Rockwell Automation 1761-NET-ENIW MicroLogix Ethernet Interface (ENI) User Manual User Manual
Page 58
Publication 1761-UM006E-EN-P - August 2005
4-18 ENI/ENIW Configuration (Nodes 241 to 254)
The security masks default value is 0.0.0.0 out-of-box, which is
defined as “accept all register session requests”. A Security Mask of
255.255.255.255 is also defined as “accept all register session
requests”.
The follow examples illustrate the behavior of the security masks:
You can use one or two security masks. If you wish to use only one
security mask, use Security Mask 1 because it takes precedence over
Security Mask 2 (for example, if Security Mask 1 is accepted, Security
Mask 2 is not evaluated). Details of the relationship between the two
masks are shown in the following table.
TIP
The security mask acts as a filter on the source IP
address such that any mask octet set to the value of
255 becomes “don’t care” octets in the source IP
address and all other fields must match exactly.
Table 4.6 Security Mask Behavior
Example Condition
Security Mask Behavior
If a security mask is set to
192.168.15.255
and an IP address 203.129.75. 23 attempts
to message into the controller
The packet is rejected because 203.129.75 does not equal
192.168.15 (the 4
th
octet, 23, is “don’t care”).
and an IP address 192.168.15.76 attempts to
message into the controller
The packet is processed because the upper 3 octets match
(the 4
th
octet is still “don’t care”).
If a security mask is set to 192.168.255.76
All source IPs that equal 192.168.xxx.76 are accepted
because 255 is “don’t care”.
Table 4.7 Using Security Mask 1 and Security Mask 2
Example Condition
Security Mask Behavior
Security masks 1 and 2 are evaluated using the following logic:
If the security mask 1 filter results in an
“Accept” decision
security mask 2 is not evaluated and the register session request is processed.
If the security mask 1 filter results in a
“Deny” decision
security mask 2 is evaluated as follows:
• If the security mask 2 filter results in an “Accept” decision, the register session
request is processed
• If the security mask 2 filter results in a “Deny” decision, the register session
request is not replied to and the socket is closed.