Hello,
I have been having some issues with my plc's that are on thier own vlan.
I have a server with 4 network interfaces that sits on my business network and my plc network. The server gathers historical data from the plcs. However, after my power outage of about 5 hours last week, my switch (Catalyst 2960) had lost it's previous setting because the last admin didn't save it to the startup config. Therefore when the batteries on the switch ran out, so did the vlan config. So my issue is this...
After putting my vlan back together on one of the switches, I can no longer ping one of the PLC interfaces. Ping everything just fine from all the other machines on this network. All the other machines on the PLC network can ping the server on the interface it has on that network. One of my PLC just can be reached by the server. After a restart, I'll be able to reach the PLC I couldn't before but then I cannot reach one of the other ones. This problem seems to be hopping around the vlan and seems to involve my server's ability to contact any node on the vlan at any given time after a restart or an outage.
I have mirrored a port to look at what's going on here and I see a whole lot of multicast traffic from my Allen Bradley PLC interfaces to addresses like 239.192.3, .2, and .4 . Is this some kind of diagnostic or debug protocol? Wireshark lists it as ENIP. However it accounts for the better part of half the traffic on the vlan. There is no scheme like that on my network so it can't really be going anywhere. ARIN lists the domains for this as specialty reserved items that are nothing. They are listed for IANA special use. I don't really think this is causing a packet storm on my network but I could be wrong.
Any ideas would be appreciated. I know I might be excluding some other information here. Please let me know as I am really stumped by this.
Thanks,
Jeff
I have been having some issues with my plc's that are on thier own vlan.
I have a server with 4 network interfaces that sits on my business network and my plc network. The server gathers historical data from the plcs. However, after my power outage of about 5 hours last week, my switch (Catalyst 2960) had lost it's previous setting because the last admin didn't save it to the startup config. Therefore when the batteries on the switch ran out, so did the vlan config. So my issue is this...
After putting my vlan back together on one of the switches, I can no longer ping one of the PLC interfaces. Ping everything just fine from all the other machines on this network. All the other machines on the PLC network can ping the server on the interface it has on that network. One of my PLC just can be reached by the server. After a restart, I'll be able to reach the PLC I couldn't before but then I cannot reach one of the other ones. This problem seems to be hopping around the vlan and seems to involve my server's ability to contact any node on the vlan at any given time after a restart or an outage.
I have mirrored a port to look at what's going on here and I see a whole lot of multicast traffic from my Allen Bradley PLC interfaces to addresses like 239.192.3, .2, and .4 . Is this some kind of diagnostic or debug protocol? Wireshark lists it as ENIP. However it accounts for the better part of half the traffic on the vlan. There is no scheme like that on my network so it can't really be going anywhere. ARIN lists the domains for this as specialty reserved items that are nothing. They are listed for IANA special use. I don't really think this is causing a packet storm on my network but I could be wrong.
Any ideas would be appreciated. I know I might be excluding some other information here. Please let me know as I am really stumped by this.
Thanks,
Jeff
