Modbus TCP

Other devices that evaluate the data of the KOSTAL Smart Energy Meter can be connected to the Modbus TCP (LAN) interface.

“Master” mode

In “Master” mode, the KOSTAL Smart Energy Meter sends and writes information to the registers of the configured slaves. These are added by entering the slave IP address.

INFO

The internal present value registers and the internal energy value registers can be transmitted and written. The KSEM/RM PnP registers and the SunSpec registers are not transmitted via the Modbus TCP master. You will find information about the respective registers in the KOSTAL Smart Energy Meter– Interface Description Modbus documentation in the download area for the KOSTAL Smart Energy Meter.

Parameter	Explanation
Slave address	Defines the address of a TCP slave. This can be specified in the form of an IP address or URL.
Port	Defines the TCP port on which the slave expects Modbus communication.
x	Deletes the line
Add	Adds a line

Up to 10 TCP slaves can be configured.

“Slave” mode

In the “Slave” mode, the Energy Manager provides its measurement data via the LAN interface (TCP/IP). This setting is used to ensure that the KSEM can be read by third parties.

Parameter	Explanation
Enable TCP Slave	Enabled The Modbus slave functionality on the Ethernet interface (LAN) is enabled. Data can only be retrieved from the KOSTAL Smart Energy Meter via the interface once the interface has been activated and the settings have been saved. Deactivated The Modbus interface is deactivated.
Enable encryption (TLS)	Enabled Enables encryption using TLS for Modbus slave connections. If encryption is enabled, the Modbus slave can only be reached via port 802. Unencrypted connections via port 502 are no longer possible. Deactivated Encryption is deactivated.

Parameter

Explanation

Enable TCP Slave

Enabled
The Modbus slave functionality on the Ethernet interface (LAN) is enabled. Data can only be retrieved from the KOSTAL Smart Energy Meter via the interface once the interface has been activated and the settings have been saved.

Deactivated
The Modbus interface is deactivated.

Enable encryption (TLS)

Enabled
Enables encryption using TLS for Modbus slave connections.

If encryption is enabled, the Modbus slave can only be reached via port 802. Unencrypted connections via port 502 are no longer possible.

Deactivated
Encryption is deactivated.

Certificates

Dealing with self-signed TLS certificates

IMPORTANT INFORMATION

Tapping sensitive data

Unknown TLS certificates should always be carefully checked to prevent unauthorised access to measurement data on the device by third parties.

For receivers that use known certificates or certificates that are already accepted, a secure TLS connection is automatically established.

The device has a set of trusted certificates and certificate authorities (CA). If a receiver that provides a self-signed certificate initiates a connection, this is recognised by the device and must be actively accepted by the user.

An overview of added and unknown certificates is provided in the Certificates drop-down table, which is located right below the Modbus TCP configuration. Certificates are described there as follows:

Status: Accepted

The status displays a green tick. This certificate is trusted by the device.
Receivers that use this certificate are trusted and a secure TLS connection can be established to them.
Clicking on Delete will delete the certificate from the list of trusted certificates. This certificate is no longer trusted and open connections using this certificate are terminated immediately.

Status: Not accepted

The status displays a red cross. This certificate is not trusted.
In order to establish a secure TLS connection to receivers using this certificate, this certificate must first be actively trusted.
Clicking on Accept adds the certificate to the trusted certificates and it is then considered to be accepted. A secure TLS connection can now be established from receivers that use this certificate.