Seneca Z-PASS1, Z-PASS2 User Manual

Page 1

MI003800_112

SENECA s.r.l.

Via Austria, 26 – 35127 – Z.I. CAMIN – PADOVA – ITALY Tel. +39.049.8705359 – 8705408 Fax. +39.049.8706287 Web site: www.seneca.it Support: supporto@seneca.it (IT), support@seneca.it (Other) Sales: commerciale@seneca.it (IT), sales@seneca.it (Other)

This document is property of SENECA srl. Duplication and reprodution are forbidden, if not authorized. Contents of the present documentation refers to

products and technologies described in it. All technical data contained in the document may be modified without prior notice Content of this documentation is subject to periodical revision.

To use the product safely and effectively, read carefully the following instructions before use. The product must be used only for the use for which it was designed and built. Any other use must be considered with full responsibility of the user. The installation, programmation and set-up is allowed only for authorized operators; these ones must be people physically and intellectually suitable. Set up must be performed only after a correct installation and the user must perform every operation described in the installation manual carefully. Seneca is not considered liable of failure, breakdown, accident caused for ignorance or failure to apply the indicated requirements. Seneca is not considered liable of any unauthorized changes. Seneca reserves the right to modify the device, for any commercial or construction requirements, without the obligation to promptly update the reference manuals.

No liability for the contents of this documents can be accepted. Use the concepts, examples and other content at your own risk. There may be errors and inaccuracies in this document, that may of course be damaging to your system. Proceed with caution, and although this is highly unlikely, the author(s) do

not take any responsibility for that. Technical features subject to change without notice.

USER MANUAL

Z-PASS1 Z-PASS2

USER MANUAL – Z-PASS1/Z-PASS2

Seneca Z-PC Line modules: Z-PASS1, Z-PASS2

Table of Contents

Table of Contents .............................................................................................................................................. 2

1 Preliminary information / Informazioni preliminari .................................................................................. 4

2 Firmware Licensing Terms ......................................................................................................................... 7

2.1 Firmware with Open Source GPL ....................................................................................................... 7

3 Features ..................................................................................................................................................... 7

4 Technical specifications ............................................................................................................................. 8

5 Electrical Connections ............................................................................................................................. 10

5.1.1 Z-PASS1-IO Digital I/Os ............................................................................................................ 15

5.1.2 Z-PASS2-IO Digital I/Os ............................................................................................................ 15

6 LEDs signaling .......................................................................................................................................... 16

6.1 Z-PASS1/Z-PASS2 ............................................................................................................................. 16

6.2 Z-PASS1-R01/Z-PASS2-R01 .............................................................................................................. 17

6.3 Z-PASS2-IO ....................................................................................................................................... 18

6.4 Z-PASS1-IO ....................................................................................................................................... 19

7 Upgrading the firmware by USB pen ....................................................................................................... 21

8 Discovering the Z-PASS IP address .......................................................................................................... 21

9 Ethernet Mode (Z-PASS1-R01/Z-PASS2-R01/Z-PASS1-IO/Z-PASS2-IO) ................................................... 23

10 Modbus Bridge .................................................................................................................................... 25

11 Transparent Bridge .............................................................................................................................. 26

11.1 Remote Serial COM (with RFC 2217) ............................................................................................... 26

11.1.1 Seneca Serial to Ethernet Connect .......................................................................................... 28

11.2 Serial Tunnel Point-to-Point on TCP ................................................................................................ 37

11.3 Serial Tunnel Point-to-Point on UDP ............................................................................................... 37

11.4 Serial Tunnel Point-to-Multipoint .................................................................................................... 38

12 Modbus Gateway ................................................................................................................................ 39

13 VPN ...................................................................................................................................................... 41

13.1 “Single LAN” VPN ............................................................................................................................. 43

13.2 “Point-to-Point” VPN ....................................................................................................................... 44

14 Router .................................................................................................................................................. 45

15 Network Redundancy .......................................................................................................................... 46

USER MANUAL – Z-PASS1/Z-PASS2

16 Remote Connection Disable ................................................................................................................ 46

17 Auto-APN ............................................................................................................................................. 47

18 Web Configuration Pages .................................................................................................................... 47

18.1 Main View ........................................................................................................................................ 48

18.2 Network and Services ...................................................................................................................... 49

18.3 Serial Ports ....................................................................................................................................... 59

18.4 Gateway Configuration .................................................................................................................... 60

18.4.1 Modbus Bridge ........................................................................................................................ 62

18.4.2 Transparent Bridge .................................................................................................................. 67

18.4.3 Modbus Gateway..................................................................................................................... 70

18.5 Tag Configuration ............................................................................................................................ 73

18.5.1 Gateway Tag Setup .................................................................................................................. 73

18.5.2 Gateway Tag View ................................................................................................................... 85

18.5.3 Microsoft Excel™ Template for Tag Setup ............................................................................... 88

18.6 Real Time Clock Setup ..................................................................................................................... 90

18.7 VPN Configuration ........................................................................................................................... 93

18.7.1 OpenVPN ................................................................................................................................. 94

18.7.2 VPN Box ................................................................................................................................. 104

18.8 Router Configuration ..................................................................................................................... 111

18.9 Users Configuration ....................................................................................................................... 119

18.10 FW Upgrade ............................................................................................................................... 121

18.11 Configuration Management ...................................................................................................... 130

18.11.1 Factory reset by USB pen ................................................................................................... 132

18.12 Mobile Network ......................................................................................................................... 133

18.13 Digital I/O Configuration ............................................................................................................ 142

18.14 FW Versions ............................................................................................................................... 146

18.15 Ethernet Interfaces .................................................................................................................... 148

18.16 Guest pages ............................................................................................................................... 150

19 FTP/SFTP access ................................................................................................................................. 153

20 Glossary ............................................................................................................................................. 155

USER MANUAL – Z-PASS1/Z-PASS2

1 Preliminary information / Informazioni preliminari

WARNING!

IN NO EVENT WILL SENECA OR ITS SUPPLIERS BE LIABLE FOR ANY LOST DATA, REVENUE OR PROFIT, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, REGARDLESS OF CAUSE (INCLUDING NEGLIGENCE), ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE Z-PASS1/Z-PASS2, EVEN IF SENECA HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

SENECA, ITS SUBSIDIARIES AND AFFILIATES COMPANY OR GROUP OF DISTRIBUTORS AND SENECA RETAILERS NOT WARRANT THAT THE FUNCTIONS WILL MEET YOUR EXPECTATIONS, AND THAT Z-PASS1/Z-PASS2, ITS FIRMWARE AND SOFTWARE WILL BE FREE FROM ERRORS OR IT OPERATES UNINTERRUPTED.

SENECA SRL CAN MODIFY THE CONTENTS OF THIS MANUAL IN ANY TIME WITHOUT NOTICE TO CORRECT, EXTEND OR INTEGRATING FUNCTION AND CHARACTERISTICS OF THE PRODUCT.

ATTENZIONE!

IN NESSUN CASO SENECA O I SUOI FORNITORI SARANNO RITENUTI RESPONSABILI PER EVENTUALI PERDITE DI DATI ENTRATE O PROFITTI, O PER CAUSE INDIRETTE, CONSEQUENZIALI O INCIDENTALI, PER CAUSE (COMPRESA LA NEGLIGENZA), DERIVANTI O COLLEGATE ALL' USO O ALL' INCAPACITÀ DI USARE Z-PASS1/Z-PASS2, ANCHE SE SENECA È STATA AVVISATA DELLA POSSIBILITÀ DI TALI DANNI.

SENECA, LE SUSSIDIARIE O AFFILIATE O SOCIETÀ DEL GRUPPO O DISTRIBUTORI E RIVENDITORI SENECA NON GARANTISCONO CHE LE FUNZIONI SODDISFERANNO FEDELMENTE LE ASPETTATIVE E CHE Z-PASS1/Z-PASS2, IL SUO FIRMWARE E SOFTWARE SIA ESENTE DA ERRORI O CHE FUNZIONI ININTERROTTAMENTE.

SENECA SRL PUO’ MODIFICARE IL CONTENUTO DI QUESTO MANUALE IN QUALUNQUE

MOMENTO E SENZA PREAVVISO AL FINE DI CORREGGERE, ESTENDERE O INTEGRARE FUNZIONALITA’ E CARATTERISTICHE DEL PRODOTTO.

USER MANUAL – Z-PASS1/Z-PASS2

Date

Revision

Notes

06/09/2016

- Chapter "Features": new features for Z-PASS1-R01/Z-PASS2R01

- Chapter "LEDs signalling": new par. "Z- PASS1-R01/Z-PASS2R01"

- New chapter "Ethernet Mode (Z- PASS1-R01/Z-PASS2-R01)"

- Chapter: "Discovering the IP address": network parameters setting

- Chapter "Upgrading the firmware by a USB pen": revision

- Par. "Web Configuration Pages/Administrator pages": changed paragraphs:

- "Main View"

- "Network and Services"

- "Router Configuration"

- "FW Upgrade" new paragraphs:

- "VPN Configuration/OpenVPN Client/LED signalling (Z- PASS11/Z-PASS2-R01)"

- "VPN Configuration/VPN Box/LED signalling (Z- PASS1-1/ZPASS2-R01)"

20/09/2016

- Paragraph "VPN Configuration/Open VPN Client": revision into "VPN Configuration/Open VPN”

15/12/2016

Renamed “Z-PASS1-1” → “Z-PASS1-R01”; “Z-PASS2-1” → “ZPASS2-R01”; added “DNS Mode” parameter

18/01/2017

- Chapter ”Electrical Connections”: added SD Card figure

- Chapter “Discovering the IP address”: discovery working on both LAN and WAN interfaces

- Paragraph “Main View” revision

- Paragraph “Network and Services”: changed some default values

- Paragraph “Real Time Clock Setup”: added “Central Europe” time zone value

- Paragraph "VPN Configuration/OpenVPN Client": added packet/byte counters description

- Paragraph "VPN Configuration/VPN Box”: added packet/byte counters description

- Paragraph “Mobile Network”: added packet/byte counters description

- Paragraph “Router Configuration”: Port Mapping parameters no more disabled when “Use Local Addresses” is ON

- Paragraph “Users Configuration”: added “guest” and FTP user credentials

- New paragraph “Ethernet Interfaces”

- New paragraph “Guest Pages”

- New chapter “FTP/SFTP access”

29/05/2017

- Chapter "Features": new features for Z-PASS1-IO/Z-PASS2-IO

- Fixed COM1 connector pin numbers

- New “LEDs signaling” sub-paragraph for IO HW revision

USER MANUAL – Z-PASS1/Z-PASS2

- New chapter “Remote Access Disable”

- New chapter “Auto-APN”

- Paragraph “Network and Services”: added screen-shots for “IO” version; added “COM1/Mode” parameter

- Paragraph “VPN Box”: added “License Limit Reached” error reason

- “Use Local Address through VPN” parameter: “ON” option always available

- Paragraph “FW Upgrade”: changed “Stop Gateway Services” pop-up

- New paragraph “Configuration Management”

- Paragraph “Mobile Network”: added “APN Mode” parameter

- New paragraph “Digital I/O Configuration”

15/09/2017

- Chapter “Features”: HW IO features split between Z-PASS1 and Z-PASS2

- Chapter “Technical Specifications”: some fixes; added I/Os for Z-PASS1-IO/ZPASS2-IO; added features for Z-PASS2-IO modem

- Chapter “Electrical Connections”: some fixes for Z-PASS1IO/ZPASS2-IO

- Paragraph “LEDs signaling”/IO: split between Z-PASS1 and ZPASS2; added info about modem “STAT “ LED

- Chapter “Upgrading the firmware…”: added notes about LEDs blinking

- Chapter “VPN”: added description of Layer 2 and Layer 3 VPN

- Paragraph “Main View”: updated figure

- Paragraph “Network and Services”: added info about new Web Server and File Transfer parameters; updated figures

- Paragraph “Gateway Configuration/Modbus Bridge”: updated figures; added sub-paragraph “Embedded I/O”

- Paragraph “Gateway Tag Setup”: added sub-paragraph “Tags for Embedded I/O”

- Paragraph “Real Time Clock Setup”: updated figure

- Paragraph “VPN Configuration/VPN Box”: changes related to L2 VPN and info about connected user; updated figures

- Paragraph “Router Configuration”: changed default value for “Allow Access through Mobile Public IP Address” parameter

- Paragraph “Configuration Management”: added info about zip archive; updated figures

- Paragraph “Mobile Network”: updated figures

- Paragraph “Digital I/O Configuration”: split between Z-PASS1 and Z-PASS2; updated figures

- “Remote Access Disable” → “Remote Connection Disable”

06/10/2017

- Changed “-R02” → “-IO”

- Chapters “Features”, “Technical Specifications”: note about GPS module and antenna

USER MANUAL – Z-PASS1/Z-PASS2

- Chapter “Electrical Connections”: added sub-paragraph for ZPASS1-IO/Z-PASS2-IO Digital I/Os

- Paragraphs “Main View”, “Network and Services”: updated figures

- Paragraph “Real Time Clock Setup”: added figure with new time zones

- Paragraph “VPN Box”: updated first figure

- Paragraph “Router Configuration”: updated figures

- Paragraph “Users Configuration”: updated figure and added info about allowed characters

- Paragraph “FW Upgrade”: updated figures

- New sub-paragraph “Factory reset by USB pen”

- Paragraph “Mobile Network”: added info and figure about “GPS Location”; updated some figures

- New paragraph “FW Versions”

- Deleted “DHCP on LAN” parameter

2 Firmware Licensing Terms

2.1 Firmware with Open Source GPL

The Z-PASS firmware contains Open Source software under GPL. According to Section 3b of GPL, we offer you the source code. You can obtain the source code with licensing terms of the Open Source software from Seneca s.r.l. on request. Send your request to support@seneca.it with the subject "Open Source Z-PASS ".

3 Features

The Z-PASS1 and Z-PASS2 devices are “Ethernet to Serial Gateways” (also known as “Serial Device Servers”) with three main operating modes:

 Modbus Bridge  Transparent Bridge (Remote Serial COM, Serial Tunneling)  Modbus Gateway

Both devices provide the following features:

 VPN connectivity  full configuration by an integrated web site  FW upgrade, that can be performed locally, by a USB pen, or remotely, by means of the web site

The main difference between the two devices is that Z-PASS2 integrates a 3G HSPA modem, while Z-PASS1 can be connected to an external 3G (UMTS/HSPA) modem (Seneca Z-MODEM-3G1). Actually, Z-PASS1 is aimed at applications where an Internet connection is already available, while Z-PASS2 provides connectivity by itself.

Z-PASS2 and Z-PASS1 (when connected to an external modem) can be used as a Router, routing packets between the WAN (Mobile Network) and the LAN (Ethernet).

Both devices are based on a 32bits ARM9 processor, equipped with the Linux operating system (Linux kernel 2.6.28).

Please contact Seneca for more information about Z-MODEM-3G product.

USER MANUAL – Z-PASS1/Z-PASS2

Z-PASS1-R01 and Z-PASS2-R01 are new versions of the Z-PASS1 and Z-PASS2 products, providing the following new features:

 the two available Ethernet ports can be configured as two fully separated network interfaces (“LAN” and

“WAN”), whereas in the older versions they could only work as ports of an Ethernet switch; the user can choose if the two ports shall work in “LAN/WAN” mode or “Switch” mode, by means of a new configuration parameter (“Ethernet Mode”);

 there are 4 more LEDs, providing information about the “Ethernet Mode” and the VPN functionalities.

Z-PASS2-IO is a new version of the Z-PASS2 product, providing the following new features:

 one digital input which can be used to disable remote connection to the device  one digital output which goes HIGH when the device is remotely accessed  one digital input which can also be used as a local alarm  one digital output which can also be used as a remote command  two configurable digital inputs/outputs  a new set of LEDs  COM1 RS232/RS485 mode set by software (configuration parameter), instead of HW DIP switch

Z-PASS1-IO is a new version of the Z-PASS1 product, providing the following new features:

 one digital input which can be used to disable remote connection to the device  one digital output which goes HIGH when the device is remotely accessed  one digital output which can also be used as a remote command  one configurable digital input/output which can also be used as a local alarm  a new set of LEDs  COM1 RS232/RS485 mode set by software (configuration parameter), instead of HW DIP switch  a new penta-band 3G+ modem, which also features a GPS module

NOTE: in the following chapters, the term “Z-PASS” will be used when describing features or characteristics that are available in both Z-PASS1 and Z-PASS2 products.

4 Technical specifications

COMMUNICATION PORTS

RS 485

Baud rate: maximum 115 Kbps, minimum 200 bps

COM 4 (screw terminals 4-5-6)

COM 2 (screw terminals 1-2-3 or IDC10 connector)

COM 1 (removable 4 pin connector, as an alternative to RS232)

RS 232

Baud rate: maximum 115 Kbps, minimum 200 bps

COM 1 (removable 4 pin connector, as an alternative to RS485)

USER MANUAL – Z-PASS1/Z-PASS2

Ethernet 1 and Ethernet 2

Ethernet 10/100 Mbps

Two RJ45 connectors on front-panel

Maximum connection length 100 m

In Z-PASS1-R01/Z-PASS2-R01/Z-PASS1-IO/Z-PASS2-IO, the two ports can work either as LAN/WAN ports (ETH1=LAN, ETH2=WAN) or ports of an Ethernet switch.

In Z-PASS1/Z-PASS2, the two ports can work only as ports of an Ethernet switch.

USB #1 HOST

Plug-in: USB type A

USB #2 HOST

Plug-in: micro USB (available only in Z-PASS1, Z-PASS1-R01)

CPU AND MEMORY

Microprocessor

ARM 9, 32 bits, 400 MHz

Memories

64 Mbytes of RAM

1 Gbyte of FLASH

Slot for external memory

Micro SD card: max 32 Gbytes

MODEM

HSPA Modem

14.4 Mbps in downlink, 5.76 Mbps in uplink (available only in Z-PASS2)

Slot for mini SIM

available only in Z-PASS2

POWER SUPPLY

Power supply

11..40 Vdc or 19..28 Vac @ 50..60 Hz

Consumption

Typical 4 W @ 24 Vdc; Max 6 W

ENVIRONMENTAL CONDITIONS

Temperature

-20..+55 °C

Humidity

30..90 % @ 40 °C not condensing

Storage temperature

-20..+85 °C

Degree protection

IP20

CONNECTIONS

Connections

Removable 3 way screw terminals, 5.08 pitch

Rear IDC10 connector for DIN 46277 rail

USER MANUAL – Z-PASS1/Z-PASS2

Removable 4 pin connector, two RJ45 connectors, USB connector and micro USB connector (only in Z-PASS1, Z-PASS1-R01)

Two SMA antenna connectors:

- for Main and Diversity antennas (only in Z-PASS2, Z-PASS2-R01)

- for 3G and GPS antennas (only in Z-PASS2-IO)

BOX / DIMENSIONS

Dimensions

Z-PASS1: L:100 mm; H:112 mm; W:35 mm

Z-PASS2: L:100 mm; H:112 mm; W:53 mm

Case

Nylon 6 with 30% fiberglass field, self-extinguishing class V0, black color

INPUTS / OUTPUTS (Z-PASS1-IO)

Digital Inputs

Max. number of channels: 2 Voltage: OFF<4V ON>8V; Max. Current (Vout+): 20mA Current absorbed: 3mA at 12VC; 6mA at 24VC

Digital Outputs

Max. number of channels: 3 Voltage (+Vext): 10 – 24VC Max. current delivered: 400mA

INPUTS / OUTPUTS (Z-PASS2-IO)

Digital Inputs

Max. number of channels: 4 Voltage: OFF<4V ON>8V; Max. Current (Vout+): 20mA Current absorbed: 3mA at 12VC; 6mA at 24VC

Digital Outputs

Max. number of channels: 4 Voltage (+Vext): 10 – 24VC Max. current delivered: 400mA

The following table shows which frequency bands are supported by the HSPA modem available in Z-PASS2, Z-PASS2R01 and Z-PASS2-S-IO products.

Standard

Frequency

Z-PASS2, Z-PASS2-R01

Z-PASS2-S-IO

GSM

GSM 850 MHz

EGSM 900 MHz

DCS 1800 MHz

PCS 1900 MHz

WCDMA

WCDMA 800 MHz OK

WCDMA 850 MHz OK

WCDMA 900 MHz

WCDMA 1900 MHz OK

WCDMA 2100 MHz

HSPA

HSDPA

HSUPA

HSPA+

DRX

Receiver Diversity

5 Electrical Connections

Power Supply and Modbus interface are available by using the bus for the Seneca DIN rail, by the rear IDC10 connector

USER MANUAL – Z-PASS1/Z-PASS2

or by Z-PC-DINAL1-35 accessory for Z-PASS1, Z-PC-DINAL2-52.5-17 for Z-PASS2. The following picture shows the meaning of the IDC10 connector pins.

Power supply is available only from the rear connector for Z-PASS1/ZPASS1-R01, while:

Z-PASS1-IO can be powered also through 17-18 screw terminals;

Z-PASS2/ZPASS2-R01/ZPASS2-IO can be powered also through 14-15 screw terminals.

If Z-PC-DINAL1-35 or Z-PC-DINAL2-52.5-17 accessory is used, the power supply signals and communication signals may be provided by the terminals block into the DIN rail support. In the following figure the meaning and the position of the terminal blocks are shown. GNDSHLD: Shield to protect the connection cables against interference (recommended).

The Z-PASS has two RS 485 serial ports for Modbus communication: COM 2 and COM 4. The RS485 connection for COM 2 can be set up by means of the corresponding screw terminals or by the IDC10 connector.

USER MANUAL – Z-PASS1/Z-PASS2

Through a removable 4 pin connector, the Z-PASS provides a serial RS232 port or, as an alternative, a third RS485 port. In order to select the RS232 port on the removable 4 pin connector, put the SW2 DIP-switch2 on ON position; to select the RS485 port on the removable 4 pin connector, put the SW2 DIP-switch on OFF position.

In Z-PASS1-IO/Z-PASS2-IO, the mode (RS485/RS232) of this port is set as a parameter in software configuration.

The cable length for the RS232 interface must be less than 3 meters.

While in Z-PASS1 the SW2 DIP-switch position can be changed by the user, in Z-PASS2 the DIP-switch is internal and

its position is permanently set in the factory.

USER MANUAL – Z-PASS1/Z-PASS2

The connector pin-out is given in the following table:

RS232

RS485

1 (bottom)

CTS - 2

Rx A 4 (top)

GND

The Z-PASS has a USB HOST type A connector, that can be used to connect an external USB memory; this is used for FW upgrade (see chapter 6.4).

Please note that, on this USB port, the “hotplug” feature is not available; so, after plugging the USB device, it is necessary to power off/on the Z-PASS to let it detect the USB device.

The Z-PA SS1 also has a second USB HOST connector, with micro-USB plug-in, that can be used to connect a USB device by means of a “Micro USB to USB” adapter; this port is no more available in Z-PASS1-IO.

The Z-PASS has two Ethernet ports with RJ45 connectors on the front panel. The two ports are internally connected in HUB/SWITCH mode. The two ports have the same MAC Address.

USER MANUAL – Z-PASS1/Z-PASS2

The Z-PASS has a plug-in connector for micro SD card placed in the side part of the case. To insert the SD card into the connector, be sure that the SD card is oriented with metal contacts facing towards left (with reference to the figure).

The SD card can be of any class.

The Z-PASS2 has a slot for SIM card, placed on the side of the case. Before pushing the SIM card into this slot, please be sure that the SIM card golden contacts are facing towards right (please see the figure below).

USER MANUAL – Z-PASS1/Z-PASS2

5.1.1 Z- PASS1-IO Digit al I / Os

In Z-PASS1-IO, the electrical connections for the Digital Inputs shall be arranged as in the following figures.

The electrical connections for the Digital Outputs shall be arranged as in the following figure.

5.1.2 Z- PASS2-IO Digit al I / Os

In Z-PASS2-IO, the electrical connections for the Digital Inputs shall be arranged as in the following figures.

USER MANUAL – Z-PASS1/Z-PASS2

The electrical connections for the Digital Outputs shall be arranged as in the following figure.

6 LEDs signaling

6.1 Z-PASS1/Z-PASS2

LED

STATUS

LED meaning

PWR Green

The module is powered on

RUN Red

Blinking

The module is ready for use

LINK1 Yellow

OFF

Ethernet 1 connection detected

Ethernet 1 connection absent

ACT1 Green

Blinking

OFF

There is data activity (Ethernet 1)

There is no data activity (Ethernet 1)

LINK2 Yellow

OFF

Ethernet 2 connection detected

Ethernet 2 connection absent

ACT2 Green

Blinking

OFF

There is data activity (Ethernet 2)

There is no data activity (Ethernet 2)

USER MANUAL – Z-PASS1/Z-PASS2

RX1/TX1 Red

Blinking

OFF

Data reception/transmission on COM1 port

No data reception/transmission on COM1 port

RX2/TX2 Red

Blinking

OFF

Data reception/transmission on COM2 port

No data reception/transmission on COM2 port

RX4/TX4 Red

Blinking

OFF

Data reception/transmission on COM4 port

No data reception/transmission on COM4 port

3G PWR Green (Z-PASS2 only)

The 3G Modem is powered on

STAT Yellow

(Z-PASS2 only)

Slow Blinking

Fast Blinking

Not registered on GSM network

Registered on GSM network

PPP connection active

6.2 Z-PASS1-R01/Z-PASS2-R01

LED

Status

Meaning

PWR Green

The module is powered on

RUN Red

Blinking

The module is ready for use

LAN/WAN Yellow

OFF

The Ethernet ports are working in “LAN/WAN” mode

SWITCH Green

OFF

The Ethernet ports are working in “Switch” mode

VPN Yellow

Blinking

OFF

VPN connection is working properly

VPN connection is not working properly

VPN functionality is disabled or VPN Box/Point-to-Point functionality is enabled but no client is connected or VPN Box/Single LAN functionality is enabled but the Device is not configured yet

SERV Green

Blinking

OFF

VPN Box “SERVICE” connection is working properly

VPN Box “SERVICE” connection is not working properly

VPN Box functionality is disabled

RX1-2-4 Red

Blinking

Data reception (COM 1-2-4)

Check the connection (COM 1-2-4)

USER MANUAL – Z-PASS1/Z-PASS2

OFF

No data reception (COM 1-2-4)

TX1-2-4 Red

Blinking

OFF

Data transmission (COM 1-2-4)

Check the connection (COM 1-2-4)

No data transmission (COM 1-2-4)

3G PWR Green

(Z-PASS2-R01 only)

The 3G Modem is powered on

STAT Yellow

(Z-PASS2-R01 only)

Slow Blinking

Fast Blinking

Not registered on GSM network

Registered on GSM network

PPP connection active

6.3 Z-PASS2-IO

LED

Status

Meaning

PWR Green

The module is powered on

RUN Green

Blinking

The module is ready for use

DIDO1 Green

OFF

Configurable Digital Input/Output 1 state is HIGH

Configurable Digital Input/Output 1 state is LOW

DIDO2 Green

OFF

Configurable Digital Input/Output 2 state is HIGH

Configurable Digital Input/Output 2 state is LOW

DI Green

OFF

Digital Input state is HIGH

Digital Input state is LOW

DO Green

OFF

Digital Output state is HIGH

Digital Output state is LOW

RCD Green

OFF

Remote Connection is disabled

Remote Connection is enabled

VPN Green

Blinking

OFF

VPN connection is working properly

VPN connection is not working properly

VPN functionality is disabled or VPN Box/Point-to-Point functionality is enabled but no client is connected or VPN Box/Single LAN functionality is enabled but the Device is not configured yet

LAN/WAN

The Ethernet ports are working in “LAN/WAN” mode

USER MANUAL – Z-PASS1/Z-PASS2

Green

OFF

The Ethernet ports are working in “Switch” mode

SERV Green

Blinking

OFF

VPN Box “SERVICE” connection is working properly

VPN Box “SERVICE” connection is not working properly

VPN Box functionality is disabled

RX2-4 Green

Blinking

OFF

Data reception (COM 2-4)

Check the connection (COM 2-4)

No data reception (COM 2-4)

TX2-4 Green

Blinking

OFF

Data transmission (COM 2-4)

Check the connection (COM 2-4)

No data transmission (COM 2-4)

3G PWR Green

The 3G Modem is powered on

STAT Yellow

Slow blinking (200 ms OFF, 1800 ms ON)

Slow blinking (1800 ms OFF, 200 ms ON)

Fast blinking (125 ms OFF, 125 ms ON)

Searching for GSM network

Registered on GSM network

Data transfer is ongoing

Ethernet Connector LEDS

LED

Status

Meaning

ETH1-2 Green

OFF

Ethernet 1-2 connection detected

Ethernet 1-2 connection absent

ETH1-2 Yellow

Blinking

OFF

There is data activity (Ethernet 1-2)

There is no data activity (Ethernet 1-2)

6.4 Z-PASS1-IO

LED

Status

Meaning

PWR Green

The module is powered on

RUN Green

Blinking

The module is ready for use

USER MANUAL – Z-PASS1/Z-PASS2

DIDO Green

OFF

Configurable Digital Input/Output state is HIGH

Configurable Digital Input/Output state is LOW

DO Green

OFF

Digital Output state is HIGH

Digital Output state is LOW

RCD Green

OFF

Remote Connection is disabled

Remote Connection is enabled

VPN Green

Blinking

OFF

VPN connection is working properly

VPN connection is not working properly

VPN functionality is disabled or VPN Box/Point-to-Point functionality is enabled but no client is connected or VPN Box/Single LAN functionality is enabled but the Device is not configured yet

LAN/WAN Green

OFF

The Ethernet ports are working in “LAN/WAN” mode

The Ethernet ports are working in “Switch” mode

SERV Green

Blinking

OFF

VPN Box “SERVICE” connection is working properly

VPN Box “SERVICE” connection is not working properly

VPN Box functionality is disabled

RX2-4 Green

Blinking

OFF

Data reception (COM 2-4)

Check the connection (COM 2-4)

No data reception (COM 2-4)

TX2-4 Green

Blinking

OFF

Data transmission (COM 2-4)

Check the connection (COM 2-4)

No data transmission (COM 2-4)

Ethernet Connector LEDS

LED

Status

Meaning

ETH1-2 Green

OFF

Ethernet 1-2 connection detected

Ethernet 1-2 connection absent

ETH1-2 Yellow

Blinking

OFF

There is data activity (Ethernet 1-2)

There is no data activity (Ethernet 1-2)

USER MANUAL – Z-PASS1/Z-PASS2

7 Upgrading the firmware by USB pen

Z-PASS firmware can be upgraded by means of a USB pen; a pen drive formatted with FAT32 file-system is needed.

The procedure is the following:

1) download the FW file from one of the following links:

http://www.seneca.it/products/z-pass1 http://www.seneca.it/products/z-pass2

the downloaded file is a .zip file; extract the FW file from it; the FW file shall have a name like the following:

SW003900_xxx.bin

2) copy the file into the root of the USB pen

3) switch off the Z-PASS

4) insert the USB pen into the USB#1 port

5) switch on the Z-PASS; the upgrade procedure will take some minutes to be completed; during this

time, the Z-PASS MUST NOT be switched off; during the procedure, the Z-PASS will be rebooted several times; also, during the procedure, several LEDS will blink simultaneously3

6) the upgrade procedure is ended when only the LED “RUN” is blinking

7) remove the USB pen

8 Discovering the Z-PASS IP address

Z-PASS devices come out of the factory with the default IP address 192.168.90.101, on the Ethernet (LAN) network interface.

If this address is changed, and forgotten, it can be retrieved using the “Seneca Device Discovery” application (SDD), as shown in the following figure:

This applies only to products with HW revisions IO and R01; in details: for IO HW revision, all LEDs will blink simultaneously, except for Power, LAN/WAN, COM and modem LEDs; for R01 HW revision, RUN, VPN and SERV LEDs will blink.

Also SERV and VPN LEDs might blink, depending on the Device configuration and status.

USER MANUAL – Z-PASS1/Z-PASS2

This application shows the IP address, MAC address, FW version and some other useful information, for every Z-PASS device (and other Seneca products) found in the LAN.

Moreover, by clicking on the “Assign” button, it is possible to change the network configuration parameters of a device, as shown in the following figure:

For security reasons, this feature can be disabled on the device (see paragraph 18.2); in this case, the following error message is shown, after clicking on the “Assign” button”.

USER MANUAL – Z-PASS1/Z-PASS2

The SDD can be easily installed by running the installer program available at the following link:

http://www.seneca.it/products/sdd

NOTE:

- when Z-PASS is working in “Switch” mode, the IP Address shown by the SDD is the same regardless of the Ethernet port which the PC running the SDD is connected to;

- when Z-PASS is working in “LAN/WAN” mode, the IP Address shown by the SDD is the LAN IP Address when the PC is connected to the LAN port, the WAN IP Address when the PC is connected to the WAN port; moreover, the network configuration parameter changes apply to the relevant port.

9 Ethernet Mode (Z-PASS1-R01/Z-PASS2-R01/Z-PASS1-IO/Z-PASS2-IO)

In Z-PASS1-R01/Z-PASS2-R01/Z-PASS1-IO/Z-PASS2-IO products, the two available Ethernet ports can be configured as two fully separated network interfaces (“LAN” and “WAN”) or, as in the older versions, they can work as ports of an Ethernet switch; the user can choose between the “LAN/WAN” mode and the “Switch” mode, by means of a new configuration parameter (“Ethernet Mode”) (see paragraph 18.2).

The “LAN/WAN” mode is needed when the “industrial” network connected to the LAN interface (comprising e.g. HMI and PLC devices) shall be separated from the “enterprise” network connected to the WAN interface (comprising enterprise PCs and servers); when the Z-PASS is remotely accessed through the WAN interface, only devices connected to the LAN interface can be reached, while access to machines lying in the enterprise network is forbidden; this is depicted in the following two figures.

USER MANUAL – Z-PASS1/Z-PASS2

When this separation is not needed or when the Internet access is achieved only through the mobile (3G+) interface, the “Switch” mode still lets the Z-PASS to be used as an Ethernet switch, as shown in the following figure.

USER MANUAL – Z-PASS1/Z-PASS2

10 Modbus Bridge

Z-PASS can be configured to run as a Modbus Bridge: Modbus TCP requests received from both the Ethernet interface and the PPP (Mobile Network) interface are converted into Modbus RTU requests and sent to the serial interface; in the same way, the Modbus RTU responses received from the serial interface are converted to Modbus TCP responses and sent back to the source network interface.

A Modbus Bridge instance can be activated for each of the three available serial ports: COM1 (RS232/RS485), COM2 (RS485) and COM4 (RS485); each one can receive the Modbus TCP requests on a different TCP port (e.g.: 501, 502, 503).

Another possible configuration is to run a Modbus Bridge instance, receiving Modbus TCP requests on a single TCP port (e.g.: 502) and handling two or all the three serial ports. In this case, Modbus RTU requests are simultaneously sent to all the configured ports; obviously, in this configuration, each slave module on the two or three buses shall have a distinct Modbus address;

Each Modbus Bridge instance can support up to 32 simultaneous TCP connections.

The TCP connection can be established over a VPN tunnel, as shown in the following figure.

A detailed description of the Modbus Bridge configuration can be found in 18.4.1 paragraph.

USER MANUAL – Z-PASS1/Z-PASS2

11 Transparent Bridge

As an alternative to Modbus Bridge, Z-PASS can be configur ed to run as a “Transparent Bridge”. The big difference between these two modalities is that, while the first works just with Modbus protocol, the second could virtually applied to any serial protocol that can be transported over the TCP/IP stack. As a Transparent Bridge, Z-PASS provides the following operating modes:

 Remote Serial COM (with RFC 2217 support)  Serial Tunnel Point-to-Point on TCP  Serial Tunnel Point-to-Point on UDP  Serial Tunnel Point-to-Multipoint on UDP

Each mode will be fully described in a specific paragraph below.

11.1 Remote Serial COM (with RFC 2217)

USER MANUAL – Z-PASS1/Z-PASS2

The Remote Serial COM functionality lets to a PC Application, which transmits data only over a serial line, to communicate with a remote serial device, using Ethernet/Internet; in other word, through a Z-PASS, a PC and a serial device, placed in sites distant from each other, can communicate as they are directly connected.

In this mode, data sent over the LAN or WAN network, are received by the Z-PASS and sent to the serial port; response packets follow the reverse path.

RFC 2217 defines some features that let the PC remotely set the properties (baud rate, data bits, stop bits and parity) of the Z-PASS serial port; so, when the Remote Serial COM operating mode is selected for one port, the port is reconfigured regardless of the previous settings and the values configured by means of the “Serial Ports” web page are overwritten.

To allow the Remote Serial COM work, an utility called “Seneca Ethernet to Serial Connection” shall be installed on the PC; this is explained in details in 11.1.1 paragraph.

The TCP connection can be established over a VPN tunnel, as shown in the figures at the beginning of the paragraph.

Once the connection is established, a program using the remote serial COM port will transmit data to the ZPASS serial port; for example, Modbus RTU requests sent by a Modbus Master program will reach Modbus slave devices connected to the COM2 RS485 bus.

A particular notice shall be given about the “Data Packing Interval” parameter, that can be set when Remote Serial COM operating mode is selected: this parameter lets you define the time interval, in milliseconds, used by Z-PASS as a criterion to pack the data bytes received from the serial port before sending them to the network; in other words, when Z-PASS does not receive any more bytes from the serial port for the given time interval, it packs the received bytes and send them over the established TCP connection; the optimal value to be set for this parameter depends on the protocol that is transparently routed from the TCP/IP network to the serial line and vice versa.

WARNING!

In the Remote Serial COM operating mode, just one connection is accepted for a given serial port.

USER MANUAL – Z-PASS1/Z-PASS2

11.1.1 Seneca Serial to Ethernet Connect

11.1.1.1 Installing Seneca Serial to Ethernet Connect driver

Seneca Ethernet to Serial Connect runs on Windows Vista™, Windows 7™ and Windows 8.1™.

Double click the installer:

After that, the com0com driver will be installed:

USER MANUAL – Z-PASS1/Z-PASS2

Select the CNCA0<->CNCB0 and the COM#<->COM# virtual port names:

Now Click on “Launch Setup”:

USER MANUAL – Z-PASS1/Z-PASS2

Press Finish, the com0com setup will open:

We have installed two pairs of Virtual Ports:

CNCA0, CNCB0

and also:

COM11, COM12 (note that in your system the com# can be different).

The first pair can be used in software that support the CNCA names, the other in software that support only the Ports class.

If you need to add more virtual ports, press the “Add Pair” button, then select if you need or not a port class.

Confirm the driver installation with “Apply”.

The serial port emulator couple COM11-COM12 will be available:

USER MANUAL – Z-PASS1/Z-PASS2

11.1.1.2 Select the COM port for Seneca Serial to Ethernet Connect

The driver installation will use the first 2 serial ports that are free (in our case the driver has created the COM4 and COM5 pair):

The Ethernet to Serial Connection software will use only one port (the right port in the com0com setup), only the com0com ports will be displayed.

We connect the COM5 to the Seneca ES Connector:

Now use the same COM5 (for example in a terminal software):

USER MANUAL – Z-PASS1/Z-PASS2

The COM5 is now connected to Z-PASS, on the TCP port 8000:

11.1.1.3 Configuring Seneca Serial to Ethernet Connect

 Select the Virtual COM Port  Select the Z-PASS IP address (default 192.168.90.101).  Select the TCP-IP port (default 8000).

Then click on “CONNECT PORT”.

USER MANUAL – Z-PASS1/Z-PASS2

If you need to connect another serial com to another Z-PASS, configure the new com port and the new IP address, then click on “CONNECT PORT”.

To disconnect all ports, click on “DISCONNECT ALL PORTS”.

11.1.1.4 Debugging the Connection

Before clicking on “CONNECT PORT”, you can choose to open a debug window to verify the connection:

Then click on “CONNECT PORT”:

If you see “Connect Error” like here:

check the configuration (Z-PASS IP address and TCP port).

11.1.1.5 Changing the COM port number

Old software applications can use only a little range of COM ports, so you may need to change the virtual COM number.

In our case the COM pair created is COM4/COM5, but we want to change it to COM2/COM3:

Click on “DEVICE MANAGER” button:

USER MANUAL – Z-PASS1/Z-PASS2

The com0com setup window will open:

Now change COM5 to COM3 and COM4 to COM2, then click “Apply”:

USER MANUAL – Z-PASS1/Z-PASS2

Sometimes the COM can be marked as “in use”:

If you need to use this COM number, click on “Continue”, then go to the device manager.

We must uncheck the “in use” flag by uninstalling the port. Since the port is not connected, click on “Show hidden peripherals”:

Now all the ports that are not in use are displayed in transparent (also our COM3):

USER MANUAL – Z-PASS1/Z-PASS2

Now select the COM3 port and click on “Uninstall”:

Now the COM3 is free and we can use it on the com0com setup:

Finally click on “Apply”, now the COM3/COM2 pair is created:

WARNING!

Seneca Serial to Ethernet connector always uses the right port in the com0com setup (in our case COM2).

USER MANUAL – Z-PASS1/Z-PASS2

11.2 Serial Tunnel Point-to-Point on TCP

The Serial Tunnel Point-to-Point allows to extend a serial connection between two serial devices that support the same serial protocol by a TCP/UDP connection.

In TCP operating mode, one Z-PASS is defined as the “Master” and another Z-PASS is the “Slave”: the first is a Tunnel Client, which receives data from the serial line and sends them to an outgoing TCP connection, while the second is a Tunnel Server, which receives data from an incoming TCP connection and sends them to the serial line; in this mode a “tunnel” is established between the two serial ports.

In configuration phase, on the Master it is necessary to set the Destination IP Address and the Destination Port that defines the outgoing TCP connection; on the Slave, you have to set the Listen Port on which the incoming TCP connection is accepted.

The tunnel can be established through the LAN (Ethernet) or through the WAN (Mobile Network), also exploiting VPN connectivity.

WARNING!

In the Serial Tunnel Point-to-Point on TCP operating mode, just one connection is accepted for a given serial port.

11.3 Serial Tunnel Point-to-Point on UDP

The Serial Tunnel Point-to-Point on UDP operating mode is much like that on TCP.

USER MANUAL – Z-PASS1/Z-PASS2

The only difference is that no TCP connection is established and serial data are transported by UDP packets.

The configuration parameters are the same as those for the serial tunnel on TCP.

Also in this case, the tunnel can be established through the LAN (Ethernet) or through the WAN (Mobile Network), also exploiting VPN connectivity.

WARNING!

In the Serial Tunnel Point-to-Point on UDP operating mode, just one connection is accepted for a given serial port.

11.4 Serial Tunnel Point-to-Multipoint

The Serial Tunnel Point-to-Multipoint allows to create a tunnel with a master and more than one slave; on the master side, the data received from the serial line are sent to all the slaves, by means of multicast transmission mode, in UDP packets.

To let the multicast work, the master and the slaves shall be part of the same multicast group, so there is a “Multicast Group” parameter that shall be properly set; furthermore, for the Master Configuration have to be defined “Destination Port” and “Multicast Interface” parameters, the latter shall be set to select the network interface that allows to send the packets; for the slave configuration, “Listen Port” and “Multicast Interface” are requested; the latter shall be set to select the network interface which allows to receive the packets.

The tunnel can be established through the LAN (Ethernet) or through the VPN (Ethernet or 3G based).

WARNING!

In the Serial Tunnel Point-to-Multipoint operating mode, just one connection is accepted for a given serial port.

USER MANUAL – Z-PASS1/Z-PASS2

12 Modbus Gateway

Z-PASS can be configured to run as a Modbus Gateway: in this modality, a set of configured tags are periodically and continuously read from Modbus RTU devices and these values are always available in a shared memory, queryable via Modbus TCP.

Z-PASS Modbus Gateway supports up to 2000 tags and up to 32 Modbus TCP Client contemporaneously.

In the Z-PASS Modbus Gateway, a Modbus TCP/IP Server (or slave) is always running on a configured TCP port.

As for Modbus Bridge functionality (see chapter 10), the Modbus TCP requests can be forwarded through the Ethernet interface (LAN) or through the Mobile/VPN interface (WAN).

Then, for each of the three available serial ports (COM1, COM2, COM4), can be defined the “Task”: a serial port can be Configured as a Modbus RTU Master or Modbus RTU Slave or not running at all.

In this manner, a number of possible combinations are available, to a maximum of three Modbus RTU Masters or three Modbus RTU Slaves; normally, a combination of the two will be chosen, for example: Modbus RTU Slave on COM1 and Modbus RTU Masters on COM2,COM4.

In the following pictures are shown, some typical scenarios.

In the above picture, two serial ports (RS232 – COM1, RS485 – COM2) are configured as Modbus RTU Master.

USER MANUAL – Z-PASS1/Z-PASS2

In this case, one serial port (e.g. COM1) is configured as Modbus Slave and another (e.g. COM2) is configured as Modbus Master.

When some measures acquired from the Modbus Slaves must be available for a PLC, which supports only Modbus Master protocol, and also for a SCADA/Datalogger, the Z-PASS can be configured with one serial port defined as Modbus Slave (connected to the PLC) and another in Modbus Master (connected to the Modbus Slaves bus).

The PLC Modbus RTU Master and the Modbus TCP client(s) write/read the Z-PASS shared memory registers, while the Z-PASS Modbus Gateway keeps the shared memory aligned with the Modbus Slaves registers.

USER MANUAL – Z-PASS1/Z-PASS2

In the above picture, two serial ports (e.g. COM2 and COM4) are configured as Modbus Slave and connected to a PLC Modbus Master port; so, the two PLCs and the Modbus TCP Client can write/read the ZPASS shared memory to share data among them.

The Z-PASS Modbus Gateway provides some interesting features as explained in the following.

Besides “classic” gateway behavior, Tags can be configured to involve in “Bridge” mode, this modality

allows to acquire Tag values from serial side, only when Gateway receives Modbus TCP Request; That can be very useful when in serial line there are RTU devices with “Fail safe” outputs5, as explained in details in

18.5.1 paragraph.

Z-PASS Modbus Gateway performs Requests optimization on the RTU side, inserting as many tags as possible in a single read/write request; the maximum number of registers in a request can be set independently for each serial port and for read and write operations; this option can be useful to connect RTU devices which support different maximum number of registers on different serial ports.

Tag configuration can be created using a Microsoft Excel™ Template provided by Seneca (see 18.5.3 paragraph); this can largely reduce configuration time, particularly when a large number of tags shall be configured.

13 VPN

Z-PASS supports the standard OpenVPN protocol.

The main advantages that come from using a VPN are:

 secure connections, since transported data are encrypted;  the ability to establish connections without interfering with the corporate LAN;  no need to have a static/public IP address on the WAN side;  remote configurability by a built-in Web Server.

This feature is available in many Seneca products.

USER MANUAL – Z-PASS1/Z-PASS2

Two “VPN modes“ are available, named “OpenVPN” and “VPN Box”, respectively.

The “OpenVPN” mode can be used when the Z-PASS shall be installed in an already existing VPN. In this case, an OpenVPN server shall be available and the configuration, certificate and key files for the Z-PASS client shall be provided by the VPN administrator; the files can be uploaded to the Z-PASS using the “VPN configuration” page of Z-PASS Web Server.

If the VPN infrastructure does not exist yet, the advisable choice is to adopt the “VPN Box” solution, developed by Seneca. The “VPN Box” is an hardware appliance (or a virtual machine) which lets the user easily setup two alternative kinds of VPN:

- “Single LAN” VPN

- “Point-to-Point” VPN

In the “Single LAN” VPN, all devices and PCs (and associated local subnets) configured into VPN are always connected in the same network. In this scenario any PC Client can connect to any device (Z-PASS) and to other machines which lie in the Z-PASS LAN, but also any device/machine can connect to any other remote device/machine which belongs to the same VPN network. This VPN architecture puts some constraints on the device sub-networks definition, in fact all VPN clients must have a different IP address and different local LAN, to avoid conflicts. The software named “VPN BOX Manager” configures VPN BOX and will help you to avoid errors defining local subnet.

In the “Point-to-Point” VPN, a client PC, in a given moment, can perform a single connection, on demand, to only one device (Z-PASS) (and to machines which lie in the Z-PASS LAN) at time. Furthermore, devices can’t communicate each other also if they belong to the same VPN. The advantage of this architecture is that the same sub-network can be used in all sites. Point to point mode makes it possible to define user groups and manage them. This VPN modality must be configured on “VPN Box” by VPN BOX Manager.

There are two kinds of “Point-to-Point” VPN:

 routing Layer 3 VPN  bridging Layer 2 VPN

In “Routing Layer 3 VPN”, only IP (Layer 3) packets are transported over the VPN tunnel and a new virtual

LAN is created with a network subnet which must be different from the LAN subnets of the server and clients.

Conversely, in “Bridging Layer 2 VPN”, all Ethernet frames are transported over the VPN tunnel and the

clients are inserted in the server LAN.

Each of the two kinds has benefits and drawbacks:

Layer 2 benefits/drawbacks:

 can transport any network protocol  broadcast traffic (e.g.: DHCP) is transported  causes much more traffic overhead on the VPN tunnel

Layer 3 benefits/drawbacks:

 can transport only IP traffic  broadcast traffic (e.g.: DHCP) is not transported  lower traffic overhead, transports only traffic which is destined for the VPN clients

The “VPN Box” is supplied with two Windows applications:

USER MANUAL – Z-PASS1/Z-PASS2

 the “VPN Box Manager”, which allows to configure the VPN

mode on the VPN Box and manage the

devices7

 the “VPN Client Communicator”, which lets the user connect the PC to the network (in the “Single

LAN” case) or to a specific device (in the “Point-to-Point” case)

A detailed description of “VPN Box” can be found in the “VPN Box User Manual”.

A detailed description of Z-PASS VPN configuration parameters is given in 18.7 paragraph.

The following two sub-paragraphs give some more info about the two kinds of VPN.

13.1 “Single LAN” VPN

The above figure gives an example of a “Single LAN” VPN.

The client PC (with IP address 192.168.1.X) can connect, just as an example, to the first Z-PASS2 by using its

192.168.10.154 IP address and to the PLC in the Z-PASS LAN by using its local IP address 192.168.10.102.

Also, two devices which lie in two different LANs of the same VPN network (e.g.: 192.168.10.101 and

192.168.20.102) can connect to each other, again using their local IP addresses.

To let this scenario work correctly, an essential rule must always be followed: the Z-PASS LANs and the PC LAN shall have different and not colliding subnets; so, in the above figure, the following subnets allocation has been depicted:

Only one of the two kinds of VPN can be configured on a given VPN Box.

“VPN Box” functionality is available also on Seneca Z-TWS4 and Z-PASS2-S products.

USER MANUAL – Z-PASS1/Z-PASS2

PC LAN 192.168.1.0/24 SCADA LAN 192.168.2.0/24 Z-PASS2 LAN 192.168.10.0/24 Z-PASS2 LAN 192.168.20.0/24 Z-PASS1 LAN 192.168.30.0/24

The “VPN Box Manager” application guides you in the configuration task, checking that no subnet/IP address conflict is present in the network.

If subnet/conflicts cannot be avoided, using a “Single LAN” VPN is still possible if local IP addresses are not used; devices can be reached by means of their VPN IP addresses and machines beyond them can be reached by configuring some “port forwarding” rules on the Device Router (see 18.8 paragraph).

13.2 “Point-to-Point” VPN

The above figure gives an example of a “Point-to-Point” VPN.

In this scenario a PC (acting as a VPN Client) can connect, on demand, to only one Z-PASS and its subnet, using local IP addresses. Since the client “sees” just one Z-PASS (and attached devices) at time, the same subnet configuration can be assigned to different sites, without creating conflicts.

For this kind of VPN, the “VPN Box Manager” application lets define group of users that can connect only to assigned devices.

The “VPN Client Communicator” application retrieves the list of devices which are available for the logged user; then the user can select one device on the list and connect to it.

USER MANUAL – Z-PASS1/Z-PASS2

14 Router

As already told before, “Router” functionality routes packets between the LAN (Ethernet) interface and the WAN (Mobile Network) interface; so, this functionality specially makes sense when a PPP connection is active, which needs the availability of a 3G modem (always true for Z-PASS2, true for Z-PASS1 when connected to Seneca Z-MODEM-3G modem).

More specifically, an important feature of the Router is what is known as “IP forwarding”; this means that when Z-PASS receives a packet not targeted for it, it does not discard the packet but forwards it to its actual destination; when a packet is routed from the LAN to the WAN, Z-PASS also performs what is known as “IP

masquerading”, meaning that the original source IP address is replaced with the IP address of the WAN

(PPP) interface.

Another important feature is the availability of a DNS server/forwarder, which can resolve names either by itself or querying the external configured DNS server.

Also, a DHCP server is available which assigns IP addresses to clients connected on the Z-PASS LAN; here, you can configure the range of addresses used by the server and the lease time.

There is also the possibility to define up to five “Port Forwarding” rules or “Virtual Servers”; using these rules, you can, for example, redirect packets received from a TCP or UDP port to another Z-PASS port or to another machine, with a different IP address, on the same or another port.

As an alternative to using “Port Forwarding” rules, Router + VPN functionalities allow the use of local

addresses, as shown in the previous chapter; in the router configuration, a flag is given to enable this feature.

A detailed description of the Router configuration can be found in 18.8 paragraph.

USER MANUAL – Z-PASS1/Z-PASS2

15 Network Redundancy

“Network Redundancy” is a functionality than can be enabled on Z-PASS devices when a 3G modem is available (always true for Z-PASS2, true for Z-PASS1 when connected to Seneca Z-MODEM-3G modem).

This functionality is aimed at switching the network interface used to access the Internet from the Ethernet (“primary” interface) to the Mobile/3G (“secondary” interface), when Internet access through the primary interface becomes unavailable; when access through the primary interface become available again, the network interface is switched back to Ethernet.

The parameters provided to configure Network Redundancy are explained in paragraph 18.2 “Network and Services”.

16 Remote Connection Disable

Z-PASS1-IO and Z-PASS2-IO products provide a dedicated digital input and a dedicated digital output to control and monitor remote connection to the device.

In details:

- when “Remote Connection Disable” digital input is set to HIGH state, remote connection to the

device is disabled; conversely, when “Remote Connection Disable” digital input is set to LOW state, remote connection to the device is enabled; “Remote Connection Disable” digital input state is

reported by the “RCD” LED;

- “Remote Connection Active” digital output is set to HIGH state when the device is remotely

accessed (VPN connection is active); it is set to LOW state when VPN connection is not active.

Four levels of security can be configured to disable remote connection, providing increasing security levels:

- Level 0 (“None”): no remote connection service is disabled;

USER MANUAL – Z-PASS1/Z-PASS2

- Level 1 (“VPN Connection”): VPN connections are disabled in any VPN mode (VPN Box Point-to-

Point, VPN Box Single LAN, OpenVPN), but VPN Box Service is still running, so the device can still be

monitored on VPN Box Manager;

- Level 2 (“VPN Service”): VPN Box Service is disabled, but the device can still access the Internet and

receive SMSs (on Z-PASS2-IO);

- Level 3 (“Internet Connection”): any Internet access is disabled and, on Z-PASS2-IO, modem is off,

so SMSs can’t be received.

See “Digital I/O Configuration” paragraph to learn how to set the desired security level.

17 Auto-APN

The Auto-APN feature lets the Z-PASS establish mobile data connections without requiring the user to configure APN data8 for the SIM in use.

This is accomplished by using the SIM IMSI and, possibly, some other data available on the SIM, to select the proper APN record in an internal DB9, containing APN records for all mobile operators in the world.

In some particular cases, however, when a “custom APN” shall be used, the Auto-APN feature can be disabled, setting the “APN Mode” parameter to “Manual”, in the “Mobile Network” page (see paragraph

18.11.1).

18 Web Configuration Pages

Z-PASS can be fully configured by means of a set of web configuration pages.

To access Z-PASS configuration site, you have to connect the browser to the Z-PASS IP address on port 8080, e.g.:

http://192.168.90.101:8080

and, when asked, provide the following credentials (default values):

Username: admin Password: admin

You come to the “Main View” page, described in the following paragraph.

APN data are: APN, Username, Password and Authentication Type.

This DB is updated to the one used in the last Android O.S. version.

USER MANUAL – Z-PASS1/Z-PASS2

18.1 Main View

In this page, main Z-PASS configuration parameters are shown, with their current values.

On the left side of the page, like in any other page, a menu is shown which lets you access all the configuration pages; the menu is divided in several sections:

USER MANUAL – Z-PASS1/Z-PASS2

 General Configuration  Tag Configuration (when Gateway Mode is set to Modbus Gateway, see paragraph 18.4)  Mobile Configuration  Digital I/O Configuration (on Z-PASS1-IO, Z-PASS2-IO products)  Diagnostics

Furthermore, in this like in any other page, the following information are shown:

 the page name  the Z-PASS FW version (along with the modem FW revision, for Z-PASS210)  the Z-PASS MAC address; the modem IMEI, for Z-PASS2; the SIM IMSI, for Z-PASS2, when a SIM is

present

 the network interface used for Internet Access (i.e.: “Ethernet” or “Mobile”)  the Modbus Bridge/Transparent Bridge/Modbus Gateway status (i.e.: “running” or “stopped”)  the Router status (i.e.: “running” or “disabled”)

The currently logged user (e.g.: “admin”) and the “Logout” link are also present, near the page name.

In this page, two buttons are available:

 “RESET”, to perform Z-PASS reboot;  “FACTORY DEFAULT”, to reset Z-PASS to its factory state.

Probably, the first parameters you need to change when setting up a new Z-PASS device are those related to its network configuration.

You can accomplish this in the “Network and Services” page, described in the following paragraph.

18.2 Network and Services

The parameters shown in this page slightly change, depending on the HW version of the product (ZPASS1/Z-PASS2 or Z-PASS1-R01/Z-PASS2-R01 or Z-PASS1-IO/Z-PASS2-IO) and, for new HW versions, on the selected “Ethernet Mode”; this is shown in the following figures.

Also for Z-PASS1, when an external Z-MODEM-3G modem is connected.

USER MANUAL – Z-PASS1/Z-PASS2

The previous figure shows the “Network and Services” page for a Z-PASS2-IO, when the “Ethernet Mode” parameter is set to “LAN/WAN”; it also applies to a Z-PASS1-IO in “LAN/WAN” mode.

USER MANUAL – Z-PASS1/Z-PASS2

The previous figure shows the “Network and Services” page for a Z-PASS2-IO, when the “Ethernet Mode” parameter is set to “Switch”; it also applies to a Z-PASS1-IO in “Switch” mode.

USER MANUAL – Z-PASS1/Z-PASS2

The previous figure shows the “Network and Services” page for a Z-PASS2-R01, when the “Ethernet Mode” parameter is set to “LAN/WAN”; it also applies to a Z-PASS1-R01 in “LAN/WAN” mode.

USER MANUAL – Z-PASS1/Z-PASS2

The previous figure shows the “Network and Services” page for a Z-PASS2-R01, when the “Ethernet Mode” parameter is set to “Switch”; it also applies to a Z-PASS1-R01 in “Switch” mode.

USER MANUAL – Z-PASS1/Z-PASS2

The previous figure shows the “Network and Services” page for a Z-PASS2 (old version); it also applies to a Z-PASS1 (old version).

There is an important difference between the parameter values shown in this page and those shown in the “Main View” page: the former are configured values, whereas the latter are actual values.

To better explain this difference, let’s consider the case when the DHCP parameter is set to ON; in the

“Network and Services” page, you may see the 192.168.90.101 default value for the “IP Address” parameter, whereas the “Main View” page shows the actual IP Address, assigned by the DHCP server.

USER MANUAL – Z-PASS1/Z-PASS2

In the following table, all configuration parameters available in this page are listed, with a short explanation and the parameter default value for each of them.

Field

Meaning

Default value

NETWORK/Ethernet Mode

This parameter determines if the two Ethernet ports work as two fully separated network interfaces

(“LAN/WAN”) or as the ports of an Ethernet switch (“Switch”);

depending on the value of this parameter, some other network parameters are hidden/shown or renamed as described below. This parameter is available only for Z-PASS1-R01, Z-PASS2-R01, ZPASS1-IO and Z-PASS2-IO products. For Z-PASS1 and Z-PASS2 products,

only “Switch” mode is available,

hence the parameter is not shown.

LAN/WAN

Ethernet Mode = “Switch”

NETWORK/DHCP

Flag to enable/disable the DHCP functionality on the Ethernet interface.

OFF

NETWORK/IP Address

IP address of the Ethernet interface

(disabled when “DHCP” is set to “ON”)

192.168.90.101

NETWORK/Network Mask

Network mask of the Ethernet interface (disabled when “DHCP” is set to “ON”)

255.255.255.0

NETWORK/IP Address 2 Enable

Flag to enable/disable the second IP address on the Ethernet interface. Note that the second IP address can be enabled also when the DHCP functionality is active.

OFF

NETWORK/IP Address 2

Second IP address of the Ethernet interface

192.168.100.101

NETWORK/Network Mask 2

Second network mask of the Ethernet interface

255.255.255.0 Ethernet Mode = “LAN/WAN”

NETWORK/DHCP on WAN

Flag to enable/disable the DHCP functionality on the WAN Ethernet interface

ON NETWORK/LAN IP Address

IP address of the LAN Ethernet interface

192.168.90.101

USER MANUAL – Z-PASS1/Z-PASS2

NETWORK/LAN Network Mask

Network mask of the LAN Ethernet interface

255.255.255.0

NETWORK/WAN IP Address

IP address of the WAN Ethernet interface (disabled when “DHCP on

WAN” is set to “ON”)

192.168.100.101

NETWORK/WAN Network Mask

Network mask of the WAN Ethernet interface (disabled when

“DHCP on WAN” is set to “ON”)

255.255.255.0

NETWORK/Default Gateway

Default Gateway IP address (disabled when DHCP functionality is enabled).

When “Ethernet Mode” is set to “LAN/WAN”, the Default Gateway

shall be in the WAN subnet.

192.168.100.1 , for Z-PASS1R0x and Z-PASS2-R0x (x=1,2)

192.168.90.1, for all other products

NETWORK/DNS Mode

Tells if the DNS Server shall be set

statically (value: “Static”) or

dinamically assigned by the DHCP Server (value: “DHCP”)

DHCP, for Z-PASS1-R0x and ZPASS2-R0x (x=1,2) Static, for Z-PASS1 and Z-PASS2

NETWORK/DNS Server

DNS server IP address (disabled when DHCP functionality is enabled and DNS Mode = DHCP)

192.168.100.1 , for Z-PASS1R0x and Z-PASS2-R0x (x=1,2)

192.168.90.1, for all other products

NETWORK/IP Configuration from Discovery

Flag to enable/disable the possibility of changing some of the network configuration parameters by means of the SDD application (see chapter 8)

WEB SERVER/Protocol

Protocol used to access the web pages: HTTP/HTTPS, HTTPS, HTTP

HTTP/HTTPS

WEB SERVER/HTTP Conf Port

TCP port to access the configuration pages, using HTTP protocol. Please note that if this parameter is set to 80 (standard HTTP port), the

web user site won’t be available

anymore.

8080 Default URL for conf pages:

http://<IP_address>:8080

WEB SERVER/HTTP User Port

TCP port to access the user pages, using HTTP protocol.

Default URL for user pages:

http://<IP_address>

WEB SERVER/HTTPS Port

TCP port to access the configuration and user pages, using HTTPS protocol.

443

Default URL for conf pages:

https://<IP_address>/maintenance

USER MANUAL – Z-PASS1/Z-PASS2

Default URL for user pages:

https://<IP_address>

FILE TRANSFER/Protocol

Protocol used for File Transfer: FTP/SFTP, SFTP, FTP

FTP/SFTP FTP Port

TCP Port for FTP protocol

SFTP Port

TCP Port for SFTP protocol

NETWORK REDUNDANCY/Enable

Flag to enable/disable the “Network Redundancy” functionality, that is using the Ethernet interface as the primary interface to access the Internet and the Mobile interface as the secondary interface, if the access through the primary interface becomes unavailable

OFF NETWORK REDUNDANCY/Ping Address

IP Address used as ping destination to check if access to the Internet through the primary interface (Ethernet) is available. This address shall be different from the one set for “DNS Server” parameter, otherwise an error is shown (see figure below).

8.8.4.4

WATCHDOG/Enable

Flag to enable/disable the watchdog functionality

WATCHDOG/Timeout (s)

Watchdog timeout, in seconds;

when watchdog is enabled, if it’s

not refreshed for this amount of seconds, the system will be rebooted. Possible values are in the range [30..3600].

DEBUG LOGS/Enable

Flag to enable/disable the debug logs

OFF

COM1/Mode

Operating mode of the COM1 serial port Possible values: RS485 | RS232 This parameter is available only for Z-PASS1-IO and Z-PASS2-IO products.

RS485

One note about the “DHCP” parameters:

 the “DHCP” parameter can be set to “ON” only if the “DHCP Server” parameter of the “Router

Configuration” page is set to “OFF” (see paragraph 18.8).

USER MANUAL – Z-PASS1/Z-PASS2

In the “Network and Services” page, you can change any of the above parameters; to apply the changes, press the “APPLY” button; as warned by the note on the page, only for some parameters, the parameter

change requires rebooting the Z-PASS; these parameters are:

 NETWORK/Ethernet Mode  WEB SERVER/Port  WATCHDOG/Enable, only when changing ON -> OFF  DEBUG LOGS/Enable, only when changing ON -> OFF

USER MANUAL – Z-PASS1/Z-PASS2

18.3 Serial Ports

By clicking on the “Serial Ports” link, in the “General Configuration” menu, you come to the following page:

This page is made up of three sections, corresponding to the three serial ports available in Z-PASS devices:

 COM1 RS232 or RS485

 COM2 RS485

Depending on the position of the SW2 DIP switch.

USER MANUAL – Z-PASS1/Z-PASS2

 COM4 RS485

For each serial port, the following configuration parameters are available:

Field

Meaning

Default value

Baud Rate

Baud rate (in bps); possible values are: 200 300 600 1200 2400 4800 9600 19200 38400 57600 115200

38400

Data Bits

Data bits; possible values are: 5/6/7/8

Parity

Parity; possible values are: None/Even/Odd

None Stop Bits

Stop bits; possible values are: 1/2

In the “Serial Ports” page, you can change any of the above parameters; to apply the changes, press the “APPLY” button.

Note that when you change the serial ports configuration, the Modbus or Transparent Bridge services are automatically restarted, to actually apply the changes.

18.4 Gateway Configuration

By clicking on the “Gateway Configuration” link, in the “General Configuration” menu, you come to the

following page:

USER MANUAL – Z-PASS1/Z-PASS2

The first thing you have to do in this page is to select the mode of the Z-PASS gateway, by means of the

“Gateway Mode” parameter; the possible modes are “Modbus Bridge”, “Transparent Bridge” and “Modbus Gateway”.

In any mode, the page is substantially made up of three sections, corresponding to the three serial ports available in Z-PASS devices.

The available configuration parameters depend on the selected mode, as described in the following subparagraphs.

USER MANUAL – Z-PASS1/Z-PASS2

18.4.1 Modbus Brid g e

For each serial port, the following configuration parameters are available:

Field

Meaning

Default value

Enable

Flag to enable/disable the Modbus Bridge functionality on the port

Port

TCP port to access the Modbus Bridge If three distinct values are set, three Modbus Bridge instances are run, each handling a single serial port. If the same port value is set for more than one serial port, the same Modbus Bridge instance will handle two or three serial ports, that is the Modbus RTU requests will be simultaneously sent to the serial ports.

COM1: 501 COM2: 502 COM4: 503

Response Wait Time

Timeout on the reception of the Modbus RTU responses. The value is in milliseconds; possible values are in the range [10 - 10000].

1000

The following screen-shots give some examples of Modbus Bridge configurations.

USER MANUAL – Z-PASS1/Z-PASS2

In the above configuration, all the Modbus requests received on the 502 TCP port will be sent to all the three serial ports (COM1, COM2 and COM4); the communication parameters on the serial ports are those set in the “Serial Ports” page (see 18.3).

USER MANUAL – Z-PASS1/Z-PASS2

In the above configuration, the Modbus requests received on the 501 TCP port will be sent to the COM1 port, while those received on the 502 TCP port will be sent to the COM2 and COM4 ports.

USER MANUAL – Z-PASS1/Z-PASS2

Finally, in the above configuration, each TCP port corresponds to a single serial port, that is Modbus requests received on a TCP port are sent to a single serial port.

Please note that if you set the same TCP port value for more than one serial port, the “Response Wait Time” values shall also be the same for those serial ports; otherwise, clicking on the “APPLY” button, the

following error message is shown.

USER MANUAL – Z-PASS1/Z-PASS2

18.4.1.1 Embedded I/O (Z-PASS1-IO, Z-PASS2-IO)

As shown in the above figures, the “Gateway Configuration” page, for Modbus Bridge, contains a parameter outside of the “ComX Bridge” sections:

Field

Meaning

Default value

Slave ID for Embedded I/O

Slave ID used to access the Modbus Registers corresponding to the “embedded” digital I/Os (for “IO” HW revision).

254

USER MANUAL – Z-PASS1/Z-PASS2

Possible values: [1..255]. This parameter is meaningful only for Z-PASS1-IO and Z-PASS2-IO products.

The Modbus Registers representing the Digital I/Os are given in the following tables:

Data Type

Digital I/Os

Address

Holding Registers

Bit 0: DI1 (LSB) Bit 1: DI2 Bit 2: DI3 Bit 3: DI4

0 (40001)

Holding Registers

Bit 0: DO1 (LSB) Bit 1: DO2 Bit 2: DO3 Bit 3: DO4

0 (40002)

Discrete Inputs

DI1

0 (10001)

Discrete Inputs

DI2

1 (10002)

Discrete Inputs

DI3

2 (10003)

Discrete Inputs

DI4

3 (10004)

Coils

DO1 0 Coils

DO2 1 Coils

DO3 2 Coils

DO4

The mapping between DI1..DI4, DO1..DO4 and the Digital I/O names described in 18.13 paragraph is as follows:

DI1

DI 1

DI2

DI 2

DI3

DIDO 1, if input

DI4

DIDO 2, if input

DO1

DO 1

DO2

DO 2

DO3

DIDO 1, if output

DO4

DIDO 2, if output

If DIx or DOx is not available (e.g.: DI4, when DIDO 2 is configured as an output), the corresponding bit value is always 0.

DOx can be actually set only if the corresponding Digital I/O Mode is “General Output” (see 18.13 paragraph); otherwise, the write request will have no effect.

18.4.2 Transparent B r idge

Selecting “Transparent Bridge” as the gateway mode, the “Gateway Configuration” page will change to look like the one shown in the following figure:

USER MANUAL – Z-PASS1/Z-PASS2

In this page, for each serial port, the available parameters depend on the value of the “Operating Mode” parameter selected for the port.

The possible values for the “Operating Mode” parameter are:

 None (default value)  Remote Serial COM  Serial Tunnel Point-to-Point on TCP  Serial Tunnel Point-to-Point on UDP  Serial Tunnel Point-to-Multipoint

USER MANUAL – Z-PASS1/Z-PASS2

Furthermore, for the “Serial Tunnel” operating modes, the available parameters depend on the selected “Tunnel Role” (Master or Slave).

The following tables describe the relevant parameters for the various operating modes.

Remote Serial COM

Field

Meaning

Default value

Listen Port

TCP/UDP port to access the transparent bridge

COM1: 8000 COM2: 8001 COM4: 8002

Data Packing Interval

Time interval used as a criterion to pack data bytes received from the serial port, before sending them to the network; that is, if no byte is received for this time, available bytes are sent to the network. The value is in milliseconds; possible values are in the range [0 - 1000].

Serial Tunnel Point-to-Point on TCP (Slave) Serial Tunnel Point-to-Point on UDP (Slave)

Field

Meaning

Default value

Listen Port

TCP/UDP port to access the transparent bridge

COM1: 8000 COM2: 8001 COM4: 8002

Serial Tunnel Point-to-Point on TCP (Master) Serial Tunnel Point-to-Point on UDP (Master)

Field

Meaning

Default value

Destination Address

The IP Address which the transparent bridge will connect to

COM1: 192.168.90.102 COM2: 192.168.90.103 COM4: 192.168.90.104

Destination Port

The TCP/UDP port which the transparent bridge will connect to

COM1: 8000 COM2: 8001 COM4: 8002

Serial Tunnel Point-to-Multipoint (Master)

Field

Meaning

Default value

Destination Port

The UDP port which the packets will be sent to

COM1: 8000 COM2: 8001 COM4: 8002

Multicast Group

IP Address which identifies the

224.1.0.1

USER MANUAL – Z-PASS1/Z-PASS2

Multicast Group

Multicast Interface

Network Interface which the UDP packets are sent to; possible values: Ethernet|VPN; “VPN” option is available only when VPN is active

Ethernet

Serial Tunnel Point-to-Multipoint (Slave)

Field

Meaning

Default value

Listen Port

The UDP port which the packets will be received from

COM1: 8000 COM2: 8001 COM4: 8002

Multicast Group

IP Address which identifies the Multicast Group

224.1.0.1

Multicast Interface

Network Interface which the UDP packets are received from; possible values: Ethernet|VPN; “VPN” option is available only when VPN is active

Ethernet

18.4.3 Modbus Gatew ay

Selecting “Modbus Gateway” as the gateway mode, the “Gateway Configuration” page will change to look like the one shown in the following figure:

USER MANUAL – Z-PASS1/Z-PASS2

In this page, there are some general parameters, described in the following table.

Field

Meaning

Default value

TCP Port

Listening port for the Modbus TCP server

502

TCP Connections Max Number [150]

Maximum number of TCP connections that can be accepted by the Modbus TCP server

Response Mode when Resource in Fail

This parameter defines how the response to a Modbus TCP (read) request is built for a tag

Exception

USER MANUAL – Z-PASS1/Z-PASS2

corresponding to a Modbus RTU slave which is not answering; when mode is “Last read value”, the last available value is put in the Modbus TCP response; when mode is “Exception”, the response contains an exception with the value 11 (“Gateway target device failed to respond”).

Then, for each of the three available serial ports, there is a set of parameters, as described in the following table.

Field

Meaning

Default value

Task

This parameter defines which Modbus Gateway task is running on the serial port; possibile values are: None, Master, Slave

None Slave Address

Modbus Address for the RTU Slave; this is the only parameter available when Task=Slave

Timeout (ms) [10 – 10000]

Response timeout for Modbus RTU requests, in milliseconds (available only when Task=Master)

100

Delay between Polls (ms) [10 – 1000]

Interval between Modbus RTU requests, in milliseconds (available only when Task=Master)

100

Read/Write Retries [0 – 10]

Maximum number of retries for Modbus RTU requests; this always applies to write requests; for read requests, it applies only to tags with

“Gateway Tag Mode”=”BRIDGE” (see

18.5.1.1 paragraph)

Multiple Read Max Number [1 – 32]

Maximum number of Modbus registers that can be read in a single Modbus RTU request; this is used to reduce the number of read requests sent on the serial bus, thus performing optimization

Multiple Write Max Number [1 – 32]

Maximum number of Modbus registers that can be written in a single Modbus RTU request; this is used to reduce the number of write requests sent on the serial bus, thus performing optimization

USER MANUAL – Z-PASS1/Z-PASS2

18.5 Tag Configuration

When the “Gateway Mode” parameter, in the “Gateway Configuration” page, is set to “Modbus Gateway”, in the left side menu, a new section named “Tag Configuration” is available, containing two links, as shown

in the following figure.

18.5.1 Gateway Tag S etu p

This page is used to perform Modbus Gateway tag configuration.

USER MANUAL – Z-PASS1/Z-PASS2

In this page, the following buttons (i.e. functionalities) are available.

This button allows the user to upload a binary file containing the tag configuration to the Z-PASS; this file shall have been exported from the “Microsoft Excel™ Template” (see 18.5.3 paragraph).

This button allows the user to download a binary file containing the tag configuration from the Z-PASS; this file can be imported into the “Microsoft Excel™ Template” (see 18.5.3 paragraph).

USER MANUAL – Z-PASS1/Z-PASS2

This button allows the user to save the current tag configuration in Z-PASS memory, in a permanent way. In fact, it is important to note that, when you add, modify or delete a tag, the corresponding changes are not saved to non-volatile memory. To have those changes stored permanently, you have to click on this button.

This button allows the user to add a new tag (see paragraph below); up to 2000 tags can be configured.

This button allows the user to modify an existing tag (see paragraph below); the tag shall have been previously selected, by clicking on the corresponding table row, as shown in the following figure.

USER MANUAL – Z-PASS1/Z-PASS2

This button allows the user to delete a tag; the tag shall have been previously selected, by clicking on the corresponding table row.

18.5.1.1 Tag Creation/Modification

By clicking on the “ADD” or “MODIFY” button, you come to the following page.

USER MANUAL – Z-PASS1/Z-PASS2

The following table describes the available parameters.

Field

Meaning

Default value

Gateway Tag Name

Mnemonic name to identify the tag

TAG

Gateway Modbus TCP/IP Start Register Address

Start Register Address of the tag on the Modbus TCP/IP side

Target Modbus RTU Device

Type of RTU device: “CUSTOM” or one of the following Seneca devices: "Z-D-IN" "Z-10-D-IN" "Z-D-OUT" "Z-10-D-OUT"

CUSTOM

USER MANUAL – Z-PASS1/Z-PASS2

"Z-D-IO" "ZC-24-DI" "ZC-24-DO" "ZC-16DI-8DO" "Z-4-AI-1" "Z-8-AI-1" "Z-3-AO" "Z-4-TC" "Z-8-TC" "Z-203" "Z-4RTD-2" "Z-SG" "Z-DAQ-PID" "S-203T" "S-203TA" "ZE-4DI-2AI-2DO" "ZE-2AI" "Z-4DI-2AI-2DO" "S203TA-D" "S203RC-D" “Z-PASS-IO”

Target Resource

This field identifies a particular resource (tag) on one of Seneca devices; possibile values depend on

the selected RTU device, in “Target Modbus RTU Device” field; if that field is set to “CUSTOM”, “Target Resource” field is empty; when “Target Resource” field is set, “Target Modbus RTU Start Register Address”, “Target Modbus Request Type” and “Target Register Data Type” fields are automatically set

Empty

Target connected to Serial Port

This field identifies the serial port the target RTU device is connected to; possible values are: COM1, COM2, COM4; if, for one serial port,

“Task” parameter is set to “None”, the port is labelled as “COMx – UNUSED” and can’t be selected; if “Task” parameter is set to “Slave”, the port is labelled as “COMx –

SHARED”; if such a port is selected, a number of fields are no more available, as shown in the figure below

The first available serial port, that is the first port with “Task” other than “None”

Target Modbus Slave Station

Modbus Address of the target RTU

USER MANUAL – Z-PASS1/Z-PASS2

Address

device

Target Modbus RTU Start Register Address

Start Register Address of the tag on the Modbus RTU device

Target Modbus Request Type

Possible Modbus data types: COIL DISCRETE INPUT HOLDING REGISTER INPUT REGISTER

HOLDING REGISTER

Target Register Data Type

Possible data types: 16BIT SIGNED 16BIT UNSIGNED 32BIT SIGNED MSW 32BIT UNSIGNED MSW 32BIT SIGNED LSW 32BIT UNSIGNED LSW 32BIT REAL MSW 32BIT REAL LSW BOOL For more information about the above data types, see table below

16 BIT SIGNED

Gateway Tag Mode

This field defines how the tag will be handled by the gateway processes; possible values are: GATEWAY or BRIDGE if Task=Master on the selected port SHARED MEMORY if Task=Slave on the selected port

GATEWAY, if Task=Master SHARED MEMORY, if Task=Slave

Data Type

Meaning

16BIT SIGNED

1 register, from -32768 to +32767

16BIT UNSIGNED

1 register, from 0 to 65535

32BIT SIGNED MSW

2 registers with the lowest address register holding the Most Significant Word, from -2147483648 to +2147483647

32BIT UNSIGNED MSW

2 registers with the lowest address register holding the Most Significant Word, from 0 to 4294967295

32BIT SIGNED LSW

2 registers with the lowest address register holding the Least Significant Word, from -2147483648 to +2147483647

32BIT UNSIGNED LSW

2 registers with the lowest address register holding the Least Significant Word, from 0 to 4294967295

32BIT REAL MSW

2 registers with the lowest address register holding the Most Significant Word, Floating Point single precision (IEEE 758-

2008)

32BIT REAL LSW

2 registers with the lowest address register holding the Least Significant Word, Floating Point single precision (IEEE 758-

2008)

USER MANUAL – Z-PASS1/Z-PASS2

BOOL

1 Boolean Coil or Discrete Input register

USER MANUAL – Z-PASS1/Z-PASS2

Some more explanations are needed for “Gateway Tag Mode” parameter.

Tags with Mode=GATEWAY are handled in the “classic” Modbus Gateway way, that is tags are read

periodically, even if no Modbus read request is received for those tags on the Modbus TCP/IP side.

Tags with Mode=BRIDGE are read only when a Modbus read request is received for those tags on the Modbus TCP/IP side.

Instead, for write operations, tags with Mode=GATEWAY and tags with Mode=BRIDGE are handled in the same way, that is tags are written only when a Modbus write request is received for those tags on the Modbus TCP/IP side.

USER MANUAL – Z-PASS1/Z-PASS2

The Mode=BRIDGE option is particularly useful for Modbus RTU devices with the “Fail Safe” feature

available for output lines, as for many Seneca devices; normally, those devices are designed to put their output lines to “fail safe” value, when the connection to the master (e.g. a SCADA system) goes down; since the criterion to detect the “connection failure” is that no Modbus (write and read) request is received, the “fail safe” mode can’t be entered with “classic” gateway behaviour.

Finally, tags with Mode=SHARED MEMORY are stored only in CPU memory, not in any RTU device, so their values are written/read only when a Modbus write/read request is received for those tags on the Modbus TCP/IP side.

NOTE: all considerations related to requests received on the Modbus TCP/IP side identically apply to requests received on a serial port configured as Modbus RTU Slave.

By clicking on the “APPLY” button, the tag is added/modified and the following page is shown.

USER MANUAL – Z-PASS1/Z-PASS2

By clicking on the “OK” button, you go back to the “Gateway Tag Setup” page.

18.5.1.2 Tags for Embedded I/O (Z-PASS1-IO, Z-PASS2-IO)

A special value for “TARGET MODBUS RTU DEVICE” parameter is “Z-PASS-IO”: this value lets you define tags corresponding to the Z-PASS1-IO/ Z-PASS2-IO embedded digital I/Os, as shown in the following figure:

USER MANUAL – Z-PASS1/Z-PASS2

Depending on the value of the “TARGET RESOURCE” parameter, the other parameters are set to the values

shown in the following table:

TARGET RESOURCE

TARGET MODBUS RTU START REGISTER ADDRESS

TARGET MODBUS REQUEST TYPE

TARGET REGISTER DATA TYPE

DIGITAL INPUTS

1 (40001)

HOLDING REGISTER

16BIT UNSIGNED

DIGITAL OUTPUTS

2 (40002)

HOLDING REGISTER

16BIT UNSIGNED

DIGITAL INPUT 1

1 (10001)

DISCRETE INPUT

BOOL

DIGITAL INPUT 2

2 (10002)

DISCRETE INPUT

BOOL

DIGITAL INPUT 3

3 (10003)

DISCRETE INPUT

BOOL

USER MANUAL – Z-PASS1/Z-PASS2

DIGITAL INPUT 4

4 (10004)

DISCRETE INPUT

BOOL

DIGITAL OUTPUT 1

1 (1)

COIL

BOOL

DIGITAL OUTPUT 2

2 (2)

COIL

BOOL

DIGITAL OUTPUT 3

3 (3)

COIL

BOOL

DIGITAL OUTPUT 4

4 (4)

COIL

BOOL

You can easily check that these tags correspond to Modbus Registers defined in paragraph 18.4.1.1.

For these tags, other parameter values are fixed:

- TARGET MODBUS SLAVE STATION ADDRESS 1

- TARGET CONNECTED TO SERIAL PORT EMBEDDED

- GATEWAY TAG MODE EMBEDDED

“EMBEDDED” tag mode is similar to “BRIDGE” mode, that is the values of these tags are updated only when there is a Modbus (read or write) request related to them.

18.5.2 Gateway Tag Vi e w

The “Gateway Tag View” page shows the tag values in real-time, as shown in the following figure.

USER MANUAL – Z-PASS1/Z-PASS2

The view is automatically refreshed.

Some notes are worthy about the “TAG READING STATUS” and “LAST REFRESH TIME” columns.

The possible “TAG READING STATUS” values depend on the “GATEWAY TAG MODE” value, in the following way:

OK / FAIL for tags with Mode=GATEWAY OK(BRIDGE) / FAIL(BRIDGE) for tags with Mode=BRIDGE

- for tags with Mode=SHARED MEMORY

The timestamp in the “LAST REFRESH TIME” column is updated:

USER MANUAL – Z-PASS1/Z-PASS2

- on a successful RTU (Master) read/write operation, for tags with Mode=GATEWAY|BRIDGE

- on Modbus Gateway start and on a successful TCP or RTU (Slave) write operation, for tags with

Mode=SHARED MEMORY

In the above figure, the first three tags (Mode=GATEWAY) have been successfully read, so the “TAG

READING STATUS” column shows “OK” and the “LAST REFRESH TIME” column contains a valid timestamp.

The next three tags (Mode=BRIDGE) have not been read nor written yet, so the “TAG READING STATUS” column shows “FAIL(BRIDGE)” and the “LAST REFRESH TIME” column does not contain a timestamp.

Finally, for the last tags (Mode=SHARED MEMORY), the “TAG READING STATUS” column shows “-“ and the “LAST REFRESH TIME” column contains a valid timestamp that, in this example, corresponds to the Modbus

Gateway start time.

Just as an example, the tag configuration corresponding to the above figure is show below.

USER MANUAL – Z-PASS1/Z-PASS2

18.5.3 Microsoft Exc e l ™ Template for T ag S etup

Another way to create the tag configuration is by means of the “Microsoft Excel™ Template” provided by Seneca, shown in the following figure.

USER MANUAL – Z-PASS1/Z-PASS2

The tag configuration in the Excel sheet can be exported by clicking on the “Export CGI file…” button; the exported binary file can be uploaded to the Z-PASS, by means of the “Import tag configuration” button in “Gateway Tag Setup” page (see 18.5.1 paragraph).

Conversely, the tag configuration created by means of the web page can be imported into the Excel sheet by clicking on the “Import CGI file…” button.

The following table gives the correspondence between the sheet columns and the parameters in the “Gateway Tag Setup” page; therefore, see 18.5.1.1 paragraph for their meanings.

Column

Parameter

Tag NR

Gateway Tag Name

Gateway Modbus TCP/IP Register Address

Gateway Modbus TCP/IP Start Register Address

Target Modbus RTU Register Type

Target Modbus Request Type

Target Modbus RTU Data Type

Target Register Data Type

Target connected to Serial Port NR

Target connected to Serial Port

Target Modbus RTU Start Register

Target Modbus RTU Start Register Address

Target Modbus RTU Slave Address

Target Modbus Slave Station Address

Gateway Mode

Gateway Tag Mode

USER MANUAL – Z-PASS1/Z-PASS2

18.6 Real Time Clock Setup

By clicking on the “Real Time Clock Setup” link, in the “General Configuration” menu, you come to the following page:

This page is made up of two sections: “NTP” and “RTC”.

USER MANUAL – Z-PASS1/Z-PASS2

In the “NTP” section, you can change the parameters related to the Network Time Protocol and to the Time Zone, as listed in the following table:

Field

Meaning

Default value

NTP/Enable

Flag to enable/disable time synchronization by means of NTP protocol

ON NTP/Primary Server

IP address or FQDN12 of the Primary NTP Server

ntp1.inrim.it

NTP/Secondary Server

IP address or FQDN of the Secondary NTP Server

ntp2.inrim.it NTP/Time Zone

Time Zone

Central Europe (CET/CEST)

When the “Time Zone” parameter is set to “Central Europe (CET/CEST)” value, the Device automatically

enables (CEST) / disables (CET) the “Daylight Saving Time” setting.

A large number of Time Zones are available, as partially shown in the following figure:

FQDN: Fully Qualified Domain Name, e.g.: “pool.ntp.org”.

USER MANUAL – Z-PASS1/Z-PASS2

The “RTC” section of the page lets you manually change the Z-PASS date/time settings; since this makes sense only if NTP time synchronization is not enabled, when “NTP/Enable” parameter is “ON” the input fields and the “SET CLOCK” button are disabled and the parameters are only for viewing.

USER MANUAL – Z-PASS1/Z-PASS2

Instead, when “NTP/Enable” parameter is “OFF”, the input fields in the “NTP” section are still enabled; this lets you change and save the parameter values, even if they are not actually used.

18.7 VPN Configuration

By clicking on the “VPN Configuration” link, in the “General Configuration” menu, you come to the

following page:

USER MANUAL – Z-PASS1/Z-PASS2

The page has a different layout depending on the value of the “VPN Mode” parameter, which can be “OpenVPN” or “VPN Box”.

18.7.1 OpenVPN

The page is made up of two sections: “VPN Files” and “VPN Configuration”.

USER MANUAL – Z-PASS1/Z-PASS2

The “VPN Files” section lets you load the files needed to configure Open VPN and establish a secure VPN connection on the Z-PASS; these files are described in the following.

18.7.1.1 Configuration File

This file shall contain all the information needed to configure the Open VPN behaviour; the main configuration options are13:

 if Z-PASS shall act as a client or a server (typically, it will be a client)  the transport protocol (UDP or TCP)  the server IP address/host name and port  the files needed to perform authentication procedures  etc.

This file has the .ovpn extension (in Windows systems) or .conf extension (in Linux systems); regardless of the original name, it will be renamed as ovpn.conf on the Z-PASS.

This is the only mandatory file, that is if this file has not been loaded on the Z-PASS, VPN can’t be enabled.

As reminded in the web page, in options requiring a file argument, only the file name shall be given, with no path, as in the following example:

ca ca.crt OK

ca /home/config/vpn/ca.crt KO !

Other two important rules that shall be followed are:

 the “dev” option shall be: “dev tun0” or “dev tap0”  the “log” option shall be omitted (so that, logs are written to syslog)

An example of a client configuration file is given in paragraph 18.7.1.7.

18.7.1.2 CA certificate

This file shall contain the Certification Authority (CA) certificate and has the .crt extension.

It is needed when the configuration file contains the “ca” option.

18.7.1.3 Client certificate

This file shall contain the client certificate and has the .crt extension.

It is needed when the configuration file contains the “cert” option.

18.7.1.4 Client key

This file shall contain the client key and has the .key extension.

It is needed when the configuration file contains the “key” option.

For more information about configuration options, please refer to the OpenVPN web page (“openvpn.net”).

USER MANUAL – Z-PASS1/Z-PASS2

18.7.1.5 Additional file

This file can be of any type and may be needed for configuration options other than “ca”, “cert” and “key”.

Please note that more than one additional file can be loaded.

You can browse your PC to select the above files and send them to the Z-PASS by pressing the “UPLOAD” button.

Once the upload is done, a result page is shown like in the following figure.

USER MANUAL – Z-PASS1/Z-PASS2

You can check which VPN files are stored on the Z-PASS by clicking on the “SHOW VPN STATUS” button, as shown in the following figure (remember that the configuration file is renamed as “ovpn.conf”):

USER MANUAL – Z-PASS1/Z-PASS2

As reminded by the web page, the VPN files can be downloaded from the Z-PASS, if needed, via FTP/SFTP; they can be found in the /home/config/vpn directory, as shown in the following figure.

Is is possible to clear all the VPN files, by clicking on the “RESET” button; a pop-up will appear, requiring a confirmation:

If VPN is enabled, the user is not allowed to delete VPN files, as warned by the following pop-up:

USER MANUAL – Z-PASS1/Z-PASS2

In the “VPN Configuration” section, there is only one parameter, as described in the following table:

Field

Meaning

Default value

VPN Configuration/Enable

Flag to enable/disable the VPN connectivity; when enabled, Z-PASS will run the Open VPN process with the loaded configuration

OFF

As already told above, if you try to enable the VPN connectivity, but no configuration file has been uploaded to the Z-PASS yet, an error is given as shown in the following figure:

USER MANUAL – Z-PASS1/Z-PASS2

100

When you click on the “SHOW VPN STATUS” button, a third section appears, named “VPN Status”, showing:

 the VPN “Connection Status” (i.e.: “Disconnected” or “Connected”)  the IP address assigned to the VPN interface when “Connected”, the “dummy” IP address “0.0.0.0”

when “Disconnected”

 the “OpenVPN Status” (i.e.: “Stopped” or “Running”)

Seneca Z-PASS1, Z-PASS2 User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual