Trusted Slots on the Controller

Trusted slots help maintain network segmentation when a controller front Ethernet port is disabled, such as in redundant control systems. Trusted slots restrict communication paths through which certain operations are performed on the controller.
IMPORTANT:
Trusted slots and
CIP Security
 are not compatible on the same device. If both features are used on the same device, programming through a controller front Ethernet port is disabled and you are locked out of programming the controller until you perform a physical reset.
To meet IEC-62443-4-2 SL 1 certification requirements, you must not configure Trusted slots on the controller and instead useCIP Bridging Control.
Trusted slots help maintain network segmentation when a controller front Ethernet port is disabled, such as in redundant control systems. Trusted slots restrict communication paths through which certain operations are performed on the controller.
The following rules apply to Trusted slots:
  • The firmware revisions of the physical modules in the Trusted slots must be compatible with the firmware revisions and electronic keying options that are configured in the I/O tree of the project. For compatibility, see Electronic Keying.
  • All communication is Trusted from the module as long as there is not a fault or keying mismatch.
  • If no module is configured in the I/O tree for the respective Trusted slot, then all communication is Trusted regardless of which module is physically present.
You configure Trusted slots with the parameters on the Security tab of the Controller Properties dialog box.

Restrict Communication Except Through Selected Slots

Select this checkbox to restrict communication through any slot in the chassis that is not Trusted. Clear the checkbox to allow the controller to communicate without communication restrictions.
IMPORTANT:
When this checkbox is selected, communication is restricted through a front Ethernet port and firmware updates are restricted to Trusted slots when using AutoFlash or
ControlFLASH Plus®
 software. Support is restricted for tools that require access to restricted data through Class 3 connections.

Select Slots

Only the slots that are selected under Select Slots are Trusted communication paths for the controller. The Select Slots grid configures the trusted slots for the controller. When you select the Restrict Communications Except Through Selected Slots checkbox, you must click at least one slot that is not occupied by the controller.
If the chassis size for the project is known, the number of slots equal to the chassis size appear on the dialog box. Otherwise, 17 slots (0…16) appear on the dialog box.
Selected Slot Options
This image shows how to configure trusted slots on the Controller Properties dialog box.
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal