Figure 12 Modbus® Tcp Connection Over An Isolate Network - RC Systems ViewSmart 1600+ Operation Manual

3.3.3.3 Connecting to an Isolated Network
ModbusTCP
Slave
192.168.1.101
PC
192.168.1.102
Another possible network configuration for the ViewSmart 1600+ involves connecting the controller, with
Modbus®TCP slave devices, and possibly computers on a network. This network can then be isolated from
a larger company network using a router/firewall. The isolated network will not see any traffic from the
company network unless port forwarding rules are setup in the router. This configuration offers greater
security and improved network performance when the company network has a large amount of traffic.
When creating an isolated network, make sure to use a different private IP address range than the outside
network. For example; if the main network uses 192.168.0.0 – 192.168.0.255 with a netmask of
255.255.255.0, the isolated network could use 192.168.1.0 – 192.168.1.255 with the same netmask.
Port forwarding rules can usually be configured to only allow certain computers outside the firewall access
to the ViewSmart 1600+. The method for creating forwarding rules is heavily dependent on the
router/firewall being used. See router documentation. The IP address or MAC address of the source
(outside computer), Incoming port, destination (ViewSmart 1600+) IP address, destination port, and
protocol will need to be set. The source IP address should be set to allow a range or single IP Address.
Some firewalls can restrict access by MAC address. This can be used instead of or in addition to the source
IP address. The protocols for forwarding rules should be TCP/IP. The destination ports should be 80 for
access to the web server, and 502 for access to Modbus®TCP.
UM-1097
Revision B
ViewSmart 1600+
192.168.1.100
Router
Switch
Firewall
192.168.1.1
Figure 12 Modbus® TCP Connection over an Isolate Network
PC
192.168.0.2
192.168.0.20
PC
192.168.0.3
192.168.0.1
PC
192.168.0.4
15