TCP/IP Port Tags
Not counted towards your tag license limit.
Standard Port Numbers: Refer to the table provided in the description of the Connection tab, within this topic.
Reference Notes:
Monitor drivers, not ports. A port tag has a value only on the server that is communicating with hardware and will be blank on all other servers. The value of a port tag is not synchronized across all workstations. (Unlike I/O and driver tags.) If the alarm server and I/O servers are different machines, an alarm on a port tag will not activate. Do not attach an alarm to any port tag.
A port tag widget drawn on a page represents only state of the port on the local machine.
Listener Ports
A TCP/IP port tag can act as a listener (accept incoming TCP/IP socket connections) if a port number is defined, but a TCP/IP address is left blank. This allows drivers to act as slaves on network connections.
Do not configure your TCP/IP port tag with a blank address and configured port number unless you are also using a driver configured to accept unsolicited data. Problems may occur if the port with no address takes communications meant for other TCP/IP ports.
A TCP/IP Port with no address and no port number will do nothing. TCP and UDP ports that were using the default port numbers (3001 for TCP and 3123 for UDP) will no longer use these port numbers automatically and will no longer function as a listener or a client. To resolve this, they will need to be edited to use those port numbers explicitly.
In the unusual event that you have multiple devices attempting to use the same channel at the same time across multiple ports, you might consider adding Comm Link Sequencer Tags to serialize requests.
A valid TCP/IP (and UDP/IP) port tag can have any of the following values.
Error codes from the underlying operating system may be passed through. For codes not listed here, refer to https://learn.microsoft.com/en-us/windows/win32/debug/system-error-codes--9000-11999-
| Error code (Decimal) |
Error code (Hex) |
Meaning |
|---|---|---|
| 00 | 0x0 | No Error |
| 259 | 0x103 | Port did not connect |
| 260 | 0x104 | Connection was lost |
| -802 | Neither the Common Name (CN) or Subject Alternative Names (SAN) used in the X.509 certificate match the target device name. | |
| -803 | There is no Local Security Authority (LSA) context for the operation | |
| -804 | The clocks on the client and server machines are too far skewed. | |
| -10048 | Only one usage of each socket address (protocol/network address/port) is normally permitted. | |
| -10051 | Port unreachable | |
| -10053 | Connection aborted | |
| -10054 | Connection reset | |
| -10060 | Connection timeout | |
| -10061 | Connection refused | |
| -10065 | Host unreachable |
See also: Client Socket Error Codes
Comm Link Sequencer Tags - Serialize requests for the same communication channel across ports.
Ethernet to Serial Converters - Troubleshooting.
The ID tab of every tag includes the same common elements: Name, Area, Description, and Help ID.
Name:
Uniquely identifies each tag in the application. If the tag is a child of another, the parent names will be displayed in a separate area before the name field.
You may right-click on the tag's name to add or remove a conditional start expression.
Area
The area field is used to group similar tags together. By defining an area, you make it possible to:
- Filter for particular tag groups when searching in the tag browser
- Link dial-out alarm rosters to Alarm tags having a particular area
- Limit the number of tags loaded upon startup.
- Filter the alarm display to show only certain areas.
- Filter tag selection by area when building reports
When working with Parent-Child tag structures, the area property of all child tags will automatically match the configured area of a parent. Naturally, you can change any tag's area as required. In the case of a child tag, the field background will turn yellow to indicate that you have applied an override. (Orange in the case of user-defined types. Refer to Configuration Field Colors)
To use the area field effectively, you might consider setting the same Area for each I/O driver and its related I/O tags to group all the tags representing the equipment processes installed at each I/O device. You might also consider naming the Area property for the physical location of the tag (i.e. a station or name of a landmark near the location of the I/O device). For serial port or Roster tags, you might configure the Area property according to the purpose of each tag, such as System or Communications.
You may define as many areas as you wish and you may leave the area blank for some tags (note that for Modem tags that are to be used with the Alarm Notification System, it is actually required that the area field be left blank).
To define a new area, type the name in the field. It will immediately be added. To use an existing area, use the drop-down list feature. Re-typing an existing area name is not recommended since a typo or misspelling will result in a second area being created.
There is no tool to remove an area name from VTScada since such a tool is unnecessary. An area definition will exist as long as any tag uses it and will stop existing when no tag uses it (following the next re-start).
Description
Tag names tend to be brief. The description field provides a way to give each tag a human-friendly note describing its purpose. While not mandatory, the description is highly recommended.
Tag descriptions are displayed in the tag browser, in the list of tags to be selected for a report and also on-screen when the operator holds the pointer over the tag’s widget. For installations that use the Alarm Notification System, the description will be spoken when identifying the tag that caused the alarm.
The description field will store up to 65,500 characters, but this will exceed the practical limits of what can be displayed on-screen.
This note is relevant only to those with a multilingual user interface:
When editing any textual parameter (description, area, engineering units...) always work in the phrase editor. Any changes made directly to the textual parameter will result in a new phrase being created rather than the existing phrase being changed.
In a unilingual application this makes no difference, but in a multilingual application it is regarded as poor practice.
Help Search Key
Used only by those who have created their own CHM-format context sensitive help files to accompany their application.
TCP/IP Port properties Connection tab
The Connection tab of the TCP/IP port tag properties folder contains properties that enable communications.
TCP/IP Name/Address
The TCP/IP Name/Address field provides a space for you to identify the name or IP address of the server to which to connect (for example, MyRTU.com, or 198.255.32.1).
If using IPv6 addressing, names are strongly recommended over specific addresses.
If using a numeric address, do not include leading zeros. These are likely to be reinterpreted as octal values.
Listener Ports
A TCP/IP port tag can act as a listener (accept incoming TCP/IP socket connections) if a port number is defined, but a TCP/IP address is left blank. This allows drivers to act as slaves on network connections.
Do not configure your TCP/IP port tag with a blank address and configured port number unless you are also using a driver configured to accept unsolicited data. Problems may occur if the port with no address takes communications meant for other TCP/IP ports.
A TCP/IP Port with no address and no port number will do nothing. TCP and UDP ports that were using the default port numbers (3001 for TCP and 3123 for UDP) will no longer use these port numbers automatically and will no longer function as a listener or a client. To resolve this, they will need to be edited to use those port numbers explicitly.
The TCP/IP Port Number field refers to the port number on the host address through which communications are enabled. This information should be available from your hardware specification.
The following drivers have standard port numbers, although individual instances may vary.
| Driver |
Port |
|---|---|
| Allen-Bradley SLC | 2222 |
| Allen-Bradley EIP | 2222 or 44818 |
| Allen-Bradley Controllogix / CIP | 44818 |
| DNP3 | 20000 |
| GE Series 90 | 18245 |
| Siemens S7 | 102 |
| OpenModbus TCP | 502 |
| CIP |
44818 |
| MQTT | 1883 |
| Secured MQTT | 8883 |
A TCP/IP port tag may also be used to accept incoming TCP/IP socket connections if a port number is defined, but a TCP/IP address is not defined (null or invalid), thus allowing drivers to act as slaves on network connections. Use caution: unintended consequences may result if the port with no address takes communications meant for other TCP/IP ports.
Disconnect Delay
Specify in seconds or fractions of a second, the amount of idle time that should pass before the connection to the server is terminated. Cannot be set to zero.
For example, in normal Modbus operation a continuous connection is used so Disconnect Delay is set to be bigger than the expected poll rate so that polls keep the port busy and open. For a non-continuous connection, then Disconnect Delay can be set to a short value so that the connection is terminated soon after a poll completes (whether successful or not). If set to a value less than the poll rate then this will cause the driver to have to "reconnect" on every poll, but for Modbus this is not onerous as it simply reopens the TCP connection.
If the RTU can only handle one connection and you have two masters that are attempting to connect to it, then it is likely that at some point both will try to connect at the same time, resulting in a failure. Setting the Disconnect Delay to a small value might help to minimize connection collisions.
Set the maximum number of concurrent connection between VTScada and the address configured in this tab. For any benefit to be seen, both the driver and the PLC must support multiple concurrent connections. On the VTScada side, the following drivers support this feature:
- TI505 Device Driver
- Delta Driver
- Enron Modbus Driver
- Mitsubishi Driver
- Modbus Compatible Device Driver
- Toyopuc Driver
May be changed only for client TCP connections (a valid address has been set), not server TCP connections (no valid address). If the tag is set to act as a server, then Max Connections is limited to 1 to preserve legacy behavior.
Echo
Select whether the transmitted data should be echoed in the received data.
If the Echo check box is selected, the driver should expect that the transmitted data will be echoed in the received data.
By default, the Echo check box is not selected.
The Transport Layer Security (TLS) tab is used only when mutual TLS authentication is required. This feature applies only to TCP/IP Port tags used as clients (the Name/Address and the Port Number properties on the Connection tab are configured), not as servers.
To create a TLS connection to VTScada as a server, refer to Configure a VTScada Thin Client Server.
Mutual Authentication is the process by which, in addition to a TLS server providing a certificate to verify its identity, the client also provides a certificate to verify its identity.
Before configuring the parameters on this tab, all of the following must be true:
- An X.509 certificate for mutual authentication must be installed in the "Personal" store for the user account, under which VTScada runs.
- That certificate...
- must be valid,
- must have a private key associated with it, and
- must have an extended key usage that permits client authentication (1.3.6.1.5.5.7.3.2).
- The Name/Address and the Port Number properties on the Connection tab must be configured.
Instructions to install an X.509 certificate are provided in Internet Security (TLS, X.509, SSL)
Enable TLS
When selected, VTScada will enforce the use of TLS for connections to the Name/Address specified on the Connection tab. Otherwise, the connection is "plaintext".
Selecting this option enables the "Enable mutual authentication" check box.
Enable mutual authentication
Select to enable mutual authentication using an X.509 certificate provided by the connection client.
Selecting this option also enables the radio buttons with which you can choose automatic or manual certificate selection.
Automatically pick a certificate / Choose one of these certificates
See following notes.
In the automatic mode, the operating system will select a certificate that has a Certificate Authority (CA) matching one of the acceptable CAs that the server has dictated during the TLS handshake protocol, assuming that the server is configured to provide such a list.
A problem can arise where there is more than one suitable certificate for the client to choose from, or the server does not provide a list of CA's so that any certificate on the client could be used. In interactive use, (for example, a web browser), this results in a pop-up dialog allowing the user to choose which client certificate to supply to the server. For a system such as VTScada, an interactive pop-up from the operating system each time a connection is made is clearly undesirable. In such cases, you should select the correct certificate manually.
Manual certificate selection can be performed only on a computer that has an appropriate certificate installed because you must be able to see it in order to select it.
The certificate names shown in the table use the "friendly" name of the certificate if possible, defaulting to the subject name in the certificate in the absence of the friendly name. As manual certificate selection is based on the displayed name, this allows you to have different certificates installed on different computers for the same tag so long as you have set the friendly name on each certificate to be the same. As the configuration for a tag is replicated throughout your distributed application, the same name will be used on each computer for the certificate. This is useful when the subject name varies by computer. (For example, if the subject name is the computer name.)
The friendly name is an editable field and can be changed via the Windows user interface for certificates. For example, using the Microsoft Management Console (MMC.exe) with the certificates snap-in, double click the certificate you want to set the friendly name on and click "Edit Properties" on the Details tab.
A manually selected certificate is indicated by a colored background in the list.
For multi-server applications: Because a TCP/IP Port tag's configuration is distributed around the system, any computer that can establish a connection using the tag must have an appropriate certificate installed. Automatic certificate selection will pick an appropriate certificate from any hints provided by the server and manual selection will use a specific certificate as configured in this tag.
When this tag is represented on screen by widgets that can use a Style Settings tag, you can save development time by choosing the Style Settings tag that holds the correct display configuration for this tag instance.
The default configuration will use System Style, the default style tag that is automatically part of every new VTScada application.
TCP/IP Port Tag Widgets
The following widget is available to display information about your application’s TCP/IP port tags:
