Communication outside of control network with CompactLogix

Hello,

I got control network (PLC+HMI+Servos) connected with switch. Now I need to connect this PLC(L24ER) with costumer network.

These are possibilities I can think of:
1. Use layer 3 switch, which got routing capabilities (for example Stratix 8000, but it costs around 4000!)
2. Use simple industrial switch and router
3. Use just router (I'm worried about network performance)
4. Use some external Ethernet card, which can communicate with PLC (add-on)
5. Use L30ER PLC and aditional EtherNet/IP module (1768-ENBT) (I don't know if there could be two different networks in one PLC)

What do you recommend me as right solution and most cost effective one?

Thank you

Petr

I strongly recommend Option 2, using an industrial router.

Rockwell has a couple of devices made exactly for this purpose:

http://ab.rockwellautomation.com/Networks-and-Communications/Network-Address-Translation-Device

I recommend against using a consumer-grade router. I've actually damaged some old Netgear routers (yes...they red-lit and never recovered) by exposing them to high amounts of multicast traffic.

The 1768-ENBT is for the old L4x family of CompactLogix only; it won't connect to the modern 5370 family. And you probably won't be satisfied with the functionality you get out of a Prosoft or other module that goes into the backplane as an foreign protocol device.

Thank you for advice.

With that AB NAT, can I just translate PLC IP address, so costumer can not reach other devices (I don't have to use manage switch to create separate VLAN)?

Edit: After reading through manuals, answer is yes, this image explain pretty much everything (1783-um008_-en-p.pdf)

What are arguments for using NAT instead of changing all IP addresses to match costumer network (costumer don't want to spend extra money for proper solution)?

I can think of, that network traffic could affect machine performance (I'm using PLC, HMI and few servos over Ethernet). Also there are safety issues, since there is no control who can access the network and maybe they will even connect network to Internet.

Petr_Broza said:

What are arguments for using NAT instead of changing all IP addresses to match costumer network (costumer don't want to spend extra money for proper solution)?

I can think of, that network traffic could affect machine performance (I'm using PLC, HMI and few servos over Ethernet). Also there are safety issues, since there is no control who can access the network and maybe they will even connect network to Internet.

Click to expand...

Security is almost moot as long as you know the translated address. You're at least protecting the devices not translated. NAT is really designed to integrate machines into a larger network without having to deal with the overhead of changing addresses and PLC programs.

Petr_Broza said:

What are arguments for using NAT instead of changing all IP addresses to match costumer network (costumer don't want to spend extra money for proper solution)?

Click to expand...

Does having the network traffic from people in the office watching cat videos on youtube and sending 200-page PDF's to a printer mingling with your process critical industrial controllers and precision motion control servo controllers seem like a good idea to you? If so, then go right ahead. But better just word up your IT guys that they'll now be responsible for troubleshooting network issues on your I/O racks and PLC's as well as between PC's and printers.

Control Network <--> DMZ <--> Corporate Network.

There's a reason it's done that way.