Technical FAQs

Ask a Question

M580 Security Tab

A key feature of the M580 is the ability to prevent certain Ethernet based services form running.
A majority of setitngs are located on the CPU Embedded Ethrnet port Security tab.  (Double click on the CPU's EIO:RIO DIO.)

Enforce Security and Unlock Security Fields
  • When you click Enforce Security (the Security tab default setting):
    FTP, TFTP, HTTP, EIP, SNMP, and DHCP/BOOTP are disabled and Access Control is enabled.
  • When you click Unlock Security:
    FTP, TFTP, HTTP, EIP, SNMP, and DHCP/BOOTP are enabled, and Access Control is disabled.
NOTE: You can set each field individually once the global setting is applied.
 
FTP
Enable or disable (default) firmware upgrade, SD memory card data remote access, data storage remote access, and device configuration management using the FDR service.
NOTE: Local data storage remains operational, but remote access to data storage is disabled.
TFTP
Enable or disable (default) the ability to read RIO drop configuration and device configuration management using the FDR service.
NOTE: Enable this service to use eX80 Ethernet adapter modules.
HTTP
Enable or disable (default) the web access service.  
Access Control
Enable (default) or disable Ethernet access to the multiple servers in the CPU from unauthorized network devices. 
 
Using Access Control for Authorized Addresses
Use the Access Control area to restrict device access to the CPU in its role as a server. After you enable access control in the Security dialog, you can add the
IP addresses of the devices that you want to communicate with the CPU to the list of Authorized Addresses:
  • By default, the IP address of the CPU’s embedded Ethernet I/O scanner service with Subnet set to Yes allows any device in the subnet to communicate with the CPU through EtherNet/IP or Modbus TCP.
  • Add the IP address of any client device that may send a request to the CPU’s Ethernet I/O scanner service, which, in this case, acts as a Modbus TCP or EtherNet/IP server.
  • Add the IP address of your maintenance PC to communicate with the PAC through the CPU’s Ethernet I/O scanner service via Unity Pro to configure and diagnose your application.
NOTE: The subnet in the IP Address column can be the subnet itself or any IP address inside the subnet. If you select Yes for a subnet that does not have a subnet mask, a pop-up window states that the screen cannot be validated because of a detected error.
You can enter a maximum of 128 authorized IP addresses or subnets.  
 
 
Was this helpful?
What can we do to improve the information ?