Troubleshooting NAT Configuration on Stratix 5700 Switch

03-09-2024
Helliana
16 comments
20537
279

Question:

I recently purchased a Stratix 5700 switch with NAT capability (1783-BMS10CGN) but have been unable to get NAT to work properly. Despite following the step-by-step instructions in the NAT quickstart guide from the knowledge base and replicating their setup, I have not been successful. My network setup includes VLan10 with the following configurations: 192.168.1.200, 255.255.255.0 for the VLAN interface, 192.168.1.2 for the PC, and 192.168.1.3 for the PLC. However, the NAT feature does not seem to be functioning as expected. I have tried various configurations in the NAT settings section, including specifying the VLAN, creating translations with Private and Public IP addresses, and setting gateway translations. Despite my efforts, I have been unable to ping 192.168.1.254 from within the NAT or 10.50.68.249 from outside the NAT. I am currently stuck and unsure of what I might be overlooking. Is there anyone who has successfully configured the Stratix 5700 switch with NAT and can provide some insights into what I might be missing? Any tips or guidance would be greatly appreciated. Thank you.

Top Replies

Has anyone successfully set up this new device? Share your experiences!

04-09-2024
Helliana

I have ordered two items and once they arrive, I will need to configure NAT as well.

04-09-2024
Rob A

Helliana reported difficulties in setting up NAT on her Stratix 5700 w/ NAT switch (1783-BMS10CGN). Despite following the NAT quickstart guide step by step, the NAT feature does not seem to be functioning correctly. The network setup includes VLAN 10 with IP addresses assigned to devices such as a PC and PLC, as well as a Plant Public Network Switch. In the NAT configuration, specific settings were adjusted, but the NAT feature remains non-operational. Helliana seeks advice on troubleshooting the issue and clarifying the role of certain IP addresses in the setup. A visual representation of the network setup is recommended to better understand and address the NAT configuration challenges. Remember, for successful NAT configuration, each private address must have a corresponding public address assigned.

04-09-2024
The Plc Kid

The Private Gateway translation address 192.168.1.254 has been configured for individual NAT translations on every device within the 192.xxx subnet. While communication between devices within the subnet is successful, the translated gateway is unresponsive. As per AB documentation, the Private Gateway is designated as any available address within the subnet, with the Public gateway set to the network gateway. My configuration closely resembles AB Publication# IASIMP-QS038A-EN-P, with the only discrepancy being the public IP range of 10.50.68.0, subnet 255.255.254.0, and gateway at 10.50.68.1.

05-09-2024
Helliana

Are you utilizing 96 unique public IP addresses, all within VLAN 10? Having everything on the same VLAN can lead to troubleshooting difficulties. Consider creating separate VLANs for stations 1-12 and routing them through the 8300 for a smoother and more organized setup. This approach can help streamline your network configuration and management.

06-09-2024
The Plc Kid

It seems like you've done a thorough job of trying to resolve the issue. However, one thing that caught my eye is that you haven't mentioned any firewall settings. Sometimes, firewall settings could be blocking the pings. To test this, you could try temporarily disabling the firewall to see if that allows the pings to go through. Also, ensure that NAT is enabled on both the Stratix switch and the devices connected to it. If NAT isn't enabled on all devices, you may experience communication issues. Do not forget to enable the firewall once done testing for security purposes.

10-01-2025
Anthony Lewis

Have you double-checked the NAT rules to ensure they are properly applied to the correct interface? Sometimes, it's easy to overlook the direction for traffic flow—make sure your incoming and outgoing NAT rules match your intended traffic paths. Additionally, verify that your firewall settings aren't blocking the traffic; even with NAT configured, if there's an access control list that's preventing communication, it would result in the issues you're facing. Lastly, check if the firmware on your switch is up-to-date, as bugs or glitches can sometimes interfere with functionalities like NAT. Good luck, and I'm sure you'll get it sorted out!

02-03-2025
Joshua Thomas

It sounds like you've put a lot of effort into this configuration! One thing to check is the NAT rules you’ve set up—make sure that your translation entries specifically allow traffic from the PC and PLC to the intended public IP addresses. Additionally, verify that your VLAN settings are correctly applied and that the switch's interfaces are properly set to handle routing. Sometimes, a simple oversight in defining the default gateway or NAT address mappings can lead to connectivity issues. It might also be worth looking into firewall settings or any access control lists (ACLs) that could be blocking traffic. If all else fails, consider rebooting the switch after making configuration changes, as sometimes the settings might not take effect until a refresh. Good luck!

02-03-2025
Andrew Parker

More Replies →

I am currently working with a single 5700 switch, along with a PLC, PC, and remote I/O device. My focus is on getting this setup operational before proceeding to the next steps.

06-09-2024
Helliana

To optimize your network settings, be sure to set up the necessary NAT entries in both the General tab and the public to private tab. Confirm that the Gig port is correctly connected to VLAN 10 and that VLAN trunking is activated. Additionally, ensure that the smart port is configured for switch automation. These steps are crucial for seamless connectivity and network efficiency.

07-09-2024
The Plc Kid

It is important to confirm that all the ports being utilized are set to automatic negotiation to ensure seamless communication.

08-09-2024
The Plc Kid

I had everything set up except for the SmartPort being set to None... could that be the problem? I don't recall seeing that mentioned in the user manual. Additionally, not everything is configured on VLAN 10. It's puzzling why Rockwell chose to use that as their example. Our goal is to connect the Stratix5700 to our corporate IT network, an environment inaccessible to anyone in our facility, hence the necessity for NAT.

08-09-2024
Helliana

After four months of neglecting it on my desk, I finally managed to get the switch up and running. I owe a huge thanks to PLCKid for helping me out!

08-09-2024
Helliana

I'm pleased to hear that you were able to successfully get it running.

08-09-2024
The Plc Kid

Are generic 1GB SD cards compatible with Stratix switches? Are there any specific formatting requirements for the SD card to work with Stratix switches? Your comments and suggestions are welcome. Thank you, David.

08-09-2024
dadof3and3

David, have you read the manual's requirement for using the 1784-SD1 card from Rockwell Automation with the Stratix switches? The manual also states that Rockwell Automation reserves the right to withhold support if a non-Rockwell SD card is used. It's always best to follow the manufacturer's recommendations to avoid any issues. You can find more information in the manual here: http://literature.rockwellautomation.com/idc/groups/literature/documents/um/1783-um007_-en-p.pdf. It's possible that using a different SD card may cause problems, so it's safer to just go with the 1784-SD1 card to ensure compatibility. It's likely that Rockwell has encountered issues in the past due to the use of incompatible SD cards.

08-09-2024
PLC Gremlin

Thank you for your follow-up. We are looking to buy around 30 items for an upcoming project and are eager to find ways to cut costs.

08-09-2024
dadof3and3

Hello friends, I have attempted to configure my NAT access following the quick start guide, but have been unsuccessful despite numerous attempts. I have attached a diagram of my network setup. My goal is to establish access from the Server PC to the PLC. I have set the General and Public to Private tabs as shown in the image. The Server PC is connected to Gi1/1 (native LAN) and all Smartports are set to none except for Gi1/1 as the switch for automation. Port settings are all set to autonegotiate and the administrative mode to dynamic auto, with Gi1/1 functioning as a trunk. Despite this configuration, I am unable to ping the PLC (which has a public address of 192.168.190.1) from the Server PC. What could be causing this issue? I have tried multiple troubleshooting steps without success so far. Thank you for your assistance in advance.

08-09-2024
asteroide

Can you please help me resolve this problem?

08-09-2024
Kataeb

Streamline Your Asset Management
See How Oxmaint Works!!

✅ Work Order Management

✅ Asset Tracking

✅ Preventive Maintenance

✅ Inspection Report

We have received your information. We will share Schedule Demo details on your Mail Id.

To add a comment, please sign in or register if you haven't already..

Frequently Asked Questions (FAQ)

FAQ: 1. I have a Stratix 5700 switch with NAT capability, but I am unable to get NAT to work properly. What could be the issue?

Answer: There could be several reasons why NAT is not functioning as expected. One common issue could be misconfiguration of the NAT settings, such as incorrect VLAN configurations, translation rules, or gateway settings. Ensure that all settings are correctly configured according to the device's specifications and the network requirements.

FAQ: 2. I have followed the step-by-step instructions in the NAT quickstart guide for the Stratix 5700 switch, but NAT is still not working. What should I do next?

Answer: If following the provided instructions did not resolve the issue, consider double-checking the VLAN configurations, IP addresses, and translation rules for any discrepancies. It might also be helpful to reach out to technical support for further assistance or consult online forums for troubleshooting tips from experienced users.

FAQ: 3. Despite configuring translations with Private and Public IP addresses on the Stratix 5700 switch, I cannot ping certain IP addresses. How can I troubleshoot this problem?

Answer: If you are unable to ping specific IP addresses, verify that the translation rules are correctly set up to map private IP addresses to public IP addresses and vice versa. Additionally, ensure that routing and NAT configurations are consistent across all devices on the network to facilitate proper communication.

Ready to Simplify Maintenance?

Join hundreds of satisfied customers who have transformed their maintenance processes.
Sign up today and start optimizing your workflow.

Request Demo →