Alan Case
Lifetime Supporting Member
Hi. I have a factory as a client that has all the AB processers connected via ethernet using managed switches. Most machines basically are stand alone but a few talk to the upstream/downstream machine to control the feed rate. Not overly critical if this comms fails to work for a time as a nearby operator can manually turn off the feed if required.
What they are wanting is to allow remote access for the OEMs to each of their machines for fault finding if required.
They only want to allow the OEMs to view the machines when the factory wants them to and only allow each OEM access to his machine. The switches are managed Hirschman.
What I am thinking is dedicating one port (the last port) on each switch to VLan 2. All other ports in the factory will be on VLan 1.
VLan 2 will be connected via a router to internet.
Normally the factory will run with everything plugged into VLan 1.
If an OEM wishes to view his machine remotely the on site technician unplugs the machine from VLan 1 into the last port (VLan 2). The only problem will be that the unplugged machine will drop off the scada (not a big problem) and also if it is talking to an upstream/downstream PLC then this comms will be lost. This is not a huge problem but it would be nice if we could tell VLan 2 to allow certain IP addresses to bridge VLans.
ie if PLC 192.168.210.100 talks to 192.168.210.110
and if PLC 192.168.210.120 talks to 192.168.210.130 then can we program the VLans to allow comms between these above 4 IP addresses. This is so that if an OEM wishes to view 192.168.210.100 we plug it into VLan 2 which will only allow him acess to the one PLC but will also allow 192.168.210.100 to continue talking to 192.168.210.110
I hope the above makes sense or is there an easier way to do it.
Regards Alan Case
What they are wanting is to allow remote access for the OEMs to each of their machines for fault finding if required.
They only want to allow the OEMs to view the machines when the factory wants them to and only allow each OEM access to his machine. The switches are managed Hirschman.
What I am thinking is dedicating one port (the last port) on each switch to VLan 2. All other ports in the factory will be on VLan 1.
VLan 2 will be connected via a router to internet.
Normally the factory will run with everything plugged into VLan 1.
If an OEM wishes to view his machine remotely the on site technician unplugs the machine from VLan 1 into the last port (VLan 2). The only problem will be that the unplugged machine will drop off the scada (not a big problem) and also if it is talking to an upstream/downstream PLC then this comms will be lost. This is not a huge problem but it would be nice if we could tell VLan 2 to allow certain IP addresses to bridge VLans.
ie if PLC 192.168.210.100 talks to 192.168.210.110
and if PLC 192.168.210.120 talks to 192.168.210.130 then can we program the VLans to allow comms between these above 4 IP addresses. This is so that if an OEM wishes to view 192.168.210.100 we plug it into VLan 2 which will only allow him acess to the one PLC but will also allow 192.168.210.100 to continue talking to 192.168.210.110
I hope the above makes sense or is there an easier way to do it.
Regards Alan Case
