Experimental Physics and Industrial Control System
APS uses router technology to protect the control system from the
outside. The control system network is a separate subnet. Collaborative
Action Teams (Experimenters) assess EPICS data through a Channel Access
Gateway machine which is connected to the controls subnet as well as a
separate gateway subnet separate from all other subnets in the
facility. Software development is done on a subnet which is separate
from both the controls subnet and the general office subnets. Access to
the control system from the offices is also done through the Channel
Access gateway machine(s). The Cisco IOS permits the use of access
control lists that allow filters to be constructed using the following
criteria:
Source IP address
destination IP address
transport layer type (TCP,UDP,ICMP)
source port
destination port
Outgoing telnet, ftp, rlogin, web, nntp, finger, real audio and video,
secure http, ssh and gopher are permitted.
There is a description of our 1997 network at:
http://www.aps.anl.gov/icalepcs97/schedual.html
Paper W3B-5
This network is being upgraded to a fully switched system with gigaabit
uplinks.
Bill McDowell
- Navigate by Date:
- Prev:
Re: Protecting EPICS IOCs on ethernet Andy Foster
- Next:
RE: Protecting EPICS IOCs on ethernet Jeff Hill
- Index:
1994
1995
1996
1997
1998
<1999>
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: Protecting EPICS IOCs on ethernet Ron Chestnut
- Next:
RE: Protecting EPICS IOCs on ethernet Jeff Hill
- Index:
1994
1995
1996
1997
1998
<1999>
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024