CIP bridging settings hierarchy

The CIP Bridging Control settings can be global or specific to a port, device, or zone.

Settings levels

The following list outlines the CIP bridging settings levels (from the lowest level to the highest level):
  1. Port-level settings
  2. Device-level settings
  3. Zone-level settings
  4. Global settings
The CIP Bridging Control settings follow these conventions:
  • The lower-level settings must be compliant with the higher-level settings.
  • The lower-level settings can be stricter than the higher-level settings.
  • If the lower-level settings are less strict than the higher-level settings, the higher-level settings overwrite the lower-level settings.

Port-level settings

These settings apply to EtherNet/IP interfaces and provide the distinction between secure and Trusted IP (permitted) traffic.
TIP: During the initial policy deployment,
FactoryTalk Policy Manager
 attempts to identify the modules that occupy chassis slots.

Device-level settings

These settings enable or disable the communication bridging between the USB port of a device and a backplane or other physical ports.

Zone-level settings

These settings ensure compliance for all port-level and device-level settings. The port-level and device-level settings can be stricter than zone-level settings.
The following table shows examples of zone-level settings paired with port-level settings:
Zone settings and port settings
Zone settings
Port settings
Description
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Allow all traffic
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Chassis size: 4
  • Slots disabled: none
Allowed configuration.
The port-level settings (lower-level settings) and zone-level settings (higher-level settings) match.
Inbound CIP bridging
  • Allow secure trafic
Outbound CIP bridging
  • Allow all traffic
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Chassis size: 4
  • Slots disabled: 1, 2, 3
Allowed configuration.
The port-level settings (lower-level settings) are stricter than the zone-level settings (higher-level settings).
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Block all traffic
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Chassis size: 4
  • Slots disabled: none
Disallowed configuration.
The port-level settings (lower-level settings) are less strict than the zone-level settings (higher-level settings).

Global settings

Global policy ensures compliance for all zones in the model. The zone-level settings can be stricter than global settings.
The following table shows examples of global settings paired with zone-level settings:
Global settings and zone settings
Global settings
Zone settings
Description
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Allow all traffic
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Allow all traffic
Allowed configuration.
The port-level settings (lower-level settings) and zone-level settings (higher-level settings) match.
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Allow all traffic
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Block all traffic
Allowed configuration.
The zone-level settings (lower-level settings) are stricter than the global settings (higher-level settings).
Inbound CIP bridging
  • Allow secure traffic
Outbound CIP bridging
  • Allow all traffic
Inbound CIP bridging
  • Allow all traffic
Outbound CIP bridging
  • Allow all traffic
Disallowed configuration.
The zone-level settings (lower-level settings) are less strict than the global settings (higher-level settings).
Provide Feedback
Have questions or feedback about this documentation? Please submit your feedback here.
Normal