Network options SLC 5/05 and Panelview 6

I am installing a relatively simple access control system, using a SLC 5/05 processor and a Panelview 6 HMI. The processor is located upstairs in an electral room, and the Panelview will be downstairs in the control room.

I had originally planned on using ethernet for the communications, using a simple 4-port ethernet switch that would be located in the control point, allowing me to connect to the network with our laptop for install and for troubleshooting.

However, our IT department is implying we will not be able to use ethernet for communications, because of the amount of regulations we have to adhere to, even for stand alone networks. All my experience with setting up control systems has been via ethernet/IP - I know other communication protocols exist, but I have experience setting them up.

Can someone give me a couple alternatives I could use? For example, how would I even program the Panelview 6 without an ethernet connection? I know I can communicate with teh PLC via the SLC programming cable, but is there any way I could connect to the PLC if I am in the downstairs room and the PLC is 100ft+ away without ethernet? How difficult is it to use controlnet, and what additional equipment is required?

Thanks for reading!

However, our IT department is implying we will not be able to use ethernet for communications, because of the amount of regulations we have to adhere to, even for stand alone networks.
Thanks for reading![/quote]

Huh? What regulations? Especially if it's standalone and not on a corporate network. Serial could be an option, but again why? ControlNet wouldn't be an option because on the SLC end there isn't a CN option. For the PV+ you would need to buy a CN Logic module. But again why? Even if you could use CN why would that be any different than Ethernet?

This sounds like a brilliant dodge from the 'IT department': just ban networking for security reasons, and you don't have to support networking !

I realize you might be in a facility where a man-in-the-middle attack on your access control might not be out of the question. Most of us aren't.

You could use RS-232 to connect the PanelView Plus to the SLC-5/05 Channel 0 serial port. You might need fiber optic or a 232/485 full duplex converter to run the full 100 feet.

DF1 protocol isn't any more secure than EtherNet/IP, but it's less likely to be connected to without authorization than an Ethernet network is just because there's no switch to connect to.

If it were me, I would take the opportunity to work with IT to satisfy their requirements. Use a restricted subnet, program in some identity verification in the SLC-5/05, maybe even put in encryption appliances on both ends.

Related: I saw a presentation on the new encrypted Ethernet module for ControlLogix the other day. I don't think that PanelView Plus is going to get an encryption feature, though.

The regulations are self-imposed. This is for the Navy, and while it's not even really a fear of any type of man in the middle attacks (the access control is more about monitoring than preventing access), it's a funciton of how we procure and set up networks. The IT department has deemed the ethernet switch would make it a network, subject to the various regulations and rules that make our life hell.

CN may be an option because it doesn't require an ethernet switch, which would make the network _not_ be a network, even though it is it's own network, if that makes sense (which I know it doesn't). Also, what is DF1?

I guessed this was a Navy application. I've also worked on some access control for sallyports in jail systems.

DF1 is a Rockwell Automation serial protocol. You could connect the RS-232 port on the PanelView directly to the RS-232 port on the SLC-5/05 controller with a serial cable.

RS-232 serial cables are generally meant to run just 50 feet. You could use a converter to the RS-485 signalling standard (and back), which can run about 4000 feet. Or you could run fiber optic cable and use an RS-232/Fiber Optic converter. B&B Electronics and Black Box are great vendors for that sort of thing.

You'll still be able to connect to the PanelView or the SLC-5/05 ports directly with an Ethernet cable to do upload/download and monitoring, when you're sitting right there. If the IT department insists, those ports can be functionally disabled.

Would they let you run an Ethernet cable point-to-point between the PanelView and the SLC-5/05 ? That wouldn't make it a "network", if the presence of a switch is their concern. You could still install a switch temporarily, while you're directly doing diagnostics.

Our government at work. How about if you used only a crossover Ethernet cable? Since it doesn't have a switch, it according to their definition, isn't a network. That's crazy! But then you would have to go locally to program using the serial port, which can be slow and painful depending on the size of the program. DF1 is AB's proprietary serial communications protocol used as the main communication method on the smaller PLCs. ControlNet is not an option with SLCs.

These are all great suggestions - I have a list of questions to ask our IT guy when I meet him.

Ken, not sure if I could get away with having a switch for diagnostic purposes. That would be nice.

So I could run 2 cables - one crossover cable, one standard ethernet cable. I could connect the crossover directly into the PLC and HMI for normal operation, then when troubleshooting/testing is required, switch to the standard cable and plug into a switch. That may work.

Can you use serial comms to download to the Panelview, or would I have to use a crossover cable for that? Also, is there any kind of special configuration for using a crossover cable to directly link the PLC and HMI, or is it just standard ethernet?

*EDIT* Sorry, would I need a crossover cable to connect directly from the laptop to the HMI and PLC?

You could also use a flash drive to transfer the .MER file to the PV+. The only problem with using a crossover cable for comms between the PV+ and the SLC, is if you want to use Ethernet for programming, your PV+ would be offline while you were programming.

Ahhh.. if only it were so easy. Flash drives are a new-fangled technology that only civilians can use. Much too dangerous for us.

(in all honesty, flash drives are probably a step above an ethernet switch in difficulty to get approval)

There is no real way to do actual programming and troubleshooting of a live HMI/PLC without a switch, as far as I can tell. There is no way to be connected to both and have them communicate without it. Hopefully that will be enough justification to get this working.

I think you could also use a CompactFlash card. You could run a serial cable just for programming. I always hated having to disconnect something in order to program. Had to do that too often with uLogix systems and PVs over serial. Takes longer to diagnose anything.

Why can't you just use a crossover cable to connect the PLC directly to the Panelview. With no external switch to connect to, i don't see why this is even different than using a serial cable to connect the two together.

Helliana said:

Why can't you just use a crossover cable to connect the PLC directly to the Panelview. With no external switch to connect to, i don't see why this is even different than using a serial cable to connect the two together.

Click to expand...

That's what we've been talking about using. But then how do you connect to the SLC to do programming? You would have to disconnect the PV+. Ethernet is much faster and can go up to 328 feet this way. A serial cable can go 25 ft. max. without using some kind of extender.

See if this will work for you...

One ethernet cable between the PLC and Panelview. This is the running configuration.

If you want to program the PLC, unplug the cable from the PV and plug it into your PC.

If you want to program the PV, unplug the cable from the PLC, and connect to the PV with a short ethernet cable.

You won't be able to monitor the running system very well, but to make simple edits after the system is running, it should work.

If the switch is locked inside the PV enclosure, it's still a risk somehow? Same physical access get's you connected to PLC or PV with or without the switch present.

mellis said:

If the switch is locked inside the PV enclosure, it's still a risk somehow? Same physical access get's you connected to PLC or PV with or without the switch present.

Click to expand...

Who knows? Sometimes the people who make the rules have no clue on how things really work. It just makes everyone feel better that they did SOMETHING.

Helliana - it's not even a function of being worried about someone accessing the system. The switch is actually in a locked, controlled access building, inside a controlled access area. This is purely an IT policy thing. If it's a switch, it's by default on a network. The switch can't be the nice little red lion din rail mounted switch - it has to be common criteria standard, and it has to be managed (maintained, patched, updated, restricted, locked down) by the IT group.

John - I don't know if it's a function of making themselves feel good for doing something - I think it's a blanket policy that they didn't realize would affect so many things other than computer networks. As for CF cards, we would have to get a CF reader and deal with removable media, which is also just as much of a pain.

Mellis - that workaround is what we may have to do, and it will work in this case because we only have one PLC and one HMI. But other projects coming involve multiple HMIs, PLCs at multiple locations, etc.