Stratix 8300 and Layer 3 Switching

ASF

Lifetime Supporting Member
A
Join Date
Jun 2012
Location
Australia
Posts
3,921
Hi all,

Got a question that I'm hoping some networking gurus can shed some light on :)

I have an application which will see a 1768 series compact logix talking to a couple of drives, two PVP's, two point I/O racks and a couple of other devices, all on ethernet. As well as this, it should connect to the plant network.

I'd like to keep all the local stuff separated from the plant network - particularly the I/O - but I'm not sure of the best way to do this. The customer wants a Stratix 8300 switch in the panel, so I'm wondering - can I put the PLC, IO and drives on a local-style subnet (e.g. 192.168.1.xxx) and set the Stratix 8300 up as the router to handle all the "internal" traffic, as well as the traffic to the greater network, which might be on (e.g.) 10.10.10.xxx? I'm not completely sure of the difference between a Layer 3 Switch and a router.

I feel like the best option would be to have two 1768-ENBT's; have one connected to all the aforementioned equipment via a managed switch, and the other directly patched into the plant network. But at that point, it seems way overkill to be throwing an 8300 in to do local subnet switching between a dozen devices, and the customer has asked for the 8300.

Can anyone fill in the blanks for me?
 
I think "Layer 3 switch" and "Router" describe devices that perform very similar functions, and the difference is mostly one of semantics/marketing/branding. Some devices simply forward the packets, others use technologies like NAT to mask the true source or destination. Some communicate with other routers to determine the proper destination for a subnet it is not directly connected to.

I'm not familiar with the specific functionality of the 8300, but I can speak in general networking terms. The important question you should ask yourself is this:

What is the purpose of the network separation? If the purpose is simply to limit the reach of broadcast traffic, but to continue to allow all devices to communicate via IP traffic, then a standard router (or layer 3 switch) is probably what you need. Make sure you set up every device with a default gateway/router address in its IP config, in addition to the IP and subnet mask.

If you want to isolate the local network from the plant network, and only allow specific internal devices to talk to the external ones, then you need to be more specific with your selection. There are three options I typically see:

  1. Exactly as you described, add a 2nd Ethernet interface for the PLC, and leave the local network completely isolated.
  2. Use a NAT router to allow specific devices to communicate outside the cell, while blocking all the rest. Essentially, those devices will have two IP addresses, their local IP, as well as a pretend IP that the NAT router uses on their behalf in the higher level network.
  3. You could also use standard routing for this, but then provide no default gateway on the devices that you didn't want to communicate outside of the cell. They would still receive packets from the external network, but they wouldn't be able to send any back. This can sometimes cause weird network errors, where communications from outside don't get the typical error messages for a device not existing, but it also doesn't succeed.
I listed those in order of my preference. I always try to stick with method 1 when possible, but 2 works fine. Option 3 is sorta messy, and is only a last resort when I hear "this is the HW I already have, make it work".
 
Thanks mk42, that's pretty much what I'd arrived at with my order of preference as well, so glad to know I'm on the right track at least!

Now it's just a matter of finding out who spec'd the 8300, why, and if they should be making those sort of decisions or not ;)
 
ASF said:
if they should be making those sort of decisions or not ;)
Click to expand...


Its a shame, but sometimes that really is one of the most important questions: "Does my customer actually know what is in his own best interests?"
 
Use the Stratix 8300 to create two VLAN's, one for 'Plant' one for "Enterprise'.

You can then enable inter-VLAN routing to route between both VLAN's to allow communication but this will still keep multicast/broadcast traffic constrained to their respective VLAN.

If you want to further lock down what sort of traffic can pass between the VLAN's you can setup some ACL's to only enable specific ports or protocols to get from the Enterprise network to the Plant network.
 

Similar Topics

R
Stratix 8300 Layering
Good chance I'm just overthinking this. We have an existing CLX with a 1756-ENBT that has no slots available and was on the plant network VLAN...
Replies
3
Views
2,240
thingstodo
T
D
Stratix 8300 to Core Switch
Hey everyone. I am trying to connect my Plant Switch (Stratix 8300) to the Business Core Switch. I am not an IT professional, so I am trying my...
Replies
10
Views
4,508
Dravik
D
D
Stratix 8300 VLAN Routing
Hi everyone. I have a Stratix 8300 router. Trying to setup VLANs for inter-VLAN routing. With the attached setup (screen shots of web...
Replies
4
Views
3,567
robertkjonesjr
R
robw53
Help with Stratix 8300 Routing
i am setting up a network with a stratix 8000 and an 8300, im using the 8300 just as a router for the devices connected to the 8000, this link is...
2
Replies
16
Views
10,071
robw53
robw53
D
Stratix 8300 Switch
Hi Guys, I know there are some network gurus out there that can help me. I have a machine network which includes a Compact Logix, 2 Powerflex...
Replies
1
Views
4,383
The Plc Kid
The Plc Kid
Back
Top Bottom