- Preface
- Overview
- Using the Command-Line Interface
- Assigning the Switch IP Address and Default Gateway
- Configuring Cisco IOS Configuration Engine
- Configuring MODBUS TCP
- Administering the Switch
- Configuring Switch Alarms
- Configuring Switch-Based Authentication
- Configuring SDM Templates
- Configuring IEEE 802.1x Port-Based Authentication
- Configuring Web-Based Authentication
- Configuring Interfaces
- Configuring Smartports Macros
- Configuring VLANs
- Configuring Private VLANs
- Configuring IEEE 802.1Q and Layer 2 Protocol Tunneling
- Configuring STP
- Configuring MSTP
- Configuring Optional Spanning-Tree Features
- Configuring Resilient Ethernet Protocol
- Configuring Flex Links and the MAC Address-Table Move Update Feature
- Configuring DHCP Features and IP Source Guard
- Configuring Dynamic ARP Inspection
- Configuring LLDP and LLDP-MED
- Configuring IGMP Snooping and MVR
- Configuring Port-Based Traffic Control
- Configuring CDP
- Configuring UDLD
- Configuring SPAN and RSPAN
- Configuring RMON
- Configuring System Message Logging
- Configuring SNMP
- Configuring Embedded Event Manager
- Configuring Network Security with ACLs
- Configuring Control-Plane Security
- Configuring QoS
- Configuring EtherChannels and Link State Tracking
- Configuring IP Unicast Routing
- Configuring IPv6 Unicast Routing
- Configuring IPv6 MLD Snooping
- Configuring IPv6 ACLs
- Configuring HSRP
- Configuring Cisco IOS IP SLAs Operations
- Configuring Enhanced Object Tracking
- Configuring Ethernet OAM, CFM, and E-LMI
- Configuring IP Multicast Routing
- Configuring MSDP
- Troubleshooting
- Configuring Online Diagnostics
- Supported MIBs
- Working with the Cisco IOS File System, Configuration Files, and Software Images
- MODBUS TCP Registers
- Unsupported Commands in Cisco IOS Release 12.2(53)EX
Configuring MODBUS TCP
Understanding MODBUS TCP
Use Modicon Communication Bus (MODBUS) TCP over an Ethernet network when connecting the switch to devices such as intelligent electronic devices (IEDs), distributed controllers, substation routers, Cisco IP Phones, Cisco Wireless Access Points, and other network devices such as redundant substation switches.
MODBUS is a serial communications protocol for client-server communication between a switch (server) and a device in the network running MODBUS client software (client). You can use MODBUS to connect a computer to a remote terminal unit (RTU) in supervisory control and data acquisition (SCADA) systems.
The client can be an IED or a human machine interface (HMI) application that remotely configure and manage devices running MODBUS TCP. The switch functions as the server.
The switch encapsulates a request or response message in a MODBUS TCP application data unit (ADU). A client sends a message to a TCP port on the switch. The default port number is 502.
Note For information about the registers that a client can query on a switch that functions as a MODBUS TCP server, see Appendix C, “MODBUS TCP Registers.”
MODBUS and Security
If a firewall or other security services are enabled, the switch TCP port might be blocked, and the switch and the client cannot communicate.
If a firewall and other security services are disabled, a denial-of-service attack might occur on the switch.
- To prevent a denial-of-service attack and to allow a specific client to send messages to the switch (server), you can use this standard access control list (ACL) that permits traffic only from the source IP address 10.1.1.n :
Multiple Request Messages
The switch can receive multiple request messages from clients and respond to them simultaneously.
You can set the number of client connections from 1 to 5. The default is 1.
Configuring the Switch as the MODBUS TCP Server
Defaults
The switch is not configured as a MODBUS TCP server.
Enabling MODBUS TCP on the Switch
Beginning in privileged EXEC mode:
To disable MODBUS on the switch and return to the default settings, enter the no scada modbus tcp server global configuration command.
To clear the server and client statistics, enter the clear scada modbus tcp server statistics privileged EXEC command.
After you enable MODBUS TCP on the switch, this warning appears:
WARNING: Starting Modbus TCP server is a security risk.
Please understand the security issues involved before
proceeding further. Do you still want to start the
server? [yes/no]:
To add security when using MODBUS TCP, configure an ACL to permit traffic from specific clients or configure QoS to rate-limit traffic.
Displaying MODBUS TCP Information
|
|
---|---|