CIP Bridging
CIP Bridging enables you to control the traffic flow between physical communication
interfaces and backplanes.
Overview
Devices within an Industrial Control System (ICS) may involve multiple network interfaces. The use of Common Industrial Protocol (CIP) on the backplanes and communication ports of Rockwell Automation devices can facilitate physical network segmentation. For EtherNet/IP interfaces, you can provide data bridging between two separate physical Ethernet networks by using CIP.
The CIP Security communication modules and embedded EtherNet/IP interfaces can analyze and
then allow or deny network traffic according to device-specific policies. You can use CIP
Bridging to help prevent unintended data flows from occurring, especially data flows
originating from unsecured parts of the system to secure parts of the system.
The following device
families support CIP Bridging:
- CompactLogix®5380 controllers firmware revision 34.011 or later
- ControlLogix®5580 controllers firmware revision 32.011 or later
- ControlLogix®1756 EN4TR EtherNet/IP communication modules, any firmware revision
Operation
You can configure endpoint-specific rules for bridging between:
- EtherNet/IP interface and backplane
- USB interface and backplane
Due to the architectural differences between devices, endpoint-specific settings can take
various forms. For enhanced fidelity, policy definition capabilities often specify the
traffic direction property.
TIP:
By default, the bridged
traffic flows without any restrictions like in a CIP-based device that does not support
CIP Security.
In
FactoryTalk Policy Manager
, you can configure traffic for:- Inbound CIP Bridging
- Traffic from the EtherNet/IP interface to the backplane and other physical ports.
- Outbound CIP Bridging
- Traffic from the backplane to the EtherNet/IP interface and the USB port.
For more information, see:
Provide Feedback