How do routers work ? (For STEP7)

Hi, I have the problem that my office PC gets its IP address assigned automatically. On the other hand the S7 PLC that I am currently working with has a fixed IP address.
As the addresses arent in the same range, my PC and the S7 cannot speak to each other. I can set the IP address of the PC manually, but then I dont have my office network.

There is the interestingly looking setting in STEP7 HW config "Use Router". Maybe the solution lies in there somehow, but how ?

Actually how DO these "router" thingamabobs work ?
I am probably using one right now to access this fine site, but I have no idea of the theoretical or practical workings of it.

Anyone knows how to get connected with the PLC without sacrificing my office network ?

We run across the same problem. We also have the problem of supporting multiple installs at different service pack levels. To solve both of these problems, we use VM ware to "freeze" development software at the appropriate level to support a project. VM ware also allows you to configure a virtual NIC and leave your base install alone.

Another simple solution could be to install a second NIC in the PC.

But I would be interested in knowing about the Router options. Particularly as it looks like STEP7 is more or less prepared for it.

Didnt think about WMWare. How much does it cost ?

$189

You can also download a 45 day evaluation version here.
http://www.vmware.com/products/ws/

JesperMP said:

Actually how DO these "router" thingamabobs work ?

Click to expand...

A router (more commonly called a Gateway or Router/Gateway) is used to direct packets between two different subnets.

If your computer has an IP Address of 192.168.100.5 and your IP Mask is set to 255.255.255.0, then you can talk only to devices that are from 192.168.100.0 to 192.168.100.255. The '0' bits in a Mask are 'I don't care' bits.

So, to talk to devices outside your subnet, a Gateway is used. It talks to other gateways, which talk to other devices.

That's the short answer. You don't want to know the long version.

Set you subnet mask to 000.000.000.000
This will allow your PC to see all the IP adresses connected to your machine.

JohnW said:

Set you subnet mask to 000.000.000.000
This will allow your PC to see all the IP adresses connected to your machine.

Click to expand...

See them, yes, but that will also stop the ability to access most if not all network resources.

I think that if I want to enjoy the pleasures of my company network (including www), I have to allow the IP address and Subnet mask to be set automatically. When I log on, there are several things that run automatically, such as attaching networked drives, email syncronisation etc.
I cannot tinker with it at all. I can set the IP address manually, but that means I am kicked off the LAN.

Anybody have any practical info on how to connect with a Router ?
There is scant info in STEP7 help, apart from "you can use a router".
Does the router need to be set up somehow, or does it figure everything out by itself ?

Is it as simple as:
1. Acquire Router.
2. Connect everything - Router, PC, S7 PLC, Company LAN.
3. Live happily ever after.
???

One pointer...

Jesper, I was in kinda the same situation you are. I did two things:

1.) Had IT run a separate cable to my office, on the production network so I can be on that side with my laptop and the office side with my workstation.

2.) My workstation is setup very similarily to yours....One thing that that helped some cases here, like where a specific IP needs to be in a PLC's routing table, is I had IT set my DHCP lease to never expires (this means the DHCP server that hands out the address ins't going to try and renew my IP with a different one at a specified interval). That way it's almost as good as having a known static address.

Greg

The way my company deals with this is...

The NIC built in to my notebook is for use with the company network only. I don't mess with the settings at all.

I have a USB NIC that I can use for all other networks. I have complete control over the settings on this NIC. I can set it to Windows XP default settings and it works great for internet access from the hotel when I'm travelling. Or I can set whatever static IP and subnet mask I need to connect to PLC networks in a plant.

My notebook also has a built-in wireless NIC that is also under my control. If the hotel or plant has wireless, I have this alternative too.

Jesper, I am not as strong on S7 as I would like to be. I just do not get the chance to work with them like I use too.

I may be wrong but with your experience/skills I am sure a little reading will clarify the situation.

I think with the use of S7 NCM you can use the physical wiring of your Company LAN but basically create a network within the network....ie the IP address is basically unimportant, the configuration is done through the MAC address, subnets and the PC/PG interface using a communication card. This should allow you to connect to any Siemens devices while being connected to your company LAN. This is one manual to start out with: http://cache.automation.siemens.com/dnl/zc1Njg5AAAA_1254686_HB/S7komm_e.pdf

I wish I could offer more, at one time I had 24 machines that all used S7-300 cpu's and the company wanted data collection. I was in the process of looking at networking into the company LAN but never got to do the project.

If what I state is not correct please let me know.

If S7 is based on MAC addresses you should be able to connect the S7 directly to the office network. Although I wouldn’t recommend it. It’s never/rarely good practice to put control and office on the same network.

The easiest and best option is to obtain a second NIC for your computer. After that you have (3) options, install a router, a bridge, or VPN. Routers work on IP addresses, bridges work on MAC addresses, and VPNs are, well VPNs.

If you install a router you are going to have to do what is called Port Forwarding. I’ll use a simple network as an example. You have (2) computers connected to a router that is connected to the internet. When you make a request for a web page, your computer makes the request to the router, the router makes the request to the internet, when the request comes back the router knows your computer asked for this request and sends it to your computer. The problem is going the other way, the internet making a request for something on your network. You need to tell the router, if this kind of request comes in, send it to this computer. This is port forwarding. For instance if I was running an ftp server on my network, I would set-up my router to send all requests coming from the internet to be sent (forwarded) to my ftp server. So on your S7 network you would need to determine which ports data was being transmitted on and set-up the router to forward these ports. Although, your S7 might not be using IP to transmit data, it might be using MAC addresses, in which case a router won’t work. You can also set-up routing tables, but I would not go this route since this will allow everyone on your office network to see the S7 network.

Bridges work based on MAC addresses, not IP addresses. So they are often used to send data between separate networks. As with the router, you would need to set-up a routing table in the bridge to tell the bridge a request for this MAC address goes to this network. I’ve never set-up a bridge, so my info on them is limited.

The last thing you can do is to set-up a VPN. You can connect the S7 to a VPN router, and connect the VPN router to the office network. This will allow you to keep the networks separate and limit who can connect to the S7 network. Basically what happens is when you make a VPN connection to the VPN router your connection is assigned an IP address on the VPN’s network. As an example, let’s say your office network is 192.168.1.X and your S7 network is 192.168.2.X Your VPN router would be connected to both networks, you would set the WAN port on the VPN router to an address of say 192.168.1.254 and connect it to your office network. You would then make a VPN connection to 192.168.1.254, and the VPN router would assign your VPN connection an IP address of say 192.168.2.5 Now your computer in essence is a computer sitting on the S7 network. There are different types of VPN connections you can make, mainly PPTP which is a Windows VPN and IPSec which is an open standard. I have set-up VPNs to servers, but I have not tried to set-up VPNs to connect to PLCs. A PPTP connection might not work since it was designed to work with Windows computers, but IPSec should work since it is based in the packet layer.

If it were me and I couldn’t get a second NIC for my computer, I would go the VPN route. You can keep your networks separate and limit access to the S7 network. You can pick up a Linksys 4-port VPN router for around $350.

Right now I have the problem of a PLC on my desk that I want to access while still having access to the company LAN.
An easy quick fix could be to get a second NIC (a USB NIC sounds good, but the ones I have found so far are surprisingly clunky).

But in the longer run I foresee many projects where I have to make a neat and "finished" solution at my customers sites. The problem is the same, I cannot expect to be able to alter anything in my customers LAN. Still, my customer will expect me to deliver things such as remote HMI, datalogging, possibly dataexchange with the customers own databases.

rsdoran said:

I think with the use of S7 NCM you can use the physical wiring of your Company LAN but basically create a network within the network....ie the IP address is basically unimportant, the configuration is done through the MAC address, subnets and the PC/PG interface using a communication card.

Click to expand...

I am relatively familiar with NCM and NetPro. I am not sure what you mean with "network within a network". I can certainly make several "Logical" networks, but in the end I have to access the production LAN from the office LAN.

About the MAC addresses: You can specify the IP address by means of the MAC address. And then there is the possibility to use what Siemens call the "ISO" protocol, this uses the MAC addresses, not IP.
However, the S7-300 PN CPUs that I am using only have "TCP/IP" not "ISO" protocol.

Tark, thanks for you info, it is exactly this kind of information I am looking for.
It looks like a Router can do the job, and if it requires me to set up some "port forwarding" then that can be done (when I learn how to), and I can get the information from Siemens on what ports are used.

On customer sites maybe I will have to supply a router, maybe I will have to pass information to the customers IT department on how to set up his router.

What are the ip's your have on the PLC and your computer (don't post it if it's an official address only if it's a internal one. This is due to safety reasons for you)?

I think you can play with the subnet mask on the plc to allow it to see both networks (if it's connected to the same network cable as the office network).

Cheers
Borte

Hei Borte.

The current PLC has IP 162.068.0.xx SUBNET 255.255.255.0.
I can try to experiment with it.
(Next week, have to go to Fredrikstad on monday )

The future customer projects will have more complicated networks (both proces and office LANs), and I will probably not have the possibility to change these things once everything is setup and running.

I have ordered a router so I can fumble about with it. I think that it is the solution in the long run.