Allow List Setup

Description

The function of the Allow List is to explicitly allow certain other devices access to communicate to the CLICK CPU. The feature is supported by CLICK Ethernet (C0-1x) and CLICK PLUS (C2-x) CPUs. The lists for Port1 (wired) and WLAN (WiFi) are separate from each other. Each of the lists can contain up to 32 entries.

When the Allow List is Enabled, only devices on the Allow List are allowed to connect to these Filtered protocols. The available attack surface is then reduced by restricting access to a known list of devices. Unfiltered protocols are always available by any device and are not rejected by the Allow List.

Additionally, the system can log the denied connections from devices which are not in the Allow List. This Allow List Denied Record can be displayed in the software or saved onto the microSDcard (only C2-03CPU-x).

AllowList Filtered: Modbus TCP Server, Modbus TCP Clients, EtherNet/IP Adapter.

Allow List Unfiltered: ICMP, ARP, DNS Client, DHCP Client, SNTP Client, MQTT Client, Email Client, CLICK Programming Software.

 

Setup

IP Address: The list on this tab specifies the allowed IP Addresses for this network. There are four methods of adding an IP Address to the list:

• Single IP
• Range of IP (within a subnet)
• Subnet (using Mask)
• Subnet (Wild card)

MAC Address: The list on this tab specifies the allowed MAC Addresses for this network. There are two methods of adding a MAC Address to the list:

• Single MAC
• Range of MAC

Add: Add a new row to the list, will open the dialog Add Allowed IP Address.

Edit: Select an existing row on the list, will open the dialog Edit Allowed IP Address.

Delete: Select an existing row on the list, will confirm before deleting.

Import: Open the Allow List Import Option dialog to select a CSV file.

Export: Open the Export Allow List dialog to create a CSV file.

Record Access other than Allow List: The system can log the denied connections from devices which are not in the Allow List. This Allow List Denied Record can be displayed in the software or saved onto the uSD card (only C2-03CPU-x). This is a project setting which must be Enabled and transferred to the PLC.

Check the Record: When this feature is already enabled in the PLC, this will open the Allow List Denied Record. The records contain:

• Date
• Time
• Rejected Count
• Port Number
• IP Address
• MAC Address.

 

Related Topics

Com Port 1 (Ethernet) Setup
Allow List Add/Edit IP Address
Allow List Export to CSV File
Allow List Import Options
Allow List Denied Record