1756-EN4TR Module Requirements and Restrictions
IMPORTANT:
To prevent unauthorized security policy deployments, configure the 1756-EN4TR module
to be used for
CIP Security™
communication in a secure environment. For other 1756-EN4TR modules in the chassis, such as those used for I/O
communication, disable the
CIP Security™
configuration.The following topologies are supported on CIP Security-enabled 1756-EN4TR communication
modules:
- Device Level Ring (DLR) for single fault tolerance
- Parallel Redundancy Protocol (PRP) for multi-fault tolerance
Understand the following guidelines for the IP addresses of
CIP Security™
-enabled 1756-EN4TR modules:- Configure static, non-swapping IP addresses.
- Configure the IP addresses before you deploy the security policy.
- Do not change IP addresses after you deploy the security policy:
- If you change IP addresses after you deploy the security policy,FactoryTalk® Policy Managersoftware cannot recognize the new addresses and the certificate becomes invalid
- If you must change IP addresses, first remove the security policy from the module, change the IP addresses, and then redeploy the security policy.
These recommendations are specific to the
CIP Security™
-enabled 1756-EN4TR modules that are used for secure remote access to the redundant
chassis. Other communication modules in the redundant chassis can have different
recommendations and requirements, especially for communication to remote I/O. For more
information about network settings, see Configure the EtherNet/IP Network.Provide Feedback