APARIAN A-DNP3R Скачать руководство пользователя страница 24 | Manualshive

Страница: 24 / 108

background image

Setup

Document No. D109-010

Page 24 of 108

Revision 1.15

MAC Algorithm

The MAC algorithm is used to encrypt the challenge data for secure
authentication. DNP3 allows for various encryption standards in different formats
to be used for secure authentication:

HMAC SHA-1 encryption (4 octets – serial) – for legacy support
HMAC SHA-1 encryption (8 octets – serial)
HMAC SHA-1 encryption (10 octets – networked)
HMAC SHA-256 encryption (8 octets – serial)
HMAC SHA-256 encryption (16 octets – networked)
AES-GMAC (12 octets)

Key Wrap Algorithm

DNP3 uses various keys for secure authentication. The keys that are used for data

exchange and called the session keys and these keys may be updated frequently.
To exchange the session keys between two DNP3 devices the update key (refer
to the Secure Authentication section for further detail) is used to encrypt the data
and session keys before exchanging it between parties. DNP3 allows for two
standards to encrypt the session keys:

AES-128 Key Wrap
AES-256 Key Wrap

Aggressive Mode

To reduce the bandwidth used for secure authentication the user can select
aggressive mode which allows the message initiator to anticipate and provide the

required authentication in the request message. Thus from a network point of
view there is a two message exchange for secure authentication compared to the
normal four message exchange for secure authentication.

Link Unsolicited and
Aggressive Mode CSQ

Ensure that the Challenge Sequence Numbers (CSQ) of unsolicited requests and
Aggressive Mode requests are the same.

Secure Optional Critical
Functions

When secure authentication is enabled there are various mandatory and optional
application functions that must be authenticated before data can be exchanged.

The optional functions can be selected in the box.

Mandatory functions, e.g. Operate, are therefore not included in the options list.

Table 3.3 – Security configuration parameters

NOTE: For further information regarding the security settings refer to the
Security section.

The security configuration is shown in the figure below. The DNP3 Security configuration
window is opened by either double clicking on the module in the tree or right-clicking the
module and selecting

Configuration.

Once in the configuration window, select the second tab

at the top

Security

.

NOTE: The actual pre-shared key cannot be included in the configuration. It
can only be written to the DNP3 Router when online via the Status window.

«
...
22
23
24
25
26
...
»

Содержание A-DNP3R

Страница 1: ...DNP3 Router User Manual A DNP3R Document No D109 010 09 2017 Revision 1 15...

Страница 2: ...ion Software 14 3 2 Network Parameters 14 3 3 Creating a New Project 18 3 4 DNP3 parameters 20 3 5 Message Routing 29 3 5 1 Reactive Tag Outstation Mode 29 3 5 2 Scheduled Tag Master Mode 35 3 5 3 Uns...

Страница 3: ...ed Responses 71 5 4 1 Outstation Event Configuration 71 5 4 2 Master Event Unloading 73 5 5 Report By Exception 75 6 Security 77 7 Diagnostics 79 7 1 LEDs 79 7 2 Module Status Monitoring in Slate 80 7...

Страница 4: ...August 2016 Added RoHS2 compliant to certifications 1 9 8 September 2016 Updated Reactive Mode to support DNP3 Events Support Group and Variations to DNP3 Conformance Level 3 Support for DNP3 Device...

Страница 5: ...tform e g ControlLogix or CompactLogix with minimal effort Figure 1 1 Typical Setup 1 2 FEATURES The DNP3 Router is able to transfer data from various DNP3 devices to a maximum of three Logix controll...

Страница 6: ...in the Logix controller is required as the DNP3 Router writes directly into Logix tags The DNP3 Router also provides DNP3 Secure Authentication 5 which enables the user to connect DNP3 devices to a Lo...

Страница 7: ...data exchange to Allen Bradley ControlLogix and CompactLogix platforms This enables user to replace legacy devices and systems with minimal effort and downtime The DNP3 Router allows a Logix platform...

Страница 8: ...Logix platform at a configured interval without any need for additional coding or mapping Figure 1 4 Example of a typical network setup when using secure authentication The DNP3 Router also provides t...

Страница 9: ...ing standard www cisco com c en us td docs video cds cde cde205_220_420 installation guide cde205_220_420_hig Connectors html CIP Routing The CIP Networks Library Volume 1 Appendix C Data Management D...

Страница 10: ...r way connector This provides connection for the communication transmit TX receive RX and ground GND conductors The fourth connection earth is used for shielding the cable in high noise environments T...

Страница 11: ...orce the module into Safe Mode When in Safe Mode the module will not load the application firmware and will wait for new firmware to be downloaded This should only be used in the rare occasion when a...

Страница 12: ...specification The DIN rail clip is mounted on the bottom of the module at the back as shown in the figure below Use a flat screw driver to pull the clip downward This will enable the user to mount th...

Страница 13: ...NOTE The shield of the RS232 port is internally connected to the power connector earth Thus when using a shield it is important to connect the Earth terminal on the power connector to a clean earth F...

Страница 14: ...slate Figure 3 1 Aparian Slate Environment 3 2 NETWORK PARAMETERS The module will have DHCP Dynamic Host Configuration Protocol enabled as factory default Thus a DHCP server must be used to provide th...

Страница 15: ...is operational on the network and it has assigned the IP address To assign an IP address click on the corresponding Assign button The IP Address Assignment window will open Figure 3 4 Assigning IP Add...

Страница 16: ...ck to Off position to avoid the module returning to a DHCP mode after the power is cycled again If the module s DIP switch 2 is in the On position during the address assignment the user will be warned...

Страница 17: ...lecting the Target Browser The Target Browser automatically scans the Ethernet network for EtherNet IP devices Figure 3 8 Target Browser Right clicking on a device reveals the context menu including t...

Страница 18: ...using the Port Configuration window Figure 3 10 Port Configuration Alternatively these parameters can be modified using Rockwell Automation s RSLinx software 3 3 CREATING A NEW PROJECT Before the user...

Страница 19: ...oject Explorer tree view To save the project use the Save option under the File menu A new device can now be added by selecting Add under the Device menu Figure 3 12 Adding a new device In the Add New...

Страница 20: ...RS The DNP3 parameters will be configured by Slate Refer to the additional information section for documentation and installation links for Aparian Slate The DNP3 parameter configuration consists of a...

Страница 21: ...e routing information is configured by Logix for each message transaction DNP3 communication in this mode is initiated by Logix Refer to the message routing section of the document for a details expla...

Страница 22: ...n all other modes the node address is dynamically changed to suite the required mapping BAUD Rate The BAUD rate will configure at what speed the data is sent across the RS232 serial network The module...

Страница 23: ...and selecting Configuration Once in the configuration window select the second tab at the top DNP3 Figure 3 16 DNP3 Configuration NOTE The DNP3 Router supports 8 data bits and 1 stop bit The Security...

Страница 24: ...essage initiator to anticipate and provide the required authentication in the request message Thus from a network point of view there is a two message exchange for secure authentication compared to th...

Страница 25: ...h Outstation Unsolicited events are not supported in this mode Selecting Group Mode for the Event Unload Mode will enable the Event Groups configuration on the setup form Logix Controller When the DNP...

Страница 26: ...h event Class must operate The following options are available None This group will not be queried or allowed to unload events with unsolicited responses Poll The event class will be polled for events...

Страница 27: ...s IP Address of the allowed DNP3 Master Note that this field is only available with Ethernet communication e g TCP or UDP Node Address The Node Address of the allowed master Location Name This paramet...

Страница 28: ...1 implying every event received is sent immediately to the DNP3 Master Max Time The maximum time parameter is used to send an unsolicited response when there have been events buffered for a preconfig...

Страница 29: ...s to Logix tags across multiple controllers In this mode the DNP3 Router will redirect a DNP3 message to a Logix controller at a preconfigured path Thus the routing of the DNP3 group variation and ran...

Страница 30: ...to link the DNP3 group variation and range to the destination Logix tag The Logix controller paths can either be entered manually or the user can browse to them by clicking the Browse button The Targe...

Страница 31: ...r by double clicking on the controller module A maximum number of 3 controller mapping entries can be added The second part of the Reactive Tag mode is to configure the link between a DNP3 group varia...

Страница 32: ...anged data incorrectly Refer to the DNP3 Logix Mapping section for further information Next the range of data to be accessed must be specified This is done by selecting a start index as well as the in...

Страница 33: ...outed to the Logix tags using the Reactive Tag Map mode NOTE It is the user s responsibility to ensure that the Logix tag datatype UDT and size matches that of the DNP3 message requests Failing to do...

Страница 34: ...Setup Document No D109 010 Page 34 of 108 Revision 1 15 Figure 3 26 Reactive Tag mode configuration in Slate example route 1 Figure 3 27 Reactive Tag mode configuration in Slate example route 2...

Страница 35: ...nd is used by the DNP3 Master to monitor the status and actual value of the outputs The same must be done for Analog Output Commands and Status Groups See the example DNP3OutstationExample project Fig...

Страница 36: ...o link the DNP3 group variation and range to the destination Logix tag The Logix controller paths can either be entered manually or the user can browse to them by clicking the Browse button The Target...

Страница 37: ...ed NOTE A maximum of 230 bytes can be exchanged per mapped item when running in Scheduled Tag Mode Thus if the user needs to exchange 130 x 32bit values from to the Scheduled Tag DNP3 Router three map...

Страница 38: ...d action and scan required Figure 3 33 Scheduled Tag Mapping The Function field specifies whether the transaction will result in a read or write to the Logix controller tag NOTE The DNP3 Router suppor...

Страница 39: ...the number of elements index count One of the Target Names configured in the first step can be selected by means of the target Name combo box The Target Tag can be either entered manually or selected...

Страница 40: ...ements and commands The following parameters must be configured to enable DNP3 Events Parameter Description Enable Events This parameter will enable or disable the DNP3 Event function for a specific s...

Страница 41: ...he elements in the mapped line item will be spread over multiple Logix controller reads In addition to the aforementioned Event trigger mechanism it is also possible to trigger events from Logix This...

Страница 42: ...ructions and examples where Logix triggers the event logging making use of dynamic deadbands time intervals and external triggers NOTE When using the Logix controlled event trigger method it is recomm...

Страница 43: ...Scheduled Logix Controller Map Once this is done the user can browse to the required Logix tag using the Tag browser to enable the DNP3 Router to unload DNP3 events into the Logix controller Figure 3...

Страница 44: ...d events into a Logix controller is explained in section 5 3 7 MODULE DOWNLOAD Once the DNP3 configuration has been completed it must be downloaded to the module Before downloading the Connection Path...

Страница 45: ...on the module and selecting the Connection Path option Figure 3 40 Selecting Connection Path The new connection path can then be either entered manually or selected by means of the Target Browser Figu...

Страница 46: ...ule s time will be compared to that of the PC s time Should the difference be greater than 30 seconds the user will be prompted to set the module time to that of the PC time Figure 3 44 Setting module...

Страница 47: ...ection 3 8 1 For older versions 19 and below the module must be added using a Generic Profile which is described in section 3 8 2 3 8 1 STUDIO 5000 CONFIGURATION VERSION 20 Integration with the Logix...

Страница 48: ...n be added to the Logix IO tree in Studio 5000 Under a suitable Ethernet bridge module in the tree select the Ethernet network right click and select the New Module option Figure 3 47 Adding a module...

Страница 49: ...48 Selecting the module Locate and select the DNP3 Router module and select the Create option The module configuration dialog will open where the user must specify the Name and IP address as a minimu...

Страница 50: ...ear in the Logix IO tree Figure 3 50 Logix IO tree The Module Defined Data Types will automatically be created during the instantiation process These data types provide meaningful structures to the mo...

Страница 51: ...000 and selecting New Module after which the ETHERNET MODULE is selected to be added as shown in the figure below NOTE See the next section for importing the configuration L5X Figure 3 52 Add a Generi...

Страница 52: ...to add the connection requested packet interval RPI This is the rate at which the input and output assemblies are exchanged The recommended value is 500ms Refer to the technical specification section...

Страница 53: ...O tree and selecting Import Data Type The assemblies are then assigned to the UDTs with a ladder copy instruction COP as shown in the figure below Figure 3 55 RSLogix 5000 I O module tree 3 8 2 2 IMPO...

Страница 54: ...s Two controller tags representing the Input and Output assemblies A routine mapping the DNP3Router module to the aforementioned tags An example Unscheduled Message instruction with the associated Tag...

Страница 55: ...nt No D109 010 Page 55 of 108 Revision 1 15 Figure 3 58 Imported RSLogix 5000 objects Refer to the additional information section of this document for an example RSLogix 5000 project as well as the re...

Страница 56: ...routing the DNP3 messages correctly Refer to the diagnostics section of this document for a more detailed explanation of the various indicators that can be used to diagnose the module 4 2 RSLOGIX 5000...

Страница 57: ...agStatus ScheduledTagStatus0 29 BOOL 30 Each bit represents the status of the last scheduled transaction for that specific map item A true value indicates success TransactionRate DINT The transaction...

Страница 58: ...ngInhibit BOOL This bit inhibits the module routing capabilities When set no DNP3 messages will be routed This may be required in applications running a redundant DNP3 network where one of the DNP3 Ro...

Страница 59: ...re 4 3 Message Configuration Parameter Description Message Type CIP Generic Service Type Custom Service Code 6A Hex Unscheduled DNP3 Pass through Class 40C Hex Instance 1 Attribute 0 Source Element Th...

Страница 60: ...gured to that of the DNP3 Router If the DNP3 Router has been added in the I O tree then the Browse option can be used to select the path Alternatively enter the CIP path in the format 1 X 2 IP where 1...

Страница 61: ...s of the remote device when an Ethernet port was selected above Function The DNP3 application layer function that will be used Refer to the DNP3 documentation in the Additional information section Req...

Страница 62: ...e response data received Response Data Response to the DNP3 application layer object request Table 4 5 Unscheduled Message Response Parameters After the message has been executed successfully Msg DN t...

Страница 63: ...ion 1 15 Figure 4 7 DNP3 Message Request Example The response to the message is shown in the next figure The data values can them be copied COP instruction to the required tag destination The DNP3 Gro...

Страница 64: ...Logix Operation Document No D109 010 Page 64 of 108 Revision 1 15 Figure 4 8 DNP3 Message Response Example...

Страница 65: ...Ts should be used When DNP3 group 30 analog inputs has been selected there is a range of variations that can be used providing different format and additional information for the user If variation one...

Страница 66: ...Page 66 of 108 Revision 1 15 Figure 5 2 Supported UDT for DNP3 Group 30 with Variation 1 A new tag or array must be created to match the DNP3 Group and Variation Figure 5 3 New Tag with Supported UDT...

Страница 67: ...detects the data types are different the Logix Data Type Mismatch statistic will increase or incorrect data will be received by the Logix Controller 5 2 ANALOG BINARY OUTPUT COMMANDS The select operat...

Страница 68: ...Direct Operate no reponse functions The DNP3 Router uses a RequestPending bit in the Logix UDTs refer to the example code for provided UDTs to inform the user that either an operate request has been r...

Страница 69: ...with Group 40 and 41 To ensure the command was executed the master can either read the Output Status Groups 10 40 or configure an event on the Status and Command groups 5 2 2 SENDING OUTPUT COMMANDS W...

Страница 70: ...he user must also ensure that the dimensions of the two tag arrays are the same The Counter control will use the AparianDNP3CounterCtrl UDT as shown below Figure 5 8 Freeze Command Pair Figure 5 9 Out...

Страница 71: ...s referred to as Report By Exception In Scheduled Master Mode DNP3 events are passed directly to an event array in the Logix Controller In the event that the DNP3 Module in Master mode loses connectiv...

Страница 72: ...n event will be timestamped Figure 5 12 Select variation 5 4 1 3 SELECTING A DEADBAND DB The change deadband must be selected When the value changes by more than the deadband an event is logged Figure...

Страница 73: ...he setup and extracting of DNP3 events from DNP3 outstations is explained in section 3 6 2 This section will focus on the event unloading from the DNP3 Router into a Logix Controller The Event unload...

Страница 74: ...See the appendix for an explanation of each Group s set of flags EvtSrcNodeAddress The Node Address of the Outstation which reported the event EvtSrcIPAddress The IP Address of the Outstation which r...

Страница 75: ...loading Refer to the Logix Master Example code which can be found on the website at the following link http www aparian com products dnp3router The Logix Master Example code provides UDTs and AOIs to...

Страница 76: ...ter Example DNP3MasterExample code which can be found on the website at the following link http www aparian com products dnp3router The Logix Master Example code provides UDTs and AOIs to process even...

Страница 77: ...hared Key method for Key Changes Thus the Update Key needs to be entered into each device by means outside of the DNP3 protocol In Slate the user can write the Update Key into the DNP3 Router module u...

Страница 78: ...odule also supports Aggressive Authentication mode which reduces the amount of traffic on the network which could be required on busy networks or serial communication NOTE The user needs to ensure tha...

Страница 79: ...rating correctly For example if the module application firmware has been corrupted or there is a hardware fault the module will have a red Module LED If the LED is green then the module has booted and...

Страница 80: ...ust be online If the module is not already Online following a recent configuration download then right click on the module and select the Go Online option Figure 7 2 Selecting to Go Online The Online...

Страница 81: ...tes whether the routing of module is enabled or inhibited The routing operation can be inhibited in the output assembly of the module Transaction Rate The transaction rate is the number of DNP3 messag...

Страница 82: ...le s processor in the last scan DIP Switch Position The status of the DIP switches when the module booted Note that this status will not change if the DIP switches are altered when the module is runni...

Страница 83: ...DNP3 Unsolicited enable or disable commands received Table 7 3 DNP3 statistics Statistic Description Logix Data Type Mismatch Read The data type in Logix atomic or UDT did not match the DNP3 data type...

Страница 84: ...se to the Select function matches the Select request Table 7 4 Module error statistics The following Logix statistics are only relevant when the module is running in either Reactive Tag or Scheduled T...

Страница 85: ...ENIP Retry Limit is reached and no response has been received from the Logix Controller Table 7 5 Tag Mapping statistics The following Security statistics are only relevant when the Security has been...

Страница 86: ...t supported Key Wrap Algorithm Not Supported The Key Wrap algorithm requested is not supported Update Key Not Permitted Updating of a key was not permitted Unknown User The user used for authenticatio...

Страница 87: ...t Statistics Statistic Description Group The specific DNP3 Group used Event Class The assigned DNP3 Event Class Event Count The number of outstanding events Load Address Memory address of event load i...

Страница 88: ...ctive Class 3 Timeout Count Number of times a Class 3 connection has timed out Class 3 Forward Open Count Number of Class 3 Connection establish attempts Class 3 Forward Close Count Number of Class 3...

Страница 89: ...e 7 11 Selecting DNP3 Packet Capture The DNP3 Packet Capture window will open and automatically start capturing all DNP3 packets Figure 7 12 DNP3 packet capture To display the captured DNP3 packets th...

Страница 90: ...nstructs and valid checksums Dirn The direction of the packet either transmitted Tx or received Rx Src DNP3 node address of the message source Dest DNP3 node address of the message destination DL Ctrl...

Страница 91: ...4 MODULE EVENT LOG The DNP3 Router module logs various diagnostic records to an internal event log These logs are stored in non volatile memory and can be displayed using Slate or via the web interfac...

Страница 92: ...s use the Event Log Viewer option under the tools menu 7 5 WEB SERVER The DNP3 Router provides a web server allowing a user without Slate or RSLogix 5000 to view various diagnostics of the module This...

Страница 93: ...Diagnostics Document No D109 010 Page 93 of 108 Revision 1 15 Figure 7 17 Web interface...

Страница 94: ...of 108 Revision 1 15 8 TECHNICAL SPECIFICATIONS 8 1 DIMENSIONS Below are the enclosure dimensions as well as the required DIN rail dimensions All dimensions are in millimetres Figure 8 1 DNP3 Router e...

Страница 95: ...nection Yes terminal based Emissions IEC61000 6 4 ESD Immunity EN 61000 4 2 Radiated RF Immunity IEC 61000 4 3 EFT B Immunity EFT IEC 61000 4 4 Surge Immunity Surge IEC 61000 4 5 Conducted RF Immunity...

Страница 96: ...items Application Functions Supported Read Write Select Operate Direct Operate Direct Operate No Response Confirm only in Reactive Mode Immediate Freeze only in Reactive Mode Immediate Freeze No Resp...

Страница 97: ...per Request 1 Event Read Interval 10ms Table 8 4 DNP3 specification 8 6 DNP3 SECURE AUTHENTICATION Specification Rating Key Change Method Supported Pre shared MAC Algorithms Supported HMAC SHA 1 encr...

Страница 98: ...al Specifications Document No D109 010 Page 98 of 108 Revision 1 15 8 7 CERTIFICATIONS Certification Mark CE Mark UL Mark File E476538 ODVA Conformance F W 1 009 RoHS2 Compliant RCM Table 8 6 Certific...

Страница 99: ...ze At Time No Response 0d Cold Restart 0e Warm Restart 0f Initialize Data 10 Initialize Application 11 Start Application 12 Stop Application 13 Save Configuration 14 Enable Unsolicited 15 Disable Unso...

Страница 100: ...Inputs 31 Frozen Analog Inputs 32 Analog Input Events 33 Frozen Analog Input Events 34 Analog Input Reporting Deadbands 40 Analog Output Status 41 Analog Outputs Commands 42 Analog Output Events 43 A...

Страница 101: ...nt No D109 010 Page 101 of 108 Revision 1 15 111 Octet String Events 112 Virtual Terminal Output Blocks 113 Virtual Terminal Event Data 120 Authentication 121 Security Statistics 122 Security Statisti...

Страница 102: ...lag AparianDNP3Counter32WithFlag 2 16 bit With Flag AparianDNP3Counter16WithFlag 5 32 bit With Flag And Time AparianDNP3Counter32WithFlagTime 6 16 bit With Flag And Time AparianDNP3Counter16WithFlagTi...

Страница 103: ...dex 3 Objects prefixed with 32 bit index 4 Objects prefixed with 8 bit size 5 Objects prefixed with 16 bit size 6 Objects prefixed with 32 bit size 7 Reserved Table A 6 DNP3 Object Prefix Code Range C...

Страница 104: ...s 09 Objects packed without a prefix 32 bit Count of objects 17 Objects prefixed with 8 bit index 8 bit Count of objects 18 Objects prefixed with 8 bit index 16 bit Count of objects 19 Objects prefixe...

Страница 105: ...te 1 11 Binary Output Events Bit 0 Online Bit 1 Restart Bit 2 Communication Lost Bit 3 Remote Forced Bit 4 Local Forced Bit 5 Reserved Bit 6 Reserved Bit 7 Output State 13 Binary Output Command Events...

Страница 106: ...Reference Error Bit 7 Reserved 42 Analog Output Events Bit 0 Online Bit 1 Restart Bit 2 Communication Lost Bit 3 Remote Forced Bit 4 Local Forced Bit 5 Over range Bit 6 Reference Error Bit 7 Reserved...

Страница 107: ...24 29 35 38 40 44 51 53 54 56 58 60 61 67 77 78 79 80 83 84 85 91 92 94 E Ethernet Bridge 51 Ethernet connector 13 Ethernet TCP 5 6 22 39 61 Ethernet UDP 5 6 22 39 61 Ethernet IP 30 36 EtherNet IP 5 7...

Страница 108: ...6 8 61 96 Session keys 77 Slate 6 9 14 16 18 19 20 32 33 34 35 39 41 42 43 44 47 57 65 67 77 80 91 92 statistics 80 84 85 86 87 Support email 9 T Target Browser 16 17 30 31 36 37 45 Target Tag 32 39 6...

Отзывы:

Нет отзывов

Похожие инструкции для A-DNP3R

Бренд: National Instruments Страницы: 16

Бренд: National Instruments Страницы: 23

Бренд: Paradyne Страницы: 2

Бренд: Paradyne Страницы: 20

Бренд: Paradyne Страницы: 2

Бренд: Zhone Страницы: 2

COMSPHERE 6800 Series

Бренд: Paradyne Страницы: 155

COMSPHERE 6800 Series

Бренд: Paradyne Страницы: 44

Бренд: Caimore Страницы: 79

Бренд: Garderos Страницы: 23

Бренд: APARIAN Страницы: 2

Бренд: Kontron Страницы: 42

Бренд: DIGIWEB Страницы: 16

Бренд: Digisol Страницы: 81

Бренд: Hawking Страницы: 21

TGXPS-1080-M12-MV Series

Бренд: ORiNG Страницы: 2

Бренд: Idis Страницы: 18

Бренд: Ciara Страницы: 14

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды