Hey everyone,
Recently landed a job in an environment where I have pretty good access to both the hardware and software surrounding all of the tech in the building. I'm using it as a playground to grow my knowledge and skillset, and in the spirit of doing so I wanted to rebuild the PLC network map that RSLinx uses for coms from scratch instead of flashing the backup we have on the network with all the settings already configured (there are 3 main panels, each with a single PLC, so I figured it shouldn't be too hard.)
My first step was to go to each panel and just read the IP Address spit out by the network card. There were 7 cards (and unique IPs) between the 3 PLCs, so that threw me off. Also, I was unable to ping them from command prompt. As I've dug into it, I'm viewing these addresses as a private IP host address within the PLC's individual network and it exists because many of our sensors and such are run off of I/O Link hardware (is the I/O block with all the M12 ports called a hub?). The idea is, the 11.100.100.10 address shown on the PLC network card is the address that the I/O Links modules send data to. Is that correct? Assuming it is, why would any PLC need more than one card? Couldn't you just subnet it to the needed number of host devices and then let one network card do the work?
Flashing the backup for RSLinx and then trying to work backwards, I have found the PLCs' public IP addresses (continuing with reasoning mentioned earlier), and for these there seems to just be one per unit which makes sense. Further, if I ping one of these public addresses from command prompt all four packets come and go with no issues whatsoever. The next part of the situation that I've not been able to come up with any good explanation for is that the address doesn't show up when I type arp -an into cmd prmt. A list of stuff does show up, some of it I don't even know what device it is, but not the PLCs. My thought was maybe the switch/router that the organization set up to handle the network traffic in the building just has two networks set up, but if that is the case, the ping command should've returned a no response timeout (I would think). So, how can ping find the PLC but arp -a cannot? The reason for using arp -a is I have engineering aspirations and I figure that if I need to be spoon fed IP addresses of the object I want to be the resident SME of down the road, I'd be a worthless SME, so I'm trying to gain an understanding of why I'm hitting these roadblocks and a knowledge toolset that I can use when the time comes to go to a new site that is having issues and be able to preform, assuming worst case situation such as lost backups and techs that are weak on their networking.
I hope that makes sense, and if something about the story is off, I can try to clarify/ add more details. Thanks in advance for any wisdom!
Recently landed a job in an environment where I have pretty good access to both the hardware and software surrounding all of the tech in the building. I'm using it as a playground to grow my knowledge and skillset, and in the spirit of doing so I wanted to rebuild the PLC network map that RSLinx uses for coms from scratch instead of flashing the backup we have on the network with all the settings already configured (there are 3 main panels, each with a single PLC, so I figured it shouldn't be too hard.)
My first step was to go to each panel and just read the IP Address spit out by the network card. There were 7 cards (and unique IPs) between the 3 PLCs, so that threw me off. Also, I was unable to ping them from command prompt. As I've dug into it, I'm viewing these addresses as a private IP host address within the PLC's individual network and it exists because many of our sensors and such are run off of I/O Link hardware (is the I/O block with all the M12 ports called a hub?). The idea is, the 11.100.100.10 address shown on the PLC network card is the address that the I/O Links modules send data to. Is that correct? Assuming it is, why would any PLC need more than one card? Couldn't you just subnet it to the needed number of host devices and then let one network card do the work?
Flashing the backup for RSLinx and then trying to work backwards, I have found the PLCs' public IP addresses (continuing with reasoning mentioned earlier), and for these there seems to just be one per unit which makes sense. Further, if I ping one of these public addresses from command prompt all four packets come and go with no issues whatsoever. The next part of the situation that I've not been able to come up with any good explanation for is that the address doesn't show up when I type arp -an into cmd prmt. A list of stuff does show up, some of it I don't even know what device it is, but not the PLCs. My thought was maybe the switch/router that the organization set up to handle the network traffic in the building just has two networks set up, but if that is the case, the ping command should've returned a no response timeout (I would think). So, how can ping find the PLC but arp -a cannot? The reason for using arp -a is I have engineering aspirations and I figure that if I need to be spoon fed IP addresses of the object I want to be the resident SME of down the road, I'd be a worthless SME, so I'm trying to gain an understanding of why I'm hitting these roadblocks and a knowledge toolset that I can use when the time comes to go to a new site that is having issues and be able to preform, assuming worst case situation such as lost backups and techs that are weak on their networking.
I hope that makes sense, and if something about the story is off, I can try to clarify/ add more details. Thanks in advance for any wisdom!
