New Equipment with similar IP addresses with associated equip. but not another ?

Good Evening ,

We have some new machinery coming in . I gave the integrator a block of
IP addresses such as 192.168.1.122 and up. The machinery they are going to connect to is a previous block of IP address's such as between 192.168.1.80 to 192.168.1.110. One machine I forgot was another machine that has IP addresses such as 142.100.42.1 and up. I am using the Allen Bradley 9300-ENA. I am having a difficult time understanding the Public vs Private. The public I would enter the 192.168.1.--- , correct ? In the private would I enter the 142.100.42.--- or the 192.168.1.150 that I want it to be , so I can communicate with the 'Oddball" ?

Thanks so much for you help.

You shouldn't be using 142.100.42.1 at all, it belongs to "Commission de Sante et de Securite au Travail (CDSEDSAT)" in Quebec.

Can you change the IP address on the 142.100.42.1 device to 192.168.1.150 so you don't need NAT at all, or does it also talk to a bunch of other devices on 142.100.42.???

Assuming the 9300-ENA is like a normal router:
You will have to give the 9300-ENA an ip address on the 142.100.42.xxx network. Normally the first IP address on the network is used for the gateway but that is already assigned to your oddball device so another lesser used convention is to use the last IP address on the network. If the mask on 142.100.42.1 is 255.255.255.0 then the last IP address on the 142.100.42.0/24 network will be 142.100.42.254 and you should assign this to the private interface if the 9300-ENA, and on the oddball device 142.100.42.1 set 142.100.42.254 as the default gateway so that any IP traffic destined for an address that isn't 142.100.42.xxx will be sent to the 9300-ENA.

Then on the ENA you will have to assign an IP address also on the 192.168.1.xxx network, sounds like you want to use 192.168.1.150. I suppose this would be the public address. Then you will have to set up some forwarding (or a 1 to 1 address map, but then you will probably have to assign another 192.168.1.xxx address to the ENA) so devices on 192.168.1.xxx can access the IP based services on 142.100.42.1.

it would be much simpler to change the IP address

142.100.42.1 is just an example. On the network configuration Uplink ( Public ) would be 192.168.1.150 , correct ? Local ( Private ) if 142.100.42.1 is the Compactlogix CPU , would I use that IP address , or one that is not used in that block of IP addresses ?

This 142.100.42.xxx group has a number of drives and Flex I/O on that network.
I just want the CPU so I can capture some tags.

Also , on that network configuration tag , I just apply changes and that should it
, correct ?

I'm sorry , I really struggle with IT stuff.

Rob S. said:

I'm sorry , I really struggle with IT stuff.

Click to expand...

There is no need to struggle...

Let's keep it simple, for now.

Here's some pointers.....

1. Internal isolated netwoks can use any IP addressing scheme they wish, there will be no consequences. By "isolated" I mean that there is no possible connection to the internet.

2. Internal networks connected via a Gateway to the WWW need isolation of some form, to stop internal IP traffic "escaping" to the outside world. This can either be done with aggressive filtering applied in the gateway router, or more simply by using a subset of addresses that gateway routers automatically block from crossing the border, private to public.

There are several IP address ranges that gateways do not pass traffic through form LAN to WAN...

The organization that doles out IP addresses to the world reserves a range of IP addresses for private networks. Private networks can use IP addresses anywhere in the following ranges:

• 192.168.0.0 - 192.168.255.255 (65,536 IP addresses)
• 172.16.0.0 - 172.31.255.255 (1,048,576 IP addresses)
• 10.0.0.0 - 10.255.255.255 (16,777,216 IP addresses)

The assumption is that these private address ranges are not directly connected to the Internet, so the addresses don't have to be unique. In today's world, these private address ranges are often used for the protected network behind network translation devices.

Click to expand...

Anything outside of those address ranges means that your internal data, device discovery, and a whole host of message protocols "escape" onto the www, unless you have specific filtering added into your gateway(s).


Allowing your internal networking message packets onto the www is obviously not a great idea, considering that someone else might have done so as well, using the same addresses as yours.


Looking at the quote I made, your 142.xx.xx.xx addresses are not private, so message traffic between these devices will be global unless the gateway to the www is configured to block them.


I have seen estimates that over 30% of www communication is "leaked" from what should have been closed-door traffic, either by using the "private" address ranges quoted above (the simplest way), or by proper gateway management (the hardest way).


The above quote came from this page, which goes on to explain further.

The 9300-ENA has two IP addresses assigned to it, one public, one private, so that you can access and configure the 9300-ENA device from either network.

Set up a 1:1 network address translation map between 192.168.1.150 (public) and 142.100.42.1 (private) if 192.168.1.150 is the address you want your device on the private network to use on the public network. note these are not the same as the addresses assigned directly to the 9300-ENA for configuration access of the 9300-ENA.

Why wouldn't you use the actual IP address range of your private network in the forum post? Using 142.100.42.xxx as an example has confused the issue.

I'm sorry. I was just guessing at the IP address. I didn't write down the IP address's of the other panel when I left the plant Saturday.