PLC Networking IP setting and subnetting

Marcktony

Member
M
Join Date
Aug 2017
Location
Colorado
Posts
14
I have a question about IP addressing and Networking.
I have a PLC with following IP address 10.1.0.120 this is an static PLC
PLC is working like it is supposed to be, however I can not connect remotely anymore, our IT department did some maintenance on the server, since that they we can not connect remotely. our network is running on 10.0.0.xx IP addressing.
I know they are not in the same network, but somehow it was working we were able to connect with no problems for more than 5 years.
IT is saying it is not an IT problem, that I need to change the IP address on the PLC, FVDs, HMIs everything that has an IP address
10.1.0.xx has to go to 10.0.0.xx

those anybody knows if there is an IT concept I can use to include this 2 networks to talk to each other?

please help, thanks
 
The subnet mask marks the edge of the network. A 10.0.0.xx device with a subnet mask of 255.254.0.0 would be on the same network as the 10.1.0.120. Check the subnet mask of the device you're trying to connect with, and of the PLC. Hope that helps!
 
The more restrictive a subnet mask is, the better because the network will go a little faster.

It makes little sense in a small company to put a 255.254.0.0 mask, which presupposes a network of more than 130,000 IPs.

Better to use the typical 255.255.255.0 and that is what your IT department has probably done.

They have to give you the solution although they will surely tell you to change all IPs from 10.1.0.* to 10.0.0.*
 
lfe said:
The more restrictive a subnet mask is, the better because the network will go a little faster.

It makes little sense in a small company to put a 255.254.0.0 mask, which presupposes a network of more than 130,000 IPs.

Better to use the typical 255.255.255.0 and that is what your IT department has probably done.

They have to give you the solution although they will surely tell you to change all IPs from 10.1.0.* to 10.0.0.*
Click to expand...




It would be pretty messed up for IT to improve network speeds by cutting out a ton of devices from the network! lol
 
On your company PC, if the IP is temporarily changed from 10.0.0.* to a static 10.1.0.*, you will probably regain access to the PLC, but you will lose access to the Internet, business servers, etc.

Just because there are many devices on the network does not mean that it will be slower.
 
Ok lets clarify a little. The OP never mentioned a subnet mask so we are getting a bit off in the weeds. Perhaps they can reply to let us know what their subnet mask is. That would help.

Let's cover some basics...
For your network, if the subnet mask is the very common 255.255.255.0 then we know that your network starts with 10.0.0.0 and ends with 10.0.0.255. Let's assume the same subnet for the PLC network. Your PLC network would start at 10.0.1.0 and end with 10.0.1.255.

So indeed, your computer and the PLC are sitting on two different networks, and would not be capable of talking with each other without the use of a router to route data from one network to another. A router commonly uses the .1 address on a network. IF that were the case then the router would use 10.0.0.1 on your network and 10.0.1.1 on the PLC network. A router can use other addresses, but using .1 is a common practice.

IT typically isn't going to go into all of our control devices and change their IP addresses and subnet masks. But, that router is where IT might get involved. They might have removed the ability to route data between those two networks.

As Rooster suggested, using 255.255.254.0 as the subnet mask would enlarge the network so it would start at 10.0.0.0 and end at 10.0.1.255. That would allow all of the devices to be able to communicate with each other without the need for a router. All devices would need to use this mask. However, this doesn't just usually just change. But it could. IT could have decided that they don't want you using this non-standard mask.

We would know more if we knew the mask your PC is using.


OG
 
Marcktony said:
I have a question about IP addressing and Networking.
I have a PLC with following IP address 10.1.0.120 this is an static PLC
PLC is working like it is supposed to be, however I can not connect remotely anymore, our IT department did some maintenance on the server, since that they we can not connect remotely. our network is running on 10.0.0.xx IP addressing.
I know they are not in the same network, but somehow it was working we were able to connect with no problems for more than 5 years.
IT is saying it is not an IT problem, that I need to change the IP address on the PLC, FVDs, HMIs everything that has an IP address
10.1.0.xx has to go to 10.0.0.xx

those anybody knows if there is an IT concept I can use to include this 2 networks to talk to each other?

please help, thanks
Click to expand...

First of all, if it was working before, and then IT did something, and after IT did that something then it is their problem because they caused it. However, making that case is a political problem not a technical one, and no one on this forum but you will understand your local politics. The best you can probably do is to keep track of the time you spend to fix it and say to a manager above IT that "IT made a change that wasted this much of my time and cost the company $XYZX before I could resume normal duties." The best result is for IT to understand that it is the PLC, VFDs, and HMIs controlling the process that make money for the company, and not the IT department, and they have no business ever changing anything on the network without consulting the people responsible for the money-making process. But again, making that case is a political issue and well nigh impossible for arrogant IT departments which rarely seem to have a clue. The only chance you have is pushing the issue up the chain until it reaches someone who understands how your business actually makes money.

For the technical side:

  • Are all of the devices (PLC, VFDs, HMIs) on the same physical network?
    • That is, are there only network switches, and no network routers, connecting them all "together?"
    • And do they all have 10.1.0.xxx addresses?
      • If yes, what is their netmask (as @Operaghost asked)?
        • Probably 255.255.255.0, but it is worth confirming whether this is the case.
    • Are all of those devices still communicating with each other, even after the IT change?
    • What other devices are on that network (e.g. office computers, printers, etc.)?
  • What is the IP address of the host that is trying to connect to the PLC remotely?
    • Is that host on the same physical network as the devices?
    • What is the netmask of that host?
The answer to the original question depends mainly on the answers to these questions.
 
Also, if all hosts are indeed on the same physical network, and all you really want to do is connect your workstation to the PLCs, VFDs and HMIs at 10.1.0.xxx addresses, then there are a few options.

Assigning a static 10.1.0.xxx IP address on your workstation will allow that workstation to communicate with all of the other 10.1.0.xxx hosts, even if it connected to the same physical network that IT mistakenly changed to a logical 10.0.0.xxx network. That would prevent your workstation from connecting to either any of the 10.0.0.xxx hosts within the local network or any host outside the local network.

Another option would be to add a second network interface to your workstation, e.g. an inexpensive USB-Ethernet dongle, configuring it to use static IP address 10.1.0.xxx and the same netmask as the PLC, VFDs and HMIs. It would take a little fiddling with the routing table, but it could be made to work.

As noted earlier, a third option would be to assign a netmask of 255.254.0.0 to your workstation's single network interface.

Maybe the best option would be to put all of the industrial hosts (PLC, VFDs, HMIs i.e. OT = Operational Technology) behind another router that you control, and that IT has been instructed to keep their hands off. This assumes there is a location where you can break the single* physical network into two segments. The new segment would have addresses 10.1.0.xxx

* I am assuming this is the case
 
Last edited:
thanks for the detailed response.
so here is some more info:
we do have an Automation Direct PLC
one main PLC and other 5 slaves
5 HMI and 4 VFDs
all this equipment is working with no problem, talking to each other.
all the equipment is under the same network

IP: 10.1.0.xx
subnet: 255.255.255.0
gateway: 10.1.0.25

all the offices are under
IP: 10.0.0.xx network
subnet : 255.255.255.0
gateway: 10.0.0.25
 
Marcktony said:
thanks for the detailed response.
so here is some more info:
we do have an Automation Direct PLC
one main PLC and other 5 slaves
5 HMI and 4 VFDs
all this equipment is working with no problem, talking to each other.
all the equipment is under the same network

IP: 10.1.0.xx
subnet: 255.255.255.0
gateway: 10.1.0.25

all the offices are under
IP: 10.0.0.xx network
subnet : 255.255.255.0
gateway: 10.0.0.25
Click to expand...




How do you connect to the network remotely? (or at least how did you connect when you were able)


Are you able to connect physically, or is remote the only option?
 
I tried changing my IP address on my computer so it matches the 10.1.0.xx them tried to connect using the cat5 in my office and I could connect and see the PLCs, all the devices. however a lose connection to ethernet.
 
thanks for the detailed response.
so here is some more info:
we do have an Automation Direct PLC
one main PLC and other 5 slaves
5 HMI and 4 VFDs
all this equipment is working with no problem, talking to each other.
all the equipment is under the same network

IP: 10.1.0.xx
subnet: 255.255.255.0
gateway: 10.1.0.25

all the offices are under
IP: 10.0.0.xx network
subnet : 255.255.255.0
gateway: 10.0.0.25
 
drbitboy said:
Also, if all hosts are indeed on the same physical network, and all you really want to do is connect your workstation to the PLCs, VFDs and HMIs at 10.1.0.xxx addresses, then there are a few options.

Assigning a static 10.1.0.xxx IP address on your workstation will allow that workstation to communicate with all of the other 10.1.0.xxx hosts, even if it connected to the same physical network that IT mistakenly changed to a logical 10.0.0.xxx network. That would prevent your workstation from connecting to either any of the 10.0.0.xxx hosts within the local network or any host outside the local network.

Another option would be to add a second network interface to your workstation, e.g. an inexpensive USB-Ethernet dongle, configuring it to use static IP address 10.1.0.xxx and the same netmask as the PLC, VFDs and HMIs. It would take a little fiddling with the routing table, but it could be made to work.

As noted earlier, a third option would be to assign a netmask of 255.254.0.0 to your workstation's single network interface.

Maybe the best option would be to put all of the industrial hosts (PLC, VFDs, HMIs i.e. OT = Operational Technology) behind another router that you control, and that IT has been instructed to keep their hands off. This assumes there is a location where you can break the single* physical network into two segments. The new segment would have addresses 10.1.0.xxx

* I am assuming this is the case
Click to expand...
thanks for the quick answer answer

thanks for the detailed response.
so here is some more info:
we do have an Automation Direct PLC
one main PLC and other 5 slaves
5 HMI and 4 VFDs
all this equipment is working with no problem, talking to each other.
all the equipment is under the same network

IP: 10.1.0.xx
subnet: 255.255.255.0
gateway: 10.1.0.25

all the offices are under
IP: 10.0.0.xx network
subnet : 255.255.255.0
gateway: 10.0.0.25
 
Last edited:
It is good you can set the static IP of your computer to 10.1.0.xx and see all of the OT devices. As I noted, that also causes loss of Internet connectivity because it is on a different logical network than IT's router. There is no way around that (other than the second network interface).

Marcktony said:
...
so here is some more info:
we do have an Automation Direct PLC
one main PLC and other 5 slaves
5 HMI and 4 VFDs
all this equipment is working with no problem, talking to each other.
all the equipment is under the same network

IP: 10.1.0.xx
subnet: 255.255.255.0
gateway: 10.1.0.25

all the offices are under
IP: 10.0.0.xx network
subnet : 255.255.255.0
gateway: 10.0.0.25
Click to expand...

Oof. Someone in the office mis-configuring a node's IP address as a duplicate of one of your OT devices could shut down your operations.

This is your chance to protect your money-making OT operations from your loose-cannon IT department: segment the network with a router and isolate your OT devices from the office devices. It is logically as simple as a SOHO (Small Office/Home Office) router setup at home:

  • The WAN side of the router* will be a single IP address on the company's 10.0.0.0/255.255.255.0 network.
  • You should be able to control who can go through the router from the office side to the OT side, so your computer on the office side should be able to both access the PLC as well as the Internet, and if you get the right router you can also restrict which hosts can go through to the OT side.
  • The LAN side of the router will be 10.1.0.0/255.255.255.0
    • All of the OT devices (PLC, VFDs, HMIs) will be here and will not have to change their IP addresses
  • NEVER let IT access YOUR router or anything behind it:
    • They messed it up once and risked shutting your money-making operations down;
    • They must not be allowed to do so again;
    • You should go directly over their heads to ensure that is a company-wide policy.
      • If they get wind of it, do not accept anything they try to say or do
      • Even if you install the router and implement the separate internal OT network (10.1.0.xx/255.255.255.0), they may try to get control of it.
      • Your justification is that THEIR incompetence has threatened YOUR operations, and you will not allow that again.
Of course you'll have to express that in a less impolitic manner; I am free to call it like it is here in the Wild West of the 'net.

* The WAN side of the router at home is the IP address that your ISP provides.
 

Similar Topics

ceilingwalker
Networking multiple PLC's and an RC advice
Hello all. I have a system with 4 different machines, each has their own PLC. I also have a RC in this subnet also. I created a server PLC that...
Replies
0
Views
462
ceilingwalker
ceilingwalker
ceilingwalker
Networking 2 PLC's with different IP's
Hello All, I have two CompactLogix that I would like to network together however, they have different IP subnets. Is there a way to connect them...
2
Replies
15
Views
4,445
Operaghost
Operaghost
ceilingwalker
Networking 2 PLC's on different subnets
Hello All. I need to network two CompactLogix on different subnets. One is 192.168.1.22 and the other is 10.10.30.15. Since I have to bring a...
Replies
4
Views
1,783
drbitboy
drbitboy
N
Multi Siemens PLC networking
Hi Every one I want to hookup the 10 numbers S7 300 PLC CPU on MPI Network . CPU,s are running on 10 different machines with 12 " HMI on each on...
Replies
5
Views
2,121
Oubax
O
A
PLC Networking / Remote Access
I have searched the forum, It looks like some people are doing a similar thing but I still have some questions. I have a number or PLC's, most...
Replies
14
Views
4,740
itsmedarian
itsmedarian
Back
Top Bottom