Question about plant networks / VLANS

russg · Nov 13, 2020

This diagram is very good. It explains a lot in the cisco and rockwell document.

Plant network example 2 - NAT Switches- Duplicate IPs.PNG

russg · Nov 13, 2020

The other reason for wanting to do this is because it is obviously good to keep devices like servo drives on a separate network due to reliability. I'm always wondering how important this is though? Would it be ok to have one production line with multiple machines all connected on one network / VLAN? There must be a limit which could possibly slow things down?

The other reason which I've hardly looked into is security.

russg · Nov 13, 2020

VAN said:
When setting up a server for sites I would just have the server with multiple IPs on the one NIC. I don't know if this is the best solution as we had a single VLAN with multiple subnets.

I only had one major issue with the setup but that was because someone moved a ethernet cable to a random switch that caused a weird circle configuration. The network was unhappy and I ripped out a couple switches and made them a single VLAN instead of two mixed switches (multiple VLANs). I wasn't happy that day.

This follows into the other question I have, on how to set up an engineers work station to connect to all these separate machines? Do I need multiple network ports configured? or can it be done with one network port and some clever set up?

VAN · Nov 13, 2020

russg said:
This follows into the other question I have, on how to set up an engineers work station to connect to all these separate machines? Do I need multiple network ports configured? or can it be done with one network port and some clever set up?

https://www.practicalnetworking.net/stand-alone/routing-between-vlans/

I'm unsure how big your network is but the vlan direction is the "safer" bet but takes a bit of work to get it setup.

If you have a small network might consider a single vlan and have multiple sub-nets.

russg · Nov 17, 2020

VAN said:
https://www.practicalnetworking.net/stand-alone/routing-between-vlans/

I'm unsure how big your network is but the vlan direction is the "safer" bet but takes a bit of work to get it setup.

If you have a small network might consider a single vlan and have multiple sub-nets.

Hi thanks, that website is really helpful.

We have many production lines at my factory, and we are growing fast, so this investigation is to help with a big upgrade of the whole network, and being prepared for many more machines / production lines that will be coming through the door.

VAN · Nov 18, 2020

If you can you might reach out to Rockwell, they have a good network team and they work with sites on setting up OT networks.

They'll show you how to layer your network
example
- Layer 1 - PLCs, HMIs, Remote IO and VFDs
- Layer 2 - workstations and items that talk directly with layer 1 and layer 3
- Layer 3 - Servers/Historians/domains/active directory

Then they can give a plan for scaling to infinity and how to setup VLANs and or subnets on VLANs.

Depending on your network and if you eventually run out of VLANs and what to do next etc. (I have no experience at this point and would rely on IT heavily.)

You might want to talk with your IT department (IT is our friends) and get a plan and see what they do for network monitoring. Claroty is pretty neat but I don't have any experience, and solarwinds is really neat but I think it has a funny license issue.

But networks is a cool area to get good at but at the same time it can be frustrating as hell when the network gets a ghost/bug.

stretch_af · Nov 19, 2020

VAN said:
...(IT is our friends)...

Made me laugh, I have a couple IT guys I would like to strangle.

harryting · Nov 19, 2020

stretch_af said:
Made me laugh, I have a couple IT guys I would like to strangle.

I tell myself that they mean well. But...

russg · Nov 26, 2020

Great. Thank you.

I'm impressed with all the documentation from Rockwell, but we are a Siemens factory, so I may need to work with the equivalent Siemens team.

And yes, I'm working with the IT team, and actually trying to understand all this better so the IT infrastructure team can put it in place.

maperry98 · Dec 1, 2020

On my Allen Bradley controllers I can have multiple Ethernet cards installed so I can have separate networks. One card will be for the machine network and the other card will be for the plant network. I have never messed around with Siemens controls before, but I bet you can put more than one Ethernet card in the rack.

rankhornjp · Dec 1, 2020

maperry98 said:
On my Allen Bradley controllers I can have multiple Ethernet cards installed so I can have separate networks. One card will be for the machine network and the other card will be for the plant network. I have never messed around with Siemens controls before, but I bet you can put more than one Ethernet card in the rack.

I used to do the same. However, the down side of this approach is that you can't access the network on the other cards from your desk.
Example:
Card 1 is your plant network
Card 2 is machine network

If you want to connect to an Ethernet device (hmi, drive, instrument) to make changes you would have to go out to the controller and plug into the local switch that's attached to Card 2.

With a VLAN/NAT you can access anything on the network from the engineering station.

russg · Jan 7, 2021

VAN said:
https://www.practicalnetworking.net/stand-alone/routing-between-vlans/

I'm unsure how big your network is but the vlan direction is the "safer" bet but takes a bit of work to get it setup.

If you have a small network might consider a single vlan and have multiple sub-nets.

Hi,

Could you or anyone tell me why subnets can't be used for larger networks?

If i were to just have 1 VLAN and every device from every machine connected with different subnets, what would be the constraints and issues of that?

cardosocea · Jan 7, 2021

The setup I inherited is now a jumbled mess of systems and the guy before me was planning to install everything on VLANs.
The way we would have our engineering station accessing all VLANs was by having all of the "computers" as Virtual machines inside a large server with... off the top of my head 8 network ports. Inside the server you can set up virtual switches that then link the virtual machine to whichever virtual switches you need.

Personally, although there are sizeable benefits in creating VLANs to put all your equipment in them, I dislike the approach as it can put a lot of your processes dependent on the entire network. So I prefer to physically segregate the IO from the whole network.

The other, although not that common, benefit is that if something in the network were to fail, good old bubba can just put pretty much any network switch and it works. With VLANs, it's certain that a cable will go in the wrong port and you'll be called in to fix the problem.

maperry98 said:
I have never messed around with Siemens controls before, but I bet you can put more than one Ethernet card in the rack.

And it doesn't even have to be the top end processor to do that...

504bloke · Jan 7, 2021

stretch_af said:
Made me laugh, I have a couple IT guys I would like to strangle.

I always refer to IT as "In Trouble"......

504bloke · Jan 7, 2021

russg said:
we are a Siemens factory, so I may need to work with the equivalent Siemens team.

Have you had a read of these

https://cache.industry.siemens.com/...5/v10/109747975_PCS7_ServiceBridge_DOC_en.pdf

https://cache.industry.siemens.com/.../att_929815/v1/109749844_VLAN_DOKU_V10_en.pdf

Question about plant networks / VLANS

russg

Member

russg

Member

russg

Member

VAN

Member

russg

Member

VAN

Member

stretch_af

Member

harryting

Lifetime Supporting Member

russg

Member

maperry98

Member

rankhornjp

Member

russg

Member

cardosocea

Member

504bloke

Lifetime Supporting Member

504bloke

Lifetime Supporting Member

Similar Topics