1head - 1.5 modbus security, 5 modbus security – GE Industrial Solutions Entellisys 5.0 Integrator's Guide User Manual
Page 18
Control Features
18
1.5 Modbus Security
If Modbus security has been configured (see section 4.2 in DEH 500 Administrator’s Manual),
then Modbus clients must write the pre-configured password to either the
registers before sending commands or updating settings on
each CPU. The configured passwords are encrypted and stored on the CPU.
Operation
COMMAND and SETTING passwords each have a 30-minute timer. Each timer starts when you
enter the particular password, and is restarted whenever you “use” it. For example, writing a
setting restarts the SETTING password timer and writing a command register or forcing a coil
restarts the COMMAND password timer. The value read at memory location 02A8 can be used
to confirm whether a COMMAND password is enabled or disabled (0 for Disabled). The value
read at memory location 02A9 can be used to confirm whether a SETTING password is enabled
or disabled.
COMMAND or SETTING password security access is restricted to the particular port or particular
TCP/IP connection on which the entry was made. Passwords must be entered when accessing
the relay through other ports or connections, and the passwords must be reentered after
disconnecting and reconnecting on TCP/IP.
Implementation
To write a breaker 1 open command to a CPU with a command password preset to “1234” the
following must be coded at the Modbus TCP client:
1. Enter command mode: Write “1234” to memory location 02A4 (
2. Read memory location 02A8 (
) to verify the password was
accepted.
3. Write “1” to location
4. Exit command mode: Write “0” to memory location 02A4 (
Similarly, the
register on page 59 is set up at memory location 02A6. To
gain SETTING level security access, the SETTING password must be entered at memory location
02A6. The entered SETTING password must match the current SETTING password setting to
change settings.