Security

Controlling Module Access

Use the Security page to restrict access to the module, as follows:

Temporarily enable the module to receive firmware upgrades via FTP. When the firmware upgrade is complete, it is recommend that you disable the ability of the module to receive FTP transfers of firmware upgrades.
Enable Ethernet access control; then restrict module access to up to 32 hosts per subnet on the Ethernet network. When access control is disabled, the module accepts Ethernet communications from any IP address.

IP Addresses to Be Added

When access control is enabled, add the following IP addresses to the list:

Any network host that may send an Ethernet transmission to the module
Your own maintenance PC so that you can communicate with the module via Control Expert to configure and diagnose your application

NOTE: By default, the setting for index item 0 is the subnet of the HART multiplexer with subnet mask 255.255.0.0, which means the HART multiplexer can be accessed by a host in the same subnetwork.

Security Commands

You can set the following flags in the Security dialog:

Parameter	Description
Firmware Upgrade	Select either: Enable: Select this for a brief time to allow FTP access to the module for performing a firmware upgrade. Disable: When a firmware upgrade is not currently being performed by an authorized individual, select this to help protect the module against an unauthorized firmware upgrade.
Access Control	Select either: Enable: Select this to activate Ethernet access control. When access control is enabled, only hosts with IP addresses added to the list may access the module. Disable: When access control is disabled, any host may access the module via Ethernet.

Parameter

Description

Firmware Upgrade

Select either:

Enable: Select this for a brief time to allow FTP access to the module for performing a firmware upgrade.
Disable: When a firmware upgrade is not currently being performed by an authorized individual, select this to help protect the module against an unauthorized firmware upgrade.

Access Control

Select either:

Enable: Select this to activate Ethernet access control. When access control is enabled, only hosts with IP addresses added to the list may access the module.
Disable: When access control is disabled, any host may access the module via Ethernet.

Adding and Removing IP Addresses in the Authorized Access List

To add IP addresses to the Authorized Access list, follow these steps:

Step	Action
1	In the Security field, set Access Control to Enabled.
2	In the Authorized Addresses area, click in the IP Address field in the next empty row.
3	Enter the IP address you wish to add to the list.
4	If the IP address requires a subnet mask, do the following: In the Enable Subnet column, do one of the following: If the IP address requires a subnet mask, select Yes, then enter the subnet mask into the Subnet Mask field. If the IP address does not require a subnet mask, select No.
5	Repeat steps 2...4 for each IP address you want to add to the list.

To remove an IP address from the list, highlight the row and press the Delete key on your keyboard.