Manualshelf

Installation guide

ManualsBrandsEssence Technology ManualsComputer equipmentEIP 7012
101102103104105106107108109110
Network Infrastructure for EtherNet/IP™
A-7
Appendix A Recommendations for Ethernet Switches in EtherNet/IP Systems
the configuration read-in automatically. This allows switch maintenance and replacement
with non-engineering personnel or where access to switch configuration data is restricted.
7. Security functionality: Security appropriate for Ethernet-based control systems is currently
being evaluated. Most managed switches support at least port disable functions. Current
security measures that are becoming more common in managed switches include the
following:
Port disable: The ability to disable/enable spare maintenance ports to prevent casual
access.
Port security: The ability to enter a list of one or more authorized devices’ MAC or IP
addresses. Connected devices that do not match the list are prevented from
communicating and typically also generate an SNMP alarm message.
VLANs: VLANs can be used to restrict traffic and network access. Unauthorized access
in one area can be restricted to that section of the application instead of the entire
EtherNet/IP application.
Radius authentication: This includes IEEE Std 802.1X for plant-floor based
programming stations and PCs. It prevents the non-authorized laptop or PC that is new to
the area from being attached to and used on the network without being authenticated by a
central server.
SSL/SSH: These security measures allow the secure remote monitoring and configuration
of devices via the web or command line (CLI) Telnet.
Firewalls and VPNs: These allow the secure movement of data across unsecured lines
and keep access to sensitive areas secure from unauthorized personnel.
More information related to various encryption techniques will be added in future revisions of this
document.
Summary
The minimum functional switch requirements related to EtherNet/IP vary based on the size, performance,
functionality and network connectivity requirements of the application. (See 6 Infrastructure Application
Scenarios for more information.) For EtherNet/IP applications, these are summarized with three levels of
required functionality:
Isolated systems, small scale
Isolated systems, general use
Large-scale control and enterprise networking
In any specific application, there are additional optional functions that can increase performance and
maintainability of the system. The following represent current widely available or quickly emerging
functions.