Routing between subnets

I am installing an Ethernet/IP network with a ControlLogix processor, 16 Point I/O racks and a Red Lion G308 HMI, all connected via 17 Ethernet switches on a fibre ring.

We have now been told that we will have to pass data to a Siemens SCADA PC on a separate network. I would prefer to keep the 2 networks on separate subnets i.e. 10.0.1.x and 10.0.2.x with a subnet mask of 255.255.255.0.

Does anyone have experience in routing between subnets? I want to ensure data can only pass between the G308 HMI on one network and the SCADA PC on the other network - all multicast traffic must be stopped by the router.[/img]

I’m far from an IT pro, but heres my best shot…

It’ll all be in the configuration of the router between the two networks, and the devices must have their gateway setting set to the address of the router.

I think you need to define a “static route” between your endpoints in the router.

When in doubt - get IT involved, thats what they’re there for.

Unfortunately on this system I am IT :open_mouth:

I was afraid of that. Not an uncommon situation however. Best of luck. Nathan will probably have better advice than I.

OK, to begin with you’ll probably want to follow convention with your class C (255 address blocks) and use 192.168.x.y, where x will be your 2 subnets, 1 and 2, for example. 10.x.x.x is the (much larger) class A non-routable IP range.

Even if everything was plugged into the same switch, multicasts will be separate between the two since they go to the network id. However, you’ll want to separate the 2 networks into separate VLANs for broadcast packets - ie DHCP. A VLAN is a Virtual LAN, which occurs at the layer 2 (data link). Separate VLANs seem like you’re plugging into separate switches altogether. There are different ways of accomplishing this, the simplest being based strictly on assigned port ranges.

With a layer 3 switch you set up logical interfaces that will be used as the “default gateway”. By convention you’ll want to reserve the 192.168.x.1 address for that. For example, any 192.168.1.x node that wants to talk to 192.168.2.x would be able to if it had 192.168.1.1 set up as its default gateway. If you need to restrict who can do so, you’ll set up ACLs (access control lists) to the interface in the layer 3 switch. And/or you can just a blank default gateway in the PLCs.

Based on the “17 (managed) Ethernet switches on a fibre ring” and your requirements, you might want to consider involving a networking consultant. Home and simple networks are deceptively easy since they fit a very specific mold. Your requirements aren’t too complicated, but are getting into networking beyond guesswork.

[quote=“AlThePal”]I am installing an Ethernet/IP network with a ControlLogix processor, 16 Point I/O racks and a Red Lion G308 HMI, all connected via 17 Ethernet switches on a fibre ring.

We have now been told that we will have to pass data to a Siemens SCADA PC on a separate network. I would prefer to keep the 2 networks on separate subnets i.e. 10.0.1.x and 10.0.2.x with a subnet mask of 255.255.255.0.

Does anyone have experience in routing between subnets? I want to ensure data can only pass between the G308 HMI on one network and the SCADA PC on the other network - all multicast traffic must be stopped by the router.[/img][/quote]

To address Carl’s points - he’s pretty much right.

  1. The router (or layer 3 switch interface) will be the default gateway for the clients.
  2. Some type of routing path will exist. A static route path is an option - it’s done by typing in a route path into a table in your router, defining the interface, network, destination router, etc. There are several routing protocols (RIP, OSPF, etc) that vary in their range from static to dynamic. This is how routers know where to go when talking to each other beyond your “default gateway”. The nice thing about a virtual interfaces in a layer 3 switch is that configuring communication between them should be easy.

I’ve played with a simple layer 3 switch and got it to do what you want. It had 3 “pieces” that were connected by fibre, but I didn’t have separate switches connected that way. I had no idea what I was doing with the switch and it was relatively straightforward. That one didn’t satisfy my needs as it wouldn’t provide Internet access since it didn’t support NAT.

I’m starting to learn Cisco now, but at the very beginning. I’d tell you that even if someone else spec’d and bought the (Cisco) equipment for your requirements, that I’d have some learning to do before being able to make it happen. You might be able to do it through a menu in hyperterminal - the access control lists and VLANS over 17 switches raise a flag. Things get a little knarly once you get into IOS. It’s an amazingly powerful platform, though. Again, what you’re asking for should be really easy for a networking consultant.

Hi,

We currently have two subnets on our network as we are in the process of moving to Windows Server 2K3.

All our new machines in the AD are set to use the 192.168.0.x range, and all old machines not yet migrated are using the 192.0.3.x range. Currently our mail server sits on the 192.0.3.x range and we are giving all the new machines dual ip addresses.

What we would like to do is change the address of the mail server to the 192.168.0.x range and do some kind of routing so that all machines in the old range can still access the server.

I’m not sure about the best way of doing this, either installing a second NIC or buying a router?

Any help would be appreciated.

Thanks

  1. Based on your post I would add a second NIC in the mail server on the 192.0.3.x network.

  2. If you’re using a general purpose router (Cisco, for example) you can add another interface for your router on the 192.0.3.x network. It will work seamlessly to the 192.168.0.x clients, assuming that router is the default gateway or sych’d up with your other routers via a routing protocol.

[quote=“sureideas”]Hi,

We currently have two subnets on our network as we are in the process of moving to Windows Server 2K3.

All our new machines in the AD are set to use the 192.168.0.x range, and all old machines not yet migrated are using the 192.0.3.x range. Currently our mail server sits on the 192.0.3.x range and we are giving all the new machines dual ip addresses.

What we would like to do is change the address of the mail server to the 192.168.0.x range and do some kind of routing so that all machines in the old range can still access the server.

I’m not sure about the best way of doing this, either installing a second NIC or buying a router?

Any help would be appreciated.

Thanks[/quote]