Greetings, everyone. Apologies for any language errors in advance. I am currently engaged in a project that involves the transmission of data and machine statuses (such as robots, PLCs, HMIs, etc.). Some of this data needs to remain confidential, and it is crucial to maintain a constant connection to the robot (in case production halts, the robot should still send data). Additionally, there is shared data that requires clarification (visual aids will be provided). My proposal entails the establishment of three distinct VLANs: VLAN1 for data intended for me, VLAN2 for data destined for the customer's server, and VLAN3 for data intended for both parties. Alternatively, could shared ports be utilized for bidirectional data transmission? I have made some progress following manuals and tutorials on platforms like YouTube, but the results are not satisfactory. This task is new to me as I predominantly work in software development, specifically TIA, as well as coding in C/C++ and C#. I hope this explanation was clear. Please feel free to request further elaboration on the issue. Best regards, Matija
To enhance network security and optimize communication, it is recommended to employ a router for network segmentation. Configure the firewall to permit specific devices to connect to the customer's server while restricting other traffic to remain within the local network. Think of VLANs as distinct pathways with individual switches; they do not have the capability to intelligently filter traffic. To achieve granular control over traffic flow between VLANs, a router is essential.
Have you considered utilizing NAT instead of VLAN3? Additionally, could you provide more information on the PLC model you are using and the communication protocols in place?
In order to separate your network effectively, consider using a router to set up VLANs and configure the firewall to allow specific devices to communicate with the customer's server while keeping other traffic local. Think of VLANs as separate switch cables that require a router to manage traffic flow between them. Unfortunately, sharing ports between VLANs is not possible on the Scalance XB216 switch, so trunk ports are not an option in this case. Refer to the provided connection diagram for a visual representation of how the setup should be configured. If you need further assistance, reaching out to Siemens support may be beneficial.
According to goghie, VLAN3 is unnecessary as NAT can effectively handle the task. Can you provide more details about the PLC model, such as the specific model of the et200sp open controller (IPC), and the communication protocols being utilized, like Ethernet? Additionally, could you please explain how NAT can be implemented in this scenario?
For in-depth information on PH_SCALANCE-XB-200-XC-200-XF-200BA-XP-200-XR-300WG-WBM, including detailed explanations on Paragraph 5.8 found on page 94, refer to the official Siemens support document linked here.
Hi Matija, your proposed VLAN setup seems like a logical approach. Since you're working in an industrial environment with robots and PLCs, I would urge you to also consider the option of using an industrial firewall to properly segregate and secure your network traffic. This would give you more granular control over who gets access to what information. As for shared ports, they can indeed be utilized for bidirectional data transmission. However, make sure you have adequate security protocols to prevent data interception. If you haven't already, also consider looking beyond YouTube. Websites like StackOverflow and even dedicated networking forums can provide valuable information and insights. Good luck with your project!
✅ Work Order Management
✅ Asset Tracking
✅ Preventive Maintenance
✅ Inspection Report
We have received your information. We will share Schedule Demo details on your Mail Id.
Answer: - The purpose is to segregate data based on confidentiality and destination, with VLAN1 for data intended for the user, VLAN2 for data destined for the customer's server, and VLAN3 for shared data.
Answer: - While shared ports can be used for bidirectional data transmission, VLANs offer a more organized approach to segregating and managing different types of data.
Answer: - Maintaining a constant connection ensures that data is continuously sent from the robot, even if production halts, which is crucial for monitoring and troubleshooting purposes.
Answer: - Individuals with a software development background can refer to manuals, tutorials, and platforms like YouTube for guidance on setting up VLANs. It may also be beneficial to seek assistance from network professionals for more complex configurations.
Answer: - Common challenges include misconfigurations, compatibility issues, security concerns, and ensuring proper communication between devices on different VLANs. Troubleshooting and testing are essential to address these challenges effectively.
Join hundreds of satisfied customers who have transformed their maintenance processes.
Sign up today and start optimizing your workflow.