principles for SNMP:
Step
Action
1
Enter the IP address managers addresses:
  • IP address manager 1
  • IP address manager 2
2
Fill in the Agent fields:
  • Location (SysLocation)
  • Contact (SysLocation)
Or alternatively check the SNMP manager check box to indicate that the information will be completed by the SNMP manager.
3
If you want to set access rights, fill in the Community names:
  • Set
  • Get
  • Trap
These are the SNMP configuration parameters:
Zone
Description
SNMP
Parameters on the SNMP configuration tab are divided into four categories:
  • the IP addresses of SNMP manager devices
  • SNMP agents
  • the community names
  • security
NOTE: Only 7-bit ASCII characters can be used in the character string entry fields.
IP address managers
This zone allows you to complete the IP addresses of the SNMP managers. The modules authorize a maximum of two managers.
These addresses are used during possible transmission of events (TRAP). The transmission of supervised data is detailed at the topic SNMP.
Agent
This zone allows the localization and identification of an agent from the SNMP manager.
It consists of two fields:
  • The Location (SysLocation) field: Indicates the physical location of the device (32 characters maximum).
  • The Contact (SysLocation) field: Indicates the person to contact for device management and the method of contact (strings of 32 characters maximum).
  • If you prefer to have this information assigned by an SNMP Manager tool for network management, check the SNMP Manager check box.
Community names
This zone is used to define community names for the Set, Get and Trap utilities. It consists of three fields:
  • The Set field defines the community name for the Set utility (strings of 16 characters maximum). The default value of the field is Public.
  • The Get field defines the community name for the Get utility (strings of 16 characters maximum). The default value of the field is Public.
  • The Trap field defines the community name for the Trap utility (strings of 16 characters maximum). The default value of the field is Public.
The purpose of these fields are to define the access rights for the MIB objects of the SNMP agent (local module) in relation to requests sent by the manager.
Example: If the manager sends a SetRequest request with the community name Test and the module has the community name Public, the request is not executed.
Security
This zone contains the Enable "Authentication Failure" trap check box. Checking this box allows you to validate the transmission of an authentication failure event (TRAP) from the SNMP agent to the configured manager. In this way, the agent warns the manager that the request has been refused following an identification error (community name configured in the manager is different from the one configured in the agent).
CAUTION
UNEXPECTED NETWORK BEHAVIOR - SNMP PARAMETERS RESET
The SNMP manager is able to modify the value of certain configurable parameters (Enabling "Authentication failure," Location, Contact. etc.). The SNMP Manager box is not checked and there is a cold start, warm restart, or application download, the initially configured values are restored.
Failure to follow these instructions can result in injury or equipment damage.
RSTP
Access the RSTP tab from the index page:
Step
Action
1
Access the module configuration screen.
2
Select the RSTP tab as shown in the following figure.
This screen shows the RSTP screen for an MC80 Ethernet network, you can choose the priority of the bridge from the Bridge Priority arrow:
These are the RSTP configuration parameters:
Zone
Description
Bridge Priority
Select one of the following values in the drop-down list:
  • Root (0)
  • Backup Root (4096)
  • Participant (32768)
NOTE: Network switches running RSTP software periodically exchange information about themselves using special packets called Bridge Protocol Data Units (BPDUs), which act as a heartbeat. The Bridge Priority value is stored in the BPDU and it establishes the relative position of the switch in the RSTP hierarchy.
Forward delay
The delay used by STP Bridges to transition Root and Designated Ports to Forwarding.
Maximum Age
This value is set to the length of time, from 6…40 seconds the switch waits for receipt of the next hello message, before initiating a change to the RSTP topology. Default = 40 s.
Transmit Hold Count
The maximum number of BPDUs, from 1…40, the switch can transmit per second. Default = 40.
Hello Time
When the frequency is set at 2 seconds, the embedded switch sends heartbeat BPDUs.
Bandwidth
Access the Bandwidth tab:
Step
Action
1
Access the module configuration screen.
2
Select the Bandwidth tab as shown in the following figure.
3
Select the appropriate Ethernet Environment zone.
  • Isolated: Lessens the impact of Ethernet communication on the scan by limiting the number of polled Ethernet messages to 500 per second
  • Mastered: Increases the maximum number of polled messages to 1,000 per second
  • Open: Increases the maximum number of polled messages to 2,200 per second
4
Enter the estimate for the Messaging information zone.
5
If the module overflows, the message "The maximum number of messages for the Extended Ethernet network must not exceed 2,000 messages" appears.
This is the Bandwidth tab for an MC80 Ethernet network:
Port Features
These are the features of the Ethernet port:
Feature
Description
addressing
STORED
CLEAR IP
DHCP
supported application protocols
Stored IP (from application)
IP from BootP
IP from DHCP
MAC-based IP
Modbus messaging
FDR client
FDR server
SNMP agent
Bandwidth Management
FTP
ARP
RSTP
auto MDI/MDI-X
supported
auto-negotiation
supported
connector type
dual-shield RJ45
max. connections for Modbus TCP (port 502) all services included
16 Modbus TCP connections as server
max. connections for Modbus TCP (port 502) messaging only
Modbus TCP connections as server not taking into account IO scanner, from which only one connection is used by Control Expert in programming mode.
Modbus TCP connections as client not taking into account IO Scanner, i.e. 6 simultaneous communication EFB on Ethernet.
max. connections for FTP
1 (for firmware upgrade only)
max. server requests per cycle
8
max. client requests per cycle
4
max. message length
1026 including network headers
max. message throughput for Modbus TCP
This value is a function of the PLC cycle (PLC cyc * max req/cyc).
The default value in not configured in an M340 system.
max. message throughput for Modbus TCP
The Ethernet Environment (or CPU load) identified in the Bandwidth window:
  • isolated
  • mastered
  • open