You are not registered yet. Please click here to register!


 
 
plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
 
Try our online PLC Simulator- FREE.  Click here now to try it.

---------->>>>>Get FREE PLC Programming Tips

New Here? Please read this important info!!!


Go Back   PLCS.net - Interactive Q & A > PLCS.net - Interactive Q & A > LIVE PLC Questions And Answers

PLC training tools sale

Reply
 
Thread Tools Display Modes
Old December 1st, 2016, 05:28 PM   #1
BinderNut
Member
United States

BinderNut is offline
 
Join Date: Apr 2008
Location: ND
Posts: 30
Question Remote access of machine ethernet ?s

I'm just a tech and pretty rusty on my ethernet theory from college (many years ago) so bear with me.
In a medium-sized food processing plant. With new projects and upgrades we've been shifting more towards ethernet-based communication between devices (VFDs and servos in particular). This is replacing some Devicenet control networks and hard-wired controls.
We're just trying to set up some long-term plan for organizing our IP addresses.

How are you guys handling IP address overloading of networks?
Our current network setup is a dedicated "business" network and a dedicated "process" network.
Our process network is rapidly running out of IP address for equipment without going to subnets or secondary networks.

One situation in particular:
One new piece of equipment has 1 PLC, 1 HMI, and 5 servo drives on a machine-local network. We could just re-address the devices on the machine network to to fit in with our process network scheme but that would take 7 addresses in place of 1 on the machine it replaced. Not what we're looking for since there are multiple machines that will be recieving similar upgrades as we progress.
Currently, the machine networks are isolated from the process network but we would like to incorporate them for data acquisition and troubleshooting.

Ideally, we'd like to keep the machine-local network as built and jump across a gateway/switch to be able to access all devices on the machine-local network.

What is available to allow this?
I'm thinking a Spectrum Webport or similar?

Allen-Bradley Control/CompactLogix and SLC PLCs, PV+ HMIs, Kinetix servo drives, PF525 and PF755 VFDs are the main ethernet-based devices we're incorporating right now.

Any tips would be appreciated.
  Reply With Quote
Old December 1st, 2016, 06:06 PM   #2
ganutenator
Member
United States

ganutenator is offline
 
ganutenator's Avatar
 
Join Date: May 2002
Location: akron, ohio
Posts: 1,064
How many devices do yo need to have on the control/process network?
  Reply With Quote
Old December 1st, 2016, 06:24 PM   #3
BinderNut
Member
United States

BinderNut is offline
 
Join Date: Apr 2008
Location: ND
Posts: 30
Currently we have around 160 devices on the process network.
Around 20 PLCs, a dozen PF700/20-comm-e and PF755s VFDs. The remainder are HMIs (mostly PV+).

Besides the current load, we have roughly 300 VFDs in plant on Devicenet and hard-wire control that we eventually would like to change over to Ethernet control when we finalize upgrading all of our old SLCs to Controllogix. This will definitely push us over the 254 possible IPs.

I am sure we will eventually wind up adding another process network, which is how the IS dept has handled adding IPs for business related Ethernet devices.
Personally, I would like a changeover to IPv6 but that is in the hands of our corporate IS dept.
  Reply With Quote
Old December 1st, 2016, 06:34 PM   #4
ganutenator
Member
United States

ganutenator is offline
 
ganutenator's Avatar
 
Join Date: May 2002
Location: akron, ohio
Posts: 1,064
The process network supports IP6?

I've been out of the AB game since 2006.

I don't know much about the different classes, but have you looked into using the mask: 255.255.0.0?
  Reply With Quote
Old December 1st, 2016, 06:49 PM   #5
Paully's5.0
Lifetime Supporting Member
United States

Paully's5.0 is offline
 
Join Date: Jan 2006
Location: WI
Posts: 2,039
Quote:
Originally Posted by BinderNut View Post
Personally, I would like a changeover to IPv6 but that is in the hands of our corporate IS dept.
Um....NO. Why would you do that????

Class C network: 192.168.0.0 - 192.168.255.255 65,536 addresses

192.168.1.x = Networking Gear
192.168.2.x = Machine/Process #1
192.168.3.x = Machine/Process #2
.
.
.
192.168.255.x = Machine/Process #255

If you want isolation put each of those machine/networks on it's own VLAN, but you still need a layer 3 switch to hop the VLANs to get you access everywhere.

If you bridge your business and process network --> Router and FIREWALL need plenty of security in place otherwise FUBAR (note I am over simplifying this statement).

Last edited by Paully's5.0; December 1st, 2016 at 06:52 PM.
  Reply With Quote
Old December 2nd, 2016, 02:23 AM   #6
JohnCalderwood
Member
Scotland

JohnCalderwood is offline
 
Join Date: Feb 2014
Location: Stirling
Posts: 586
Forgive me if I am reading the previous posts wrong...

But I would have the PLCs on one Ethernet network structure.
Add an extra network card to each PLC that has devices working on Ethernet - drives/HMIs etc - keep their own network per machine.

Your PLCs can then talk to the SCADA/Data Logging, and you can create a bridge to the Business network, if needs be, using dual network cards/firewall etc.
Traffic is minimised, as all your drives/meters/HMIs may well be broadcasting and will only then broadcast to their own local PLC, within their own subnet.

You will have ample IP addresses on your industrial network, which will be separate from the business network, as well the device networks.
  Reply With Quote
Old December 2nd, 2016, 02:56 AM   #7
Geoff White
Member
Australia

Geoff White is offline
 
Join Date: Oct 2005
Location: Brisbane
Posts: 269
Look at Mr Moneybags
  Reply With Quote
Old December 2nd, 2016, 03:39 AM   #8
Peter Nachtwey
Member
United States

Peter Nachtwey is offline
 
Peter Nachtwey's Avatar
 
Join Date: Apr 2002
Location: Vancouver, WA, US
Posts: 6,705
This is how I have seen it done too.

Quote:
Originally Posted by Paully's5.0 View Post
Um....NO. Why would you do that????

Class C network: 192.168.0.0 - 192.168.255.255 65,536 addresses

192.168.1.x = Networking Gear
192.168.2.x = Machine/Process #1
192.168.3.x = Machine/Process #2
192.168.255.x = Machine/Process #255
This is how I have seen it done every where I go. Each machine center has its own switch so traffic within the machine center doesn't go outside the machine center unless something outside requests it.

On top of that different OEMs have different standards. Usually the switch is at 192.168.x.1.
The PLCs are addresses at 192.168.x.10-19
HMIs are address at 192.168.x.20-29 etc
Drives and motion controllers get a range.
The I/O above that. The point is the the x is the machine center number
and all the PLCs, HMis etc have the same offset in the range of 1-240.

Office traffic should NEVER be on the plant floor except to request report data.

We use smart/managed switches because they are cheap now.




.
.
__________________
"Living is easy with eyes closed, misunderstanding all you see...." Strawberry Fields Forever, John Lennon
  Reply With Quote
Old December 2nd, 2016, 08:11 AM   #9
Mill_Control
Member
United States

Mill_Control is offline
 
Join Date: Aug 2014
Location: Deep South
Posts: 79
Quote:
Originally Posted by Paully's5.0 View Post
Class C network: 192.168.0.0 - 192.168.255.255 65,536 addresses
I don't think it's that limited. We're running a mix of 192.168.x.x and 10.121.x.x on our controls network.
  Reply With Quote
Old December 2nd, 2016, 09:02 AM   #10
Paully's5.0
Lifetime Supporting Member
United States

Paully's5.0 is offline
 
Join Date: Jan 2006
Location: WI
Posts: 2,039
Quote:
Originally Posted by Mill_Control View Post
I don't think it's that limited. We're running a mix of 192.168.x.x and 10.121.x.x on our controls network.
It was a simple example of a class C network scheme that is "typical" for IO networks. You are also running a class A network 16,777,216 addresses.

I typcially see:

Class C - IO networks
Class A/B - SCADA/Business

Wikipedia
  Reply With Quote
Old December 2nd, 2016, 01:02 PM   #11
kay_gsr13
Lifetime Supporting Member
United States

kay_gsr13 is offline
 
kay_gsr13's Avatar
 
Join Date: Oct 2011
Location: NC
Posts: 56
Quote:
Originally Posted by Paully's5.0 View Post
Um....NO. Why would you do that????

Class C network: 192.168.0.0 - 192.168.255.255 65,536 addresses

192.168.1.x = Networking Gear
192.168.2.x = Machine/Process #1
192.168.3.x = Machine/Process #2
.
.
.
192.168.255.x = Machine/Process #255

If you want isolation put each of those machine/networks on it's own VLAN, but you still need a layer 3 switch to hop the VLANs to get you access everywhere.

If you bridge your business and process network --> Router and FIREWALL need plenty of security in place otherwise FUBAR (note I am over simplifying this statement).

We use a similar configuration as Paully described. Network that are Class B, C, etc. on the floor's switches are routed to the primary layer 3 switch. The VLANs allows for the different routing, allows more capacity, and has worked well without latency, albeit the connection from the floor to the primary and back are fiber.
  Reply With Quote
Old December 5th, 2016, 09:08 AM   #12
BinderNut
Member
United States

BinderNut is offline
 
Join Date: Apr 2008
Location: ND
Posts: 30
Thanks for all the input guys!

Quote:
Originally Posted by Peter Nachtwey View Post
Quote:
Originally Posted by Paully's5.0 View Post
Um....NO. Why would you do that????

Class C network: 192.168.0.0 - 192.168.255.255 65,536 addresses

192.168.1.x = Networking Gear
192.168.2.x = Machine/Process #1
192.168.3.x = Machine/Process #2
.
.
.
192.168.255.x = Machine/Process #255

If you want isolation put each of those machine/networks on it's own VLAN, but you still need a layer 3 switch to hop the VLANs to get you access everywhere.

If you bridge your business and process network --> Router and FIREWALL need plenty of security in place otherwise FUBAR (note I am over simplifying this statement).
This is how I have seen it done every where I go. Each machine center has its own switch so traffic within the machine center doesn't go outside the machine center unless something outside requests it.

On top of that different OEMs have different standards. Usually the switch is at 192.168.x.1.
The PLCs are addresses at 192.168.x.10-19
HMIs are address at 192.168.x.20-29 etc
Drives and motion controllers get a range.
The I/O above that. The point is the the x is the machine center number
and all the PLCs, HMis etc have the same offset in the range of 1-240.

Office traffic should NEVER be on the plant floor except to request report data.

We use smart/managed switches because they are cheap now.




.
.
Using Paully's example, how do you handle traffic between the different subnetworks (192.168.1.x, 192.168.2.x, 192.168.3.x, etc)?

That is how our current plant-wide network is set up.
192.168.1.x is our "business" network.
192.168.2.x is another business network.
192.168.3.x is our process network.

Currently, the .3.x subnetwork is isolated from all others except for a SCADA/SQL server where we pass report data back to the .1.x biz subnetwork.
There should be no problem allowing full access between our current .3.x and an added .4.x subnetwork if the switch is configured properly, correct?


The fun part will be the sales pitch to corporate IT (not just our plant) on getting more hardware
  Reply With Quote
Old December 5th, 2016, 09:12 AM   #13
BinderNut
Member
United States

BinderNut is offline
 
Join Date: Apr 2008
Location: ND
Posts: 30
Quote:
Originally Posted by Peter Nachtwey View Post
On top of that different OEMs have different standards. Usually the switch is at 192.168.x.1.
The PLCs are addresses at 192.168.x.10-19
HMIs are address at 192.168.x.20-29 etc
Drives and motion controllers get a range.
The I/O above that. The point is the the x is the machine center number
and all the PLCs, HMis etc have the same offset in the range of 1-240.
This addresses another question that I didn't expand on in my original post.

Some of our equipment that shipped with it's own OEM supplied machine network.
What options do we have to allow comms from an external connection (on our 192.168.3.x network) to the internal network on the machine without readdressing the OEM network.
  Reply With Quote
Old December 5th, 2016, 09:21 AM   #14
JohnCalderwood
Member
Scotland

JohnCalderwood is offline
 
Join Date: Feb 2014
Location: Stirling
Posts: 586
you could try the Rockwell 9300-ENA, but list price is 841...
  Reply With Quote
Old December 5th, 2016, 12:28 PM   #15
kay_gsr13
Lifetime Supporting Member
United States

kay_gsr13 is offline
 
kay_gsr13's Avatar
 
Join Date: Oct 2011
Location: NC
Posts: 56
Quote:
Originally Posted by BinderNut View Post
This addresses another question that I didn't expand on in my original post.

Some of our equipment that shipped with it's own OEM supplied machine network.
What options do we have to allow comms from an external connection (on our 192.168.3.x network) to the internal network on the machine without readdressing the OEM network.

Depending on what type of system your IT guys are using will determine how external connection are able to connect to your machine networks.

As an example, we use Sonicwall as the fire wall, which allows us to have configuration for a SSL VPN, thus to allow vendors or OEM to have connections to the plant, the routing are configured and handled with the VLANs on the layer 3 switch, ensuring that OEM has access to only the network specified.
  Reply With Quote
Reply
Jump to Live PLC Question and Answer Forum

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Remote access to the processor and VFD Snap25 LIVE PLC Questions And Answers 6 December 10th, 2014 06:09 PM
Another Remote Access Q JonAW LIVE PLC Questions And Answers 12 September 25th, 2014 07:06 PM
Remote access through CP343-1 Lean orense LIVE PLC Questions And Answers 2 May 10th, 2012 08:43 AM
Ethernet Remote Access Headache BillRobinson LIVE PLC Questions And Answers 21 December 14th, 2011 10:45 PM
Using a SLC505 to control remote Ethernet components Control Freak LIVE PLC Questions And Answers 11 January 15th, 2008 07:50 AM


All times are GMT -5. The time now is 03:12 PM.


.