I have come across an interesting project. Industrial networks with proprietary hardware and software are always interesting.
There are folks which are much smarter than me on this forum and I was hoping for a sanity check on some thoughts. The below is a sketch of the customer’s proposed network.
PLC IP addresses cannot be changed
PLC can only communicate with up to 10 devices
Device IPs can only be changed in the range of 192.168.1.1 to .10
Devices cannot have the subnet changed from 255.255.255.0 or a default gateway set
This network is offline and not physically connected to the internet.
Short of the a hardware failure, the MACs will always remain the same and remain connected to the same ports physically
Each device has 2 ethernet ports, so daisy chaining is possible with the devices built in unmanaged switch
Device with the highest IP, such as device 8 in the first column is physically far away from the router/ switch #2
Due to physical limitations and future expandability, only 1 network cable is planned to connect between the systems
Devices and router/ switch #2 are in a hazardous environment to make it more interesting.
So for example, what I was hoping to achieve was:
Devices visible to PLC 2
Devices visible to PLC 3
Am I thinking it is too simple to somehow map each device LAN network via mac addresses to the corresponding LAN network for the PLC?
To use one trunk cable between the router/ managed switches, they would translate to a ‘public’ style IP.
So:
then
matt7863
March 11, 2024, 11:04am
4
spiceuser-ryan969:
So for example, what I was hoping to achieve was:
Is the physical layout/connection fixed as per your diagram?
So for example, what I was hoping to achieve was:
If you only needed the separate columns to communicate with different PLCs you could use simple VLANs.
But if you really want some from a different ‘column’ with duplicate ip addressing to access other PLCs then you will need to use NAT and multiple routers or VRFs.
If you could change the physical cabling and IPs (to use .9 nd .10 also) then it would be much simpler.
2 Spice ups
Hi m@ttshaw,
I understand what you are saying. My physical installation limitation is the following:
The devices at the end of the run are quite far from each other. The below illustration gives a better idea.
Since the area is classified as a hazardous environment, the cost for additional cable runs & hardware piles up very quickly. More so on labour I suppose.
The PLCs need to be in the safe area
Normally each ‘branch’ has its own PLC, but in Phase 2 there will be branches with less devices even further away from each other, pushing the limits of the ethernet cable hop distance. Not to complicate matters but it will most likely be a fiber link back to the ‘safe area’ for the additional devices.
I have used NAT and VLANs before, so I have a basic understanding on what I would like to achieve but full VRF will be a learning curve.
I more or less visualize this as multiple branches/ divisions connecting to the internet and interfacing with different servers as directed. Except I am creating my own ‘internet’ in a closed network.
Have you or anyone used VRF?
re-boot
March 12, 2024, 3:00pm
6
If those truly are unmanaged switches built-in to each device then the distance from the farthest devices to the PLC are irrelevant…only the individual distances from switch 2 to the first device and the distance between each device as the built-in switches will act as repeaters. And of course the distance between switches 1 & 2, and PLC’s to the first switch will need to be within spec.
Not sure how those 4 column’s of devices are going to communicate with 3 PLC’s…at first glance it looked like VLAN’s would be a solution but that would limit you to a single column of devices communicating with a single PLC. If you need to have 2 columns of devices talking to a single PLC you will have to assign different addresses to the 2nd column which will extend them past the 192.168.1.10 limit.
I would try to push back on the manufacturer regarding the limitations. Often times I find (at least with security systems and access controls) that there is a very rudimentary (to be kind) understanding of networking concepts on the manufacturer or installers part. And having two of those columns of devices talking to the same PLC simultaneously simply will not be possible without extending the devices past that 192.168.1-10 limit.
1 Spice up
krnup
March 12, 2024, 3:25pm
7
I would lean towards adding a 4th PLC and VLANing each column of devices; that would allow them to add another device to the chains without throwing the whole system out of wack.
Imagine if you added two devices from the second column to the eight from the first column and then they wanted to add a 9th to the first column. Chaos!
1 Spice up
![\"general](\"https://us1.discourse-cdn.com/spiceworks/original/4X/5/1/4/514551231b98257d05c090031991ffb00569228d.jpeg\")