Isolating Networks On A 1769 L33ERM

ldrewes

Member
L
Join Date
Apr 2008
Location
Ohio
Posts
43
I am upgrading from device-net to Ethernet. We keep try to keep our distributed IO off of our business network by using an Ethernet bridge on our control logix platforms. We have never done this with a compact logix system. So my question is this:
We have a 1769 L33 ERM processor that needs to be accessible from the business network. Will adding a 1768-ENBT to the rack work as the bridge to the distributed IO on a separate private network? I'm not sure if the 1768 and 1769 are compatible with each other in this instance.
Or can the second ethernet port in the processor be used as a method to isolate the networks?
Any questions or clarifications just ask
Thank you for any help that can be given!
 
Last edited:
ldrewes said:
I am upgrading from device-net to Ethernet. We keep try to keep our distributed IO off of our business network by using an Ethernet bridge on our control logix platforms. We have never done this with a compact logix system. So my question is this:
We have a 1769 L33 ERM processor that needs to be accessible from the business network. Will adding a 1768-ENBT to the rack work as the bridge to the distributed IO on a separate private network? I'm not sure if the 1768 and 1769 are compatible with each other in this instance.
Or can the second ethernet port in the processor be used as a method to isolate the networks?
Any questions or clarifications just ask
Thank you for any help that can be given!
Click to expand...

Unfortunately the 1768-ENBT is not compatible with any of the 1769 Controllers. It is only compatible with the 1768-L4x controllers (L43/L45/L43S/L45S)

Currently there is no "second ethernet port" available on the processor and no way of adding one with an additional card.

I would suggest that you look at one of the following 3 options:
9300-ENA Network Address Translation Device
1783-NATR Network Address Translation Devices with DLR capability
1783-BMS10CGN Stratix 5700 10 Port Managed switch with Network Address Translation (also available with 20 ports).

Using any of the above options you will be able to perform NAT or Network Address Translation. You can configure it in such a way that traffic from your public network can communicate with your PLC and your PLC with the rest of the network, however the rest of the traffic on the public network will not pass on to you private network (machine network) and vice versa.

In terms of deciding which one is best for you, I would need some more information about your network like what devices you have, what is your proposed topology etc.


I hope this helps.
Regards
Ian
 
Thanks for the info...although it isn't what i wanted to hear.
My processor does have two ethernet ports, are you simply saying it can't be used for the purpose i am describing?
I think the best option for me would be using the stratix with NAT. The bad part is i wouldn't know the first place to start in setting that up in the switch.
So to clarify another point on this topic, I will use a 1769-AENTR to connect the distributed IO in the other racks correct?
Worse comes to worse i'll just have them on the business network...they will be connected to the same unmanaged switch so it shouldn't be too bad.
 
The two Ethernet ports are there to support DLR. They are not independent ports. The options listed by Usireland are what you need to consider. Personally using the 1783-NATR is probably going to the the cheapest and easiest to setup.

Anything with the R designation means is it DLR compatible and will have at minimum 2 ports. The 1783-NATR will have 3, two for maintaining the DLR network, 1 as your 'breakout' to another network.


This document provides a better visual.

http://literature.rockwellautomation.com/idc/groups/literature/documents/pp/enet-pp011_-en-p.pdf
 
Paully's5.0 and Usireland
Thank you for your suggestions. I think I will go the 1783-NATR route. I always appreciate the help I find on this site. Its never let me down!
 
I highly suggest the 9300-ENA for doing this because IMO, it is the easier to setup and configure than the stratix 5700 with NAT. I have not tried the 1783-NATR, so i cannot comment on that. Also, its worth noting that with newer firmware (either v23 or 24, i don't remember which) Rockwell added the ability to bridge the local and public networks through the processor via linx, similar to how you could bridge two ENBTs through the backplane.
 

Similar Topics

R
Isolating Networks
Hi,I have a question about isolating a control network from the plant Vlan network. In a new project the control network would have a Compactlogix...
Replies
4
Views
3,317
Ray S
R
T
Isolating 2 wire analog devices with Point I/O
Hey folks, Hardware: *=Must use these devices. Allen Bradley 1734-AENTR (Dual Ethernet Adapter)* Allen Bradley 1734-IE8C (8Ch Analog Input...
Replies
2
Views
706
trueninjalo
T
B
Best Practice for Isolating PLCs and Manufacturing Equipment
When a new machine comes into our facility the PLCs and Variable Frequency drives typically come with their IP addresses in the 192.168.1.XX or...
Replies
13
Views
6,136
scarince
S
N
Isolating downtime reason
Hey all, long time lurker for help, first time poster. We're getting ready to install an OPC data collection package on about 120 pieces of...
Replies
8
Views
2,257
N20D5OH
N
J
isolating a bit
I am using rs logix 5000 with an l61 processor. i want to change the status of a single bit in a shift register without changing anything else...
Replies
3
Views
1,765
TConnolly
TConnolly
Back
Top Bottom