Installation Manual

ManualsBrandsEaton ManualsControl & AutomationPanel-Mounting Bracket Assembly, Retrofit

121

122

123

124

125

126

127

128

129

130

11-4 IM02601001E www.eaton.com

Securing the Power Xpert Meter

5. If you didn’t log in earlier, you must enter the admin account user name and password.

The following comprise Eaton’s recommendations for Access Control best practices:

Trusted IPs/hostnames separated by semi-colons(;)

If you are using SNMP, Modbus TCP, BACnet/IP or FTP, you should specify the IP ad-

dresses or host names for one or more computers that are to be allowed access to the

meter and then enable the trusted host feature for that protocol. This provides an added

measure of security. You should also audit this list periodically and ensure any unused

hostnames are removed.

Note: SNMP and Modbus/TCP-IP access is restricted to trusted hostnames by default;

therefore, an empty list of IP addresses/hostnames means that meter will not respond to

SNMP or Modbus/TCP-IP.

SNMP access restricted by IP/hostname:

Restricting SNMP access to a set of trusted hosts is a best practice. As this is enabled by

default, Eaton strongly recommends that you leave this enabled.

Modbus/TCP-IP access restricted by IP/hostname

Restricting Modbus access to a set of trusted hosts is a best practice. As this is enabled

by default, Eaton strongly recommends that you leave this enabled.

Modbus-TCP Port:

This is set to 502 by default. Changing this provides an added measure of security.

BACnet/IP restricted by IP/hostname:

Restricting BACnet/IP access to a set of trusted hosts is a best practice. As this is en-

abled by default, Eaton strongly recommends that you leave this enabled.

BACnet/IP Port:

This is set to 47808 by default. Changing this provides an added measure of security.

FTP restricted by IP/hostname:

Restricting FTP access to a set of trusted hosts is a best practice. As this is enabled by

default, Eaton strongly recommends that you leave this enabled. Note that FTP access is

read-only.

HTTP Port:

This is set to 80 by default. Changing this provides an added measure of security. Should

you change this, users must append the port number (after a colon) to the meter URL.

HTTPS Port:

This is set to 443 by default. Changing this provides an added measure of security.

Should you change this, users must append the port number (after a colon) to the meter

URL.

Require HTTPS:

Eaton strongly recommends that you enable this setting. When enabled, HTTP access

is disabled and all communications with the meter web server must be through HTTPS.

Note that HTTPS may provide slower performance loading web pages than HTTP.