13
User Manual
MN032EN
Effective October 2017
215U-2 802.11
wireless I/O and gateway
EATON
www.eaton.com
Device Security
The 215U-2 supports industrial protocols such as Modbus and WIB
that do not provide encryption or authentication. These protocols are
convenient to use as they are widely known and supported by an
extensive range of equipment.
The downside of using these protocols is that they are also
vulnerable to a variety of cyber-attacks, so you must consider the
security of the networks that they operate over.
As a precaution, these protocols are disabled in the default
configuration. Before enabling any of these protocols, you should
ensure that the following precautions are in place.
•
Change the device’s access password from the default (“user”).
•
Make sure that any network connected to the device’s Ethernet
port is secured from outside access. If an internet connection is
present, ensure it is effectively firewalled.
•
Secure the radio network using WPA-PSK encryption.
•
Ensure that the radio network encryption passphrase is long (at
least 20 characters) and complex. Quality of security assurance
offered depends on the complexity of this passphrase. Short
and simple passphrases can easily be compromised by skilled
attackers.
•
Ensure that knowledge of the radio network encryption
passphrase is kept to a limited number of workers and ensure the
access password and radio passphrase are changed whenever
any of these workers' security status changes.
•
Ensure physical security of the devices connected to the network.
•
In the event that a device is lost or stolen, ensure that the
encryption key used to secure communications on the radio
network is changed.
Quick start configuration
Access the quick start configuration by clicking on the “Quick Start”
text on the right side menu under “Configuration”.
Figure 22. Quick start
•
For the majority of installations, you will only need to access
this Quick Start page. This configuration will get your devices
connected and communicating. You can then connect remotely if
you need to configure other functionality.
•
Click “Full Configuration” to access advanced configuration pages.
These pages provide access to additional functionality including
Peer-to-Peer I/O mapping, Serial port configuration, Data Logging,
Advanced networking configuration, diagnostics, and User
management. These pages are described later in this manual.
•
If your system is based on Modbus TCP protocol, you need to
enable Modbus TCP Server by selecting Full Configuration >>
Modbus TCP and checking "Enable Modbus TCP Server". Once
you have the device configured, you will be able to access it using
a Modbus TCP client (Master) at the IP address you configure.
otee:
N
Before navigating away from this page, you need to click the “Save
Changes” or “Save Changes and Reset” button at the bottom of the page.
Otherwise your changes will be lost.
Security
Enable Remote Configuration Accesse:
Select this to enable access
to the device configuration and the dashboard web pages through
Ethernet or Wireless interfaces. If this is not selected, you can only
access the device web pages through the USB connection.
Identification
System Namee:
All devices in a system are configured with a
common system name. This is used in ProMesh mode as a common
network ID for all devices to connect.
Device Namee:
Each device in the system should be configured
with a unique device name. This name is used to identify devices in
diagnostic display (Connectivity) and is used in Fixed Link mode as
the device ID for other devices to connect to.
