Network Interrogation

robertkjonesjr said:
This applies to the proposed network manager software as well - it won't really map anything without managed infrastructure to indicate which device is connected to which port, usually done through the mac address table and/or LLDP, CDP or variants.
Click to expand...

That's not 100% correct. See the link below.

https://thwack.solarwinds.com/commu...ntroducing-solarwinds-network-topology-mapper

Solar winds and many other higher end mapping tools can do a certain amount of mapping even without having managed switches. If he is going with managed switches anyway I would map then change them and then map again.

I would do an initial map at first though.
 
Sorry, some sales-guy blog post saying we 'can do something but it's not perfect' does not work for me. Usually these tools do a poor job with unmanaged devices. However, I have no problem finding better tools, so please share some evidence of this because if they have it solved, I can sure use it. Network manager software is a crowded space.

The user guide for the product shows the following:

How NTM Works
Using the standard protocols listed below, NTM discovers network nodes and the connectivity between them:
 Simple Network Management Protocol (SNMP)
 Windows Management Instrumentation (WMI)
 Link Layer Discovery Protocol (LLDP)
 Cisco Discovery Protocol
 VMware Management
 Internetwork Control Message Protocol (ICMP ping)

Unmanaged network devices don't support SNMP, WMI (Windows), LLDP, CDP, or VMWare management so it's a risk to setup and hit it with this tool. Put in the managed devices, and all of this rich information becomes available, as I am sure you know. It's not a good use of my time to do anything else first, but I don't have to do it, and maybe your time is free, so feel free to do whatever you like, multiple times.
 
I feel your pain friend, as our network is the same in many regards. Here is what I would reccomend:

Do a discovery. Focus on what you can easily find out.

If you make a list of all control devices on the network and what their IP's are, and this means PV, RS232 to Eth/IP adapters...I mean every single little thing then you can get the MAC addresses from the ARP tables. [Work with network admin]

Also note if they are on dumb switches or smart switches (if on a smart switch go ahead and make a copy of the CFG file).

You can discover a LOT from the web page addresses of different devices. You would be surprised what has a web server embedded.

I have an example spreadsheet I can give you minus all the network info/most of the comments if you would like.

Once you have all ip's and mac addresses figured out, you can find the switch port and the switch the device is on. Then you can label both ends of each cable.

Depending on the scope you may want to make a device map from here.

That should get you started and feel free to PM me if you need.
 
Cheers guys...

Solarwinds still not responded about good it is with unmanaged switches....

I have a spreadsheet that I started 2 years ago, when I started looking at mapping, and I started in the control rooms, as they were easier (!), and the spreadsheet has built up to many pages as I map each switch, always hoping there would be a piece of software to help me....

Previous job, I found out about Belarc Advisor, (http://www.belarc.com/free_download.html) which I had used for checking software and licence numbers on SCADA PCs, but it also checks out the local network, giving device addresses and names, as well as links to webpages for the devices, and that has proved useful to determine some of the devices connected. It also helped me get access to the one gateway that we have (the password was well hidden in someone else's spreadsheet) - the gateway bridges two IP ranges on site.

Ethernet errors happen, and the techs change the Fibre to Ethernet Converters, and even over recent months they have changed a 24 port switch twice to "cure" comms problems.....

The previous issue that I mention with cable faults, was purely an IT network problem, just happens that they left the engineering side to us to tackle, as we were installing the machine as part of a project, but as it involves personnel logging in, it has to be on the IT network.

Aye, I love a challenge......TGIF.........!!!
 
Here is what you need to keep in mind with an unmanaged or "dumb" switch:

You are limited to whatever VLAN you configure on the primary switch port. This can be an issue for network segmentation.

It is harder to find a "network loop" because John decides to plug in this cable right here and connect two switch ports directly together. This can create a broadcast loop and bring down the network.

You can't do NAT or isolate. This is where it gets confusing:

You have a machine from the factory. All network addresses are set up as 192.168.1.x

This means in order to get certain devices on the network you have to go into programs, drivers, etc and change addresses because they are connecting to the network. With a managed switch you can use NAT and keep all internal addresses so the program doesn't change, but add a "rule" to change 192.168.1.2 to 10.1.12.13 from the outside.

On the "inner side" of the switch, all addressing stays the same and gets mapped to a table for outside addresses, but only for the devices you want to access. There is no need to have a drive inside a machine exposed to the outside world. You don't want that extra traffic on motion control systems.

Where dumb switches are USEFUL:
You have printers/computers/devices on the same VLAN that are ONLY connected to by outside applications and ONLY for data exchange (no real-time process control).

In a pinch to get something up.

Remember, the whole idea is to keep the network traffic within the switched network and to allow outside access for diagnostic reasons. Layer 2 is faster than Layer 3.

As for the main network infrastructure, you want to go with quality rack-mount switches all trunked with fiber. Pull two runs of fiber between each switch so you have a spare, and in the event one is damaged you can swap. Remember, we aren't dealing with accounting not having access to their files. We are dealing with machines that can hurt or kill someone. We are dealing with the reason accounting has something to account.

Fortunately, I work in the IT department, so I have access to servers, switches etc, but I'm a controls guy. This means I don't have to deal with any extra BS to do whatever I need to on the network or local machines, I just do it.
 

Similar Topics

A
Network switch recommendations
Hello, I have a A.B Compact logix communicating with two fanuc robots via ethernet. The plc also communicates to an automation direct hmi screen...
Replies
3
Views
179
James Mcquade
J
M
SCADA network extension to remote sites
So I'm pretty new around here but I come looking for advice or suggestions to research. Im the plant electrician/SCADA guy for a warer department...
Replies
8
Views
234
BeepBob
B
mad4x4
Network Switch supplier USA
Looking for a supplier of Layer 3 Network Switches DIN RAIL MOUNT, in Alabama, In the UK we would use Typically in the UK we would use...
Replies
6
Views
189
joseph_e2
J
mad4x4
Scalance Ring NEtwork
We are having an issue with some servers, with "Teamed NICs" is we plug one cable leg of the team into one switch and the other to another...
Replies
0
Views
65
mad4x4
mad4x4
Rsflipflop256
Setting up a modbus network on a DL262 Directlogic PLC with Siemens LMV 3 Burner controllers as slaves, eight of them, with OCI 412.10 Interface
Good morning fellow sea captains and wizards, I am being asked to do the above and obtain 4 values from each slave, I know about the MRX and MWX...
2 3
Replies
32
Views
845
Rsflipflop256
Rsflipflop256
Back
Top Bottom