VMware ESXi 7.0.0 network CIP traffic with RSLinx

slick_2323

Member
S
Join Date
Mar 2020
Location
MO
Posts
10
I've built a vmhost (ESXI 7) to host the control's engineers W7 machines used to connect to the PLCs.

I'm using a Stratix 5700 to NAT the PLCs and PV from private to public. I had to enable IGMP pass-through on the NAT instance configuration to get the ping to work from the vm.

The PLCs are NATed into the same VLAN as the virtual machine.

From the VM I can ping the public NAT address of a PLC, but when I try to configure the ethernet/IP driver in RSlinx I can only see the PLC, and not drill down into the back plane.

I've disabled the firewall on the W7 machine, and disabled the FW on ESXI via command: esxcli network firewall set --enabled false

When I try to run diagnostic on the 1769-L30ER I get a "Diagnostic Status failed" error. The Driver Diagnostics shows 21 commands sent and 21 commands canceled

I think something is messed up with CIP and or Ethernet/IP communications.

Attached picture of telnet and ping.

Any ideas or suggestions on things to try to establish CIP communication from a VM?

Thank you.

Annotation 2020-05-18 110845.png
 
slick_2323 said:
Attached picture of telnet and ping.
Click to expand...


Are those from the VM host or the VM guest?


That [Connect failed] of the telnet is confusing; usually it is one of three things; see below (this is from my VM host; .112 is a MicroLogix; .214 is an S7-1200 that is not listening on E/IP; .254 is an unused address; I was able to telnet to 44818 on the MicroLogix from the Window 10 VM guest, but my VM is bridged not NATed).


My VM host (Linux; VirtualBox) is on WiFi. Before the S7 had an IP address, I could not get from the VM guest (Win10) to the S7 over the bridged connection piggybacking(?) on the wifi; I was able to eventually get to the S7 using a USB-network RJ45 plugged into the host, but I "gave" the USB device exclusively to the VM guest so the VM host knew nothing about that network connection, and there was no VM bridging or NATing.


If you are using a NAT, any TCP 44818 request will generate a response, that response be sent via be UDP port 2222, I think. A ny UDP 2222 packets from the PLC will hit the NAT router, which doesn't know what to do with them. Do you need have UDP port 2222 of the VM forwarded to the (outward-) PLC-facing side of your NAT "router?" I put router in quotes because I think that router is inside (virtual within?) the VM host networking magic.

xxx.png
 
Last edited:
drbitboy said:
Are those from the VM host or the VM guest?

VM guest

Attached is a basic topology of how the network is configured. You might be onto something with having to map the port, but I'm not sure how to do that.

Would that be in ESXi VMhost config or in the Stratix config?

Annotation 2020-05-18 131526.png
Click to expand...
 
slick_2323 said:
Attached is a basic topology of how the network is configured. You might be onto something with having to map the port, but I'm not sure how to do that.

Would that be in ESXi VMhost config or in the Stratix config?
Click to expand...




Ack, VLAN? Hmm, I use them but don't mess with the internals much. Someone here should grok what's going on.
 
If you are doing a 1-1 nat for the PLC private to public, then you've configured the correct GW in the PLC correct?
 
Dravik said:
If you are doing a 1-1 nat for the PLC private to public, then you've configured the correct GW in the PLC correct?
Click to expand...

Yes, the gateway is configured. I can see the devices in RSlinx, just can not drill down into them.

For example, on my laptop that is in VLAN101 (we have firewall rules to segment access to vlan45) I see the 1769-L30ER and can drill down to Ethernet and compactBus, then drill down CompatBuss and see all the field devices.
 
Oh, try using the bog standard Ethernet devices driver, not the Ethernet I/P one. I seem to recall the Ethernet I/P has a thing about NAT.
 
When running Wireshark from the VM I only see ENIP traffic, there is no CIP traffic coming into or out of the VM.

Any other thoughts on things to try?
 
Dravik said:
Oh, try using the bog standard Ethernet devices driver, not the Ethernet I/P one. I seem to recall the Ethernet I/P has a thing about NAT.
Click to expand...

When I use just the Ethernet devices driver I get a 01E00204 error with "Unrecognized Device"

Annotation 2020-05-19 070530.png
 
This is my bad, but figured I would share what made it work.

I was missing the public to private translation of the VM in the NAT table... that is all it was.

Thank you guys for the recommendations.
 

Similar Topics

ceilingwalker
VMWare-Pro issue/question
Greetings all. I am having a new problem with my VM. Host OS is 11 and VM OS is 10. I have two smaller monitors that connect to my laptop which...
Replies
6
Views
578
Lare
L
D
VMware Pro 16 - All versions of Studio 5000 and Rslogix 5000
So, I have a little dillemma I am trying to work through but I feel there is probably a better way. I've always liked the idea of using a VM in...
Replies
5
Views
2,044
GaryS
G
D
VMWare vCenter Converter Standalone
*VMWare vCenter Converter Standalone version 6.3 & 6.4 Hello Experts I want to convert my current physical hardware machine to a virtual...
Replies
2
Views
1,616
DenZ_P
D
A
VMWare and the serial port
Hello Hivemind My wife has a legacy machine at her work which uses (or I should used) an XP desktop with a serial port to communicate with a...
Replies
5
Views
1,078
Jmeadows7676
J
P
OPC to Rockwell Emulate on VMWare Fusion VM
I have a MacBook running Monterey. I have a VMWare Fusion virtual machine on it running Win10. On the VM I have the Rockwell toolkit loaded. I...
Replies
8
Views
3,021
ASF
A
Back
Top Bottom