Disable CIP Security Ports via a CIP Generic MSG Instruction
To disable
CIP Security™
ports via CIP™
Generic MSG instructions, complete the following.
IMPORTANT:
This procedure disables
CIP Security™
ports. To re-enable the ports, use the controller reset button to perform a Stage 2 reset, which returns the controller to a factory default state. For more information, see Stage 2 Reset.You cannot use this MSG instruction to disable the
CIP Security™
ports on another controller. The message only has to execute once rather than with every program scan. - Create a controller tag with the SINT[9] data type. In this example, the controller tag is named CIPSEC_DISABLE and must match the following image.
Before you enable the MSG instruction, consider the following:- The element CIPSEC_DISABLE[4] is responsible for disabling UDP port 2221 andEtherNet/IP™over DTLS, transport class 0/1.
- The element CIPSEC_DISABLE[8] is responsible for disabling TCP port 2221 andEtherNet/IP™over TLS, UCMM, and transport class 3.
- To disable the controller CIP Security ports, the elements CIPSEC_DISABLE[4] and CIPSEC_DISABLE[8] in the SINT array for the Source Element CIPSEC_DISABLE must be 0.
- Add an MSG instruction to your program.IMPORTANT:You cannot add an MSG instruction to your program if the controller switch is in RUN mode or if theFactoryTalk® Securitysettings deny this editing option.
- Configure the Configuration tab on the Message Configuration dialog box as described in the table below.
Disable the CIP Security PortFieldDescriptionMessage TypeCIP GenericService TypeCustomService Code4cInstance1Classf5Attribute0Source ElementController tag of SINT[9] data type.This is the controller tag that you created previously.Source Length9 - Configure the Communication tab to use a Path of THIS.IMPORTANT:Messages to THIS must be unconnected messages.
- Cycle power on the controller for the configuration to take effect.
Provide Feedback