Stratix 5700 NAT Configuration

[Helliana]

I got one of the Stratix 5700 w/ NAT switches (1783-BMS10CGN) and cannot get NAT to function. I followed the NAT quickstart guide from the knowledgebase step by step simulating their setup and it still does not function.

Network Setup:
VLan10 - 192.168.1.200, 255.255.255.0
FA1/1 - PC - 192.168.1.2,255.255.255.0,GW=192.168.1.254 VLAN 10
FA1/2 - PLC - 192.168.1.3,255.255.255.0, GW=192.168.1.254 VLAN 10
Gi1/1 - Plant Public Network Switch, Gateway is 10.50.68.1, 255.255.254.0, VLAN10

In the NAT configuration:
Checked 10 in the "Gi1/1 VLANs" box, deselected everything else.
Created a translation with Private IP 192.168.1.2 and Public IP 10.50.68.249.
In the gateway translation box i set Public to 10.50.68.1 and Private to 192.168.1.254

The NAT just does not work. 192.168.1.254 cannot be pinged inside the NAT. 10.50.68.249 cannot be pinged from outside the NAT. I cannot figure out what i am missing. I've tried every combination of settings i can think of. Has anyone got this to work and have any clues what i missing?

 

[Helliana]

Anyone had any luck setting up this device?

 

[Rob A]

I have two on order. When they get here I need to setup NAT also.

 

[The Plc Kid]

I got one of the Stratix 5700 w/ NAT switches (1783-BMS10CGN) and cannot get NAT to function. I followed the NAT quickstart guide from the knowledgebase step by step simulating their setup and it still does not function.

Network Setup:
VLan10 - 192.168.1.200, 255.255.255.0
FA1/1 - PC - 192.168.1.2,255.255.255.0,GW=192.168.1.254 VLAN 10
FA1/2 - PLC - 192.168.1.3,255.255.255.0, GW=192.168.1.254 VLAN 10
Gi1/1 - Plant Public Network Switch, Gateway is 10.50.68.1, 255.255.254.0, VLAN10

In the NAT configuration:
Checked 10 in the "Gi1/1 VLANs" box, deselected everything else.

Created a translation with Private IP 192.168.1.2 and Public IP 10.50.68.249.
In the gateway translation box i set Public to 10.50.68.1 and Private to 192.168.1.254

The NAT just does not work. 192.168.1.254 cannot be pinged inside the NAT. 10.50.68.249 cannot be pinged from outside the NAT. I cannot figure out what i am missing. I've tried every combination of settings i can think of. Has anyone got this to work and have any clues what i missing?

What are you trying to do here? First what is 192.168.1.254? is that the 5700's address?

Can you ping from 192.168.1.2 device to everything else in the 192.168.1.xxx subnet? Can everything else ping the 192.168.1.2 device?

You need a drawing to represent what you are trying to acomplish here. Trying to do something like this without a drawing is like tring to wire a 1500 I/O cabinet with no prints. Make your drawing first then post it.

Just a tip as far as you are concerned you must have a private to public entry and a public to private entry for everything you want to NAT.

You can choose single , range or subnet. if single and you have 3 devices to NAT you will need 3 of each entry.

You must have a public address for every private address. You can't send multiple private addresses to a single public address.

 

[Helliana]

192.168.1.254 is the Private Gateway translation address. I did set up a single NAT translation for every device. All devices on the 192.xxx subnet can talk to each other, however the translated gateway is not responsive. According to the AB documentation, the Private Gateway is any unused address on this subnet and the Public should be set to the network gateway.

My setup is almost identical to AB Publication# IASIMP-QS038A-EN-P. The only difference is the public ip range is 10.50.68.0, subnet 255.255.254.0, gw: 10.50.68.1.

 

[The Plc Kid]

So you have 96 public ip addresses configured? Each address has to be unique and they are all on VLAN 10?

Why everything on VLAN 10? That will be a troubleshoting nightmare.

I would make station 1-12 it's own VLAN and route them in the 8300. It would be much cleaner.

 

[Helliana]

I only have 1 5700 switch, with a PLC, PC, and remote I/O. Trying to get one working before moving on.

 

[The Plc Kid]

Make sure you created your proper NAT entry in both the General tab and under the public to private tab.

Make sre the Gig port you are using is assigned to VLAN 10.

Make sure VLAN truncking is enabled and that the smart port is set for switch for automation.

 

[The Plc Kid]

Another thing is to verify that al the ports you are using are set to auto negotiation.

 

[Helliana]

Had all that except had the smartport set the none... maybe thats the issue? Don't remember seeing that anywhere in the UM.

Also, everything is not set up on VLAN 10. I don't know why Rockwell decided to use that for their example. We are connecting the Stratix5700 to our corporate IT network which no one in our plant has access to, hence the need for NAT.

 

[Helliana]

That was the problem, after 4 months of sitting on my desk, i finally got the switch up and running. Thanks PLCKid!

 

[The Plc Kid]

Glad you were able to get it going.

 

[dadof3and3]

Stratix SD card compatibility

Has anyone found that you can use generic SD 1GB cards in Stratix switches? If so, is there any special format that needs to be done to the SD card?

I appreciate any and all comments/suggestions.

Thanks, David

 

[PLC Gremlin]

David,
I'm guessing that you seen in the manual where it states.. "You must use the 1784-SD1 card available from Rockwell Automation with the switches." and .. "ATTENTION: If a non-Rockwell SD card is used in Stratix switches, Rockwell Automation reserves the right to withhold support."
http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf

That being said, I dont "think" there is any special formatting but it may save you some heartache by just getting a 1784-SD1 and guaranteeing that it will work.
I'd bet Rockwell has spent time troubleshooting a customer's problems only to find out later that someone used a crappy SD card from ebay or something..

 

[dadof3and3]

Thank you for the follow up.... We have about 30 to purchase for a project, just wanted to save $$.