How to choose IP address and Subnet Mask

fasacrifice

Member
Join Date
Feb 2014
Location
Vancouver, BC
Posts
89
Hi All,

I have a question about how to chose the IP address range and subnet mask you use for your industrial network.

I was always choosing 192.168.0.X/255.255.255.0 since I usually have tens of devices in my network.

The problem I am facining is now with E Won remote access devices.

Let's say I'm connected to the internet via a router and the IP of my computer is 192.168.0.X/255.255.255.0 (which most router has by default). I connect to E Won then my indistrial network with the same IP range and get an error saying that IP and subnet conflict. I can solve it either change my computer's network if it's possible or change the IP adress range of the industrial network.

I was just wondering how you guys choose your IP range?
 
Last edited:
It's really just how you want to organize them, and what you think you'll have to connect to in the future.

Just make sure that you keep them to private IP ranges. Your IT guys will hate you if you try using just any random ranges.

https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

I think one older Rockwell manual for an ENET device on ControlLogix had an example of 130.130.130.XXX. And one machine we have had that range on it. Once we decided to connect that to a plant network for logging purposes, our IT department threw a fit about having to make a bridge to a physically private network that used a public address range.

But what ever you do, just document it. Whether it be sections of a single subnet, or subnets changed per "group" of machines, etc.
 
It's really just how you want to organize them, and what you think you'll have to connect to in the future.

Just make sure that you keep them to private IP ranges. Your IT guys will hate you if you try using just any random ranges.

https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_spaces

I think one older Rockwell manual for an ENET device on ControlLogix had an example of 130.130.130.XXX. And one machine we have had that range on it. Once we decided to connect that to a plant network for logging purposes, our IT department threw a fit about having to make a bridge to a physically private network that used a public address range.

But what ever you do, just document it. Whether it be sections of a single subnet, or subnets changed per "group" of machines, etc.


Thanks a lot. Acording to wiki there are 3 private IP ranges. Lets say I choose 10.X.X.X for my industrial network. And my computer is connected to same range at wherever I am. Am I gonna get an error again on E Won since they are using same subnet, 255.0.0.0?
 
I've not used remote access like that. So I cannot say for certain if your local network and remote network have the same IP Address subnet, what would happen.
 
Are you saying your home PC 192.168.0.x network connecting to your E.W.O.N?

Your home 192.168.0.x network when using a linksys router or something like that the 192.168.0.x range never leaves your home. Your home router has 1 public IP address for all your devices and without going too deep your home router uses NAT and port forwarding to share that single IP with all your devices.

Using a E.W.O.N is a bit different because of the way it works so I won't bore you with all the details unless you love networking but just remember a successful connection using a outbound connected device like E.W.O.N needs 3 different network ranges. E.W.O.N calls them the E.W.O.N network, The site network and the company network.

The company network would be the private side of your network where your PC is so if you are at work do an IP config in command prompt and see your assigned address unless you assigned a static one yourself and make sure the range is different from the E.W.O.N network which is the side the PLC, HMI and all the other good stuff sits on and the outbound connection or the internet connection to the E.W.O.N at the machinery site must also be a different range.

All of these ranges need to be private ranges. Your public addresses don't matter to you. Correct this and you should be good to go.
 
If you will use this from home find out what your private range is there also and make sure it does not conflict with the E.W.O.N network or the site network ranges. Keep this in mind when choosing your network ranges.
 
All of these ranges need to be private ranges.

That's exactly what my question is. All these privite addresses must be in different range/subnet or not?

My home IP 192.168.0.X/24 (which I can change easiliy). My industrial network is 192.168.0.X/24 (which is not easy to change since it's on site and i don't have access always). In this case I get conflict error and can not see my industrial network. I can manage this case.

But let's say I'm somewhere else and using some network that I can not have control on. How can I solve a similar conflict? To solve it I have to use some ranges on my industrial network that not so many router is using but there are only 3 different private address ranges.

I decided to use 172.22.33.X/12 for my future industrial networks. If my computer is connected to a network which uses same subnet, Am I gonna get conflict again or not?
 
This is a huge subject, and really can't be covered in any kind of completeness here. If you have an IT department, they need to be involve (but can be more frustrating once they are).

For most plants, I usually have suggested that the equipment be on the 10.x.y.z private address range, breaking it down further from there internally. I try to arrange things based on the company business structure. Say, 10.CostCenter.MachineNum.DevicesOnLine, yet each device has a subnet of 255.255.255.0 Routing between the CostCenters.MachineNums and to the main plant IT network is handled buy the upstream switches.

On newer equpment, I've been putting the various machine connections on 192.168.1.z/24, and putting another communications card in the PLC rack with the corporate addressing. I've got lines with up to three separate Ethernet cards in the PLC rack.

Again, HUGE subject, and not to be taken lightly.

Plan ahead, Way ahead, to save headaches in the future.
 
On newer equpment, I've been putting the various machine connections on 192.168.1.z/24, and putting another communications card in the PLC rack with the corporate addressing. I've got lines with up to three separate Ethernet cards in the PLC rack.


That's exactly what we do, saves so many headaches than having ALL the devices exposed to the corporate network, especially if they decide to employ a 3rd party to do a penetration test......
 
One way you can do this is to leave your work computer on and install LogMeIn or Teamviewer on it and your home computer. Then from home you can take over control of your work computer (as if you were at your desk) and monitor and make program changes through that method.

Also, if your IT has set up a firewall that you need to be logged in to to access the internet, both of these methods work around that firewall and will allow you unlimited control when not logged in.

Also, from work you will be able to control your home computer, and from either one you can transfer any files between them, that you may want.
 
I typically use a subnet from 10.x.x.x, but always use 255.255.255.0 as my mask, so if I use 10.0.5.X and a router uses 10.1.10.X, we're still on different subnets.

192.168.0.x and 192.168.1.x are the most common DHCP ranges for consumer routers and 10.a.X.X where a is 0, 1, or 10 are common for more commercial networks. That's why I always use a number other than 0, 1, or 10 in my 10.x.x.x networks for the middle two octets.
 
That's exactly what my question is. All these privite addresses must be in different range/subnet or not?

For the way the E.W.O.N works yes they all need to be different subnets but for many other remote access solutions like a standard VPN then no they don't because of the way it works under the hood.

My advice is to avoid using 192.168.x.x on anything in the industrial sector as it pertains to equipment as the 192.168.x.x is almost always used on consumer based device like Linksys routers, Nest Thermostats, Roku Box, etc. I only want to see 192.168.x.x when I am at home and never inside any of my manufacturing plants in any way shape or form.

Most people in IT will use the 172.16.0.0 - 172.31.255.255 range for IT equipment including end user PC's on DHCP.

I really like to see the industrial / manufacturing side of things stay with the 10.0.0.0 - 10.255.255.255 and it makes this so much easier to deal with when you have a usage standard such as what I have given you here.
 
I typically use a subnet from 10.x.x.x, but always use 255.255.255.0 as my mask, so if I use 10.0.5.X and a router uses 10.1.10.X, we're still on different subnets.

Be careful in your layout and consider skipping subnets to leave room for growth as with a 255.255.255.0 mask you are limiting yourself to 256 devices and only 254 are usable but using a mask of 255.255.0.0 you have 65534 devices but you will be using your last 2 octets of you IP address for the node / device address.

Just something to consider for growth when you are laying things out.
 
This thing is getting more complicated than I thought.

I decided to use 172.22.33.X/255.254.0.0 because I never actually seen anybody uses this private range (but I'm not an IT guy or expert on this so don't count me on this).

But I guess using 10.X.X.X/255.255.255.0 is look like a better choice (I only have tens of devices in my system so I'll be ok with this range for now).

Lets say the network my comuter is connected to 10.X.X.X but since my industrial network is on diferent subnet mask then I'll be ok, right?
 

Similar Topics

Hi, I want to use PLCSIM because the hardware I was working on has now been delivered to customer. Which option do I choose from this drop-down...
Replies
12
Views
280
hi all, i'm building a contrologix system that has 4 IB32, 2 OB32, 2 IF16HI, 2 OF16HI and 2 EN2T modules. without knowing the process or the...
Replies
8
Views
3,306
Good Morning all, I am a beginner level PLC guy, I am planning to setup a lab using Allenbradly Compactlogix 5380 controller. I have selected the...
Replies
1
Views
1,533
I am developing a PLC. The IDE for my PLC will be VS Code. I want my PLC to support IEC-61131-3 but only one language with is ST. Actually I...
Replies
28
Views
7,767
Back
Top Bottom