The FB_ModbusTcpServer function block provides the possibility to configure rules for controlling access to the data provided. With an access rule, it can be determined which client is allowed to access which memory area.
When configuring a rule, a client is defined by the IP address. To configure individual access to the different memory areas, you can specify the start address and the number of data objects allowed for each client.
Once access control is activated, it is verified for each incoming client connection whether the IP address of the client is allowed by a rule. If the IP address is not allowed, the client connection is refused.
For each received Modbus request, it is verified whether the requested objects are allowed by the associated access rule. If the requested objects do not match a rule, the request is rejected and a response with Modbus error code 0x02 (Illegal data address) is sent to the client.
Use the CreateAccessRule() method to create an access rule for the Modbus TCP server. The FB_ModbusTcpServer function block supports up to 30 different rules.
You can create a rule, regardless of whether the function block is enabled or not.
When the function block is being enabled, the configured rules are verified. If at least one of the rules is invalid, the enabling process of the function block is aborted and an error message is generated.
To read the rules configured for access control, use the method GetAccessRule().
Access control can be enabled or disabled using the ActivateAccessControl() method. During activation of the access control, the configured access rules are also applied to existing client connections.
If no rule is configured and access control is enabled, incoming client connections are rejected.
In the following example, access rules for three Modbus TCP clients (HMI panels) are configured.
The Modbus TCP server provides the following memory areas:
Discrete inputs: address 1...100
Coils: address 1...100
Input registers: address 1...100
Holding registers: address 1...100
Requirements for the clients:
|
Parameter |
HMI panel 1 |
HMI panel 2 |
HMI panel 3 |
|---|---|---|---|
|
IP address |
10.128.154.111 |
10.128.154.112 |
10.128.154.113 |
|
Address range for: |
|||
|
Discrete inputs |
1...100 |
||
|
Coils |
1...20 |
21...40 |
41...60 |
|
Input registers |
1...100 |
||
|
Holding registers |
1...20 |
21...40 |
41...60 |
Access rule configuration:
The table provides two options for the configuration of each client:
For different configuration of the clients (HMI panels): Each client can only access the addresses that are allowed for this client.
For identical configuration of the clients (HMI panels): All clients access the same addresses. Access to the memory objects is controlled inside the server by configuring offset parameters.
|
ST_AccessRule elements |
HMI panel 1 |
HMI panel 2 |
HMI panel 3 |
|---|---|---|---|
|
Option 1: Different configuration of the clients (HMI panels) |
|||
|
sIpAddressFirst |
‘10.128.154.111’ |
10.128.154.112 |
10.128.154.113 |
|
sIpAddressLast |
NULL |
NULL |
NULL |
| xAllowAccessToAllBlocks |
FALSE |
FALSE |
FALSE |
|
uiDiscreteInputsStartAddress |
1 |
1 |
1 |
|
uiDiscreteInputsOffset |
0 |
0 |
0 |
|
uiDiscreteInputsLength |
100 |
100 |
100 |
|
uiCoilsStartAddress |
1 |
21 |
41 |
|
uiCoilsOffset |
0 |
0 |
0 |
|
uiCoilsLength |
20 |
20 |
20 |
|
uiInputRegistersStartAddress |
1 |
1 |
1 |
|
uiInputRegistersOffset |
0 |
0 |
0 |
|
uiInputRegistersLength |
100 |
100 |
100 |
|
uiHoldingRegistersAddress |
1 |
21 |
41 |
|
uiHoldingRegistersOffset |
0 |
0 |
0 |
|
uiHoldingRegistersLength |
20 |
20 |
20 |
|
Option 2: Identical configuration of the clients (HMI panels) |
|||
|
sIpAddressFirst |
‘10.128.154.111’ |
10.128.154.112 |
10.128.154.113 |
|
sIpAddressLast |
NULL |
NULL |
NULL |
| xAllowAccessToAllBlocks |
FALSE |
FALSE |
FALSE |
|
uiDiscreteInputsStartAddress |
1 |
1 |
1 |
|
uiDiscreteInputsOffset |
0 |
0 |
0 |
|
uiDiscreteInputsLength |
100 |
100 |
100 |
|
uiCoilsStartAddress |
1 |
1 |
1 |
|
uiCoilsOffset |
0 |
20 |
40 |
|
uiCoilsLength |
20 |
20 |
20 |
|
uiInputRegistersStartAddress |
1 |
1 |
1 |
|
uiInputRegistersOffset |
0 |
0 |
0 |
|
uiInputRegistersLength |
100 |
100 |
100 |
|
uiHoldingRegistersAddress |
1 |
1 |
1 |
|
uiHoldingRegistersOffset |
0 |
20 |
40 |
|
uiHoldingRegistersLength |
20 |
20 |
20 |