5 modbus tcp/ip to rtu gateway, 6 tls, Modbus tcp/ip to rtu gateway – Campbell Scientific NL200/NL201 Network Link Interface User Manual
Page 29
NL200/201 Network Link Interface
connection, and data received on the TCP connection will be forwarded to the
RS-232 port. This mode can be particularly useful when an RF base or serial
sensor is behind a firewall and needs to be the party responsible for initiating
the TCP socket connection to the data collection server.
The NL200/201 will attempt to open a connection with the remote server, and,
if the connection fails to open, the device will continue to retry at an interval of
60 seconds. If data arrives on the RS-232 port when no TCP connection exists,
the device will buffer the data (up to 1500 bytes) and immediately attempt to
open a connection to deliver the data. If the remote server closes the
connection due to error, the NL200/201 will make a best effort to save any data
that was in process and re-queue it to be sent on the next successfully-opened
TCP connection.
7.5 Modbus TCP/IP to RTU Gateway
The NL200/201 can serve as a Modbus TCP/IP to RTU Gateway. It will listen
for incoming Modbus TCP/IP connections from a Modbus TCP/IP master
client. The port number of the listening connection is specified in the
RS-232
Service Port Number setting and is typically set to a value of 502. The
NL200/201 will convert incoming Modbus TCP/IP frames to Modbus RTU
and forward them to the RS-232 port. The NL200/201 will wait for a response
from the Modbus RTU device and forward that response back to the remote
Modbus TCP/IP master client over the established TCP connection. The
Modbus RTU device is generally a datalogger, such as a CR200(X), connected
to the RS-232 port or a datalogger located remotely over a transparent radio
(for example, RF450) connection, but can be any Modbus RTU device. When
the NL200/201 is connected directly to a CR800 series, CR1000, or CR3000
being polled by a Modbus TCP/IP master client, the NL200/201 is most
commonly configured with Bridge Mode enabled instead of as a Modbus
TCP/IP to RTU Gateway.
7.6 TLS
The NL200/201 supports transport layer security (TLS) for proxy functions
including HTTPS. TLS versions 1.0 and 1.1. are supported. The TLS
implementation supports symmetric algorithms AES-256, AES-128, and RC4
and RSA keys up to 4096 bits. For any TLS connection, the unit will
preferentially use AES-256, then AES-128, and finally RC4. X.509 certificates
are supported, with the exception of v3 extensions. Certificates should be PEM
format. Up to 10 certificates can be chained. 20 KB of space is provided for
certificate storage. The Private Key should also be in PEM format and, if
encrypted, use AES-256 or AES-128 (SHA).
The implementation of TLS in the NL200/201 is provided so that secure,
encrypted communications can be established between a TLS client and the
NL200/201. With the TLS Proxy Server enabled, the NL200/201 can act as a
TLS proxy server for a datalogger. The NL200/201’s TLS Proxy Server
maintains a secure TLS connection with a remote TLS client and forwards data
onto a datalogger using a standard TCP connection thus enabling
communication with TLS clients. The TLS client can be a web browser using
HTTPS or other user-supplied TLS client. This offloads from the datalogger
the intensive computations that are necessary for a TLS server to perform.
Also, with the NL200/201 configured for TLS, it can establish a secure TLS
configuration session with DevConfig.
19