5 modbus tcp/ip to rtu gateway, 6 tls, Modbus tcp/ip to rtu gateway – Campbell Scientific NL200/NL201 Network Link Interface User Manual

NL200/201 Network Link Interface

connection, and data received on the TCP connection will be forwarded to the

RS-232 port. This mode can be particularly useful when an RF base or serial

sensor is behind a firewall and needs to be the party responsible for initiating

the TCP socket connection to the data collection server.

The NL200/201 will attempt to open a connection with the remote server, and,

if the connection fails to open, the device will continue to retry at an interval of

60 seconds. If data arrives on the RS-232 port when no TCP connection exists,

the device will buffer the data (up to 1500 bytes) and immediately attempt to

open a connection to deliver the data. If the remote server closes the

connection due to error, the NL200/201 will make a best effort to save any data

that was in process and re-queue it to be sent on the next successfully-opened

TCP connection.

7.5 Modbus TCP/IP to RTU Gateway

The NL200/201 can serve as a Modbus TCP/IP to RTU Gateway. It will listen

for incoming Modbus TCP/IP connections from a Modbus TCP/IP master

client. The port number of the listening connection is specified in the

RS-232

Service Port Number setting and is typically set to a value of 502. The

NL200/201 will convert incoming Modbus TCP/IP frames to Modbus RTU

and forward them to the RS-232 port. The NL200/201 will wait for a response

from the Modbus RTU device and forward that response back to the remote

Modbus TCP/IP master client over the established TCP connection. The

Modbus RTU device is generally a datalogger, such as a CR200(X), connected

to the RS-232 port or a datalogger located remotely over a transparent radio

(for example, RF450) connection, but can be any Modbus RTU device. When

the NL200/201 is connected directly to a CR800 series, CR1000, or CR3000

being polled by a Modbus TCP/IP master client, the NL200/201 is most

commonly configured with Bridge Mode enabled instead of as a Modbus

TCP/IP to RTU Gateway.

7.6 TLS

The NL200/201 supports transport layer security (TLS) for proxy functions

including HTTPS. TLS versions 1.0 and 1.1. are supported. The TLS

implementation supports symmetric algorithms AES-256, AES-128, and RC4

and RSA keys up to 4096 bits. For any TLS connection, the unit will

preferentially use AES-256, then AES-128, and finally RC4. X.509 certificates

are supported, with the exception of v3 extensions. Certificates should be PEM

format. Up to 10 certificates can be chained. 20 KB of space is provided for

certificate storage. The Private Key should also be in PEM format and, if

encrypted, use AES-256 or AES-128 (SHA).

The implementation of TLS in the NL200/201 is provided so that secure,

encrypted communications can be established between a TLS client and the

NL200/201. With the TLS Proxy Server enabled, the NL200/201 can act as a

TLS proxy server for a datalogger. The NL200/201’s TLS Proxy Server

maintains a secure TLS connection with a remote TLS client and forwards data

onto a datalogger using a standard TCP connection thus enabling

communication with TLS clients. The TLS client can be a web browser using

HTTPS or other user-supplied TLS client. This offloads from the datalogger

the intensive computations that are necessary for a TLS server to perform.

Also, with the NL200/201 configured for TLS, it can establish a secure TLS

configuration session with DevConfig.

19