CIP Bridging Control
CIP Bridging Control enables you to control the traffic flow between physical communication interfaces and backplanes.
Overview
Devices within an Industrial Control System (ICS) may involve multiple network interfaces. The use of Common Industrial Protocol (CIP) on the backplanes and communication ports of Rockwell Automation devices can facilitate physical network segmentation. For EtherNet/IP interfaces, you can provide data bridging between two separate physical Ethernet networks by using CIP.
The CIP Security communication modules and embedded EtherNet/IP interfaces can analyze and then allow or deny network traffic according to device-specific policies. You can use CIP Bridging Control to help prevent unintended data flows from occurring, especially data flows originating from unsecured parts of the system to secure parts of the system.
The following device families support CIP Bridging Control:
- CompactLogix™5380 controllers firmware revision 34.011 or later
- ControlLogix®5580 controllers firmware revision 32.011 or later
- ControlLogix®1756 EN4TR EtherNet/IP communication modules, any firmware revision
Operation
You can configure endpoint-specific rules for bridging between:
- EtherNet/IP interface and backplane
- USB interface and backplane
Due to the architectural differences between devices, endpoint-specific settings can take various forms. For enhanced fidelity, policy definition capabilities often specify the traffic direction property.
TIP:
By default, the bridged traffic flows without any restrictions like in a CIP-based device that does not support CIP Security.
Provide Feedback