Open topic with navigation

Add Clients to the Client Access Control List

When you Enable and Manage the Client Access Control List you need to define the clients that will be authorized to connect to the Geo SCADA Expert server. Only the clients with the correct IP addresses and correct Client Types will have access to the server.

Ensure that the IP addresses specified use the relevant format for the network protocol that is used by the clients (IPv4 or IPv6).

To add a client or group of clients to the CACL use the following procedure:

  1. Display the Server Configuration Tool and log on if required.
  2. Expand the System Configuration branch of the tree-structure.
  3. Select the Security entry and locate the section to display the Client Access Control List section.
  4. Select the Add button.
    The New Entry window is displayed.

    Complete the following fields:

    • IP/IP Range/CIDR—Enter an IP address or range of addresses for the clients that you want to authorize to access the server. Use one of the following formats:
      • IP—Enter an individual IP address for each client that you want to allow access to the server.

        Example:

        IPv4 example:

        10.0.1.10

        IPv6 example:

        fde6:daa2:d537:d447:0000:0000:0000:0011

        or the shortened format:

        fde6:daa2:d537:d447::11

        (This is the same IPv6 address, with the consecutive run of all-zero fields being indicated by the two colons (::).)

      • IP Range—Enter a range of IP addresses for two or more clients that you want to allow access to the server.

        Example:

        IPv4 example:

        10.0.1.20-30 allows a block of 11 clients that use the IP addresses 10.0.1.20 to 10.0.1.30.

        IPv6 example:

        fde6:daa2:d537:d447::20-fde6:daa2:d537:d447:0000::30

        allows a block of 11 clients that use the IP addresses fde6:daa2:d537:d447::20 to fde6:daa2:d537:d447::30.

        (Remember that when specifying a range IPv6 of addresses, you have to include the full end address as well as the start address. A double colon (::) can be used in place of consecutive runs of all-zero fields.)

      • CIDR—Use the Classless Inter-Domain Routing notation to enter a range of IP addresses. CIDR notation is a compact representation of an IP address and its associated routing prefix. The IP address is expressed according to the standards of IPv4. It is followed by a separator ('/') character and the prefix size is expressed as a decimal number. You can also configure and use the IPv6 standards if your clients communicate using this protocol (see Enable or Disable IPv6 on the Client).

        The address may denote a single, distinct interface address or the beginning address of an entire network. The maximum size of the network is given by the number of addresses that are possible with the remaining, least-significant bits below the prefix. This is often called the host identifier.

        Example:

        The IPv4 block 192.168.100.0/24 represents the 256 IPv4 addresses from 192.168.100.0 to 192.168.100.255.

        The IPv4 block 192.168.100.0/22 represents the 1024 IPv4 addresses from 192.168.100.0 to 192.168.103.255.

        The IPv6 block fde6:daa2:d537:d447::0/112 represents the IPv6 addresses from fde6:daa2:d537:d447::0 to fde6:daa2:d537:d447::ffff

        All entry types are checked to ensure that the entries are valid. A message will indicate any invalid entry values.

    • Client Type—Use this combo box to select the type of clients for an IP address or block of addresses.

      Choose from the following:

      • All—Select the option to connect all types of clients with specified IP addresses.
      • Data—Select the option for third-party automation connections (for example, COM and .NET programs) over specified addresses.
      • OPC—Select the OPC option for OPC data connections (for example, OPC AE, OPC DA, OPC HDA) over specified addresses.
      • Utilities—Select this option for Geo SCADA Expert utilities (for example, Server Configuration Tool, Server Status tool and so on). When you authorize a ViewX client you can use the tools over the network.

         

        If you want to use these tools directly on the server, you require the localhost address (IPv4: 127.0.0.1 or IPv6: fde6:daa2:d537:d447:0000:0000:0000:20).

      • ViewXThis allows ViewX clients to connect over the specified addresses.
      • Web—This applies to Original WebX and SOAP interface connections and allows specified clients to use web browsers to access the server.

        Authorized access control for Virtual ViewX clients is managed within IIS. This needs to be done by an IIS administrator.

    • Description—Optionally add a description about the connection.
  5. Select OK to complete the entry.
  6. Apply the changes to the server.

Disclaimer

Geo SCADA Expert 2022

© 2022 AVEVA Group Plc.  All Rights Reserved.

The Schneider Electric industrial software business and AVEVA have merged to trade as AVEVA Group plc, a UK listed company. Schneider Electric, Life is On Schneider Electric and EcoStruxure are trademarks and the property of Schneider Electric SE and are being licensed to AVEVA by Schneider Electric.