Rockwell Automation Publication 1756-UM004D-EN-P - August 2022 19
Chapter 1 ControlLogix EtherNet/IP Network Device Overview
CIP Security CIP Security™ is a standard, open communication mechanism that is defined
by the Open DeviceNet® Vendors’ Association (ODVA) that helps to provide a
secure data transport across an EtherNet/IP™ network. It lets CIP-connected
devices authenticate each other before transmitting and receiving data.
CIP Security uses the following security properties to help devices protect
themselves from malicious communication:
• Device Identity and Authentication
• Data Integrity and Authentication
• Data Confidentiality
Rockwell Automation uses the following products to implement CIP Security:
• FactoryTalk Services Platform, version 6.11 or later, with the following
components enabled:
- FactoryTalk Policy Manager
- FactoryTalk System Services
• FactoryTalk Linx, version 6.11 or later
• Studio 5000® Design Environment, version 31.00.00 or later
• CIP Security-enabled Rockwell Automation products, for example, the
product described in this publication
For more information on CIP Security, including which products support CIP
Security, see the CIP Security with Rockwell Automation Products Application
Technique, publication SECURE-AT001
.
IMPORTANT Redundant Chassis Pair
1756-EN4TR modules with firmware revision 4.001 support CIP Security
when used in a redundant chassis pair with ControlLogix 5580
controllers that have firmware revision 34.011 or later. This supports
program upload/download/monitor/HMI (not I/O).
• The 1756-EN4TR pair must be configured for non-IP address swapping.
• The 1756-EN4TR pair cannot be configured for redundant adapter mode
while used in a redundant chassis pair with ControlLogix 5580
controllers.
• The 1756-EN4TR pair that is configured for CIP security cannot be used to
communicate with remote I/O, because I/O in ControlLogix redundancy
requires multi-cast. A second 1756-EN4TR pair is required for I/O.
Redundant Adapter Mode
CIP Security is not yet supported when the 1756-EN4TR is in redundant
adapter mode for remote I/O.
If a 1756-EN4TR is installed and using CIP Security, and it is reconfigured
to be part of a redundant adapter pair for remote I/O, the module loses
its CIP Security configuration. When this occurs, the I/O chassis will lose
communication with the controller. At this point, the CIP Security policy
must be redeployed.
(1)
(1) CIP Security is not supported in redundant adapters. See Chapter 3 on page 27.