Академический Документы
Профессиональный Документы
Культура Документы
N:1 NAT This is a very popular NAT process that is encountered all the time, especially if your network utilizes the Internet connection. N:1 NAT is when one (1) IP address translates to multiple (N) IP addresses, very much how the Internet connection at home and small office is set-up to do. Port Forwarding When you are in a N:1 NAT, you sometimes need to access services that is located in the LAN side of the network (or the N part of the NAT) which is hidden from the WAN or Internet. Port Forwarding will associate a specific port or a range of ports from the LAN and map it to another set of ports which can be different to the WAN. This is usually used to forward ports in order to access Websites or FTP servers from the LAN to WAN. Port Forwarding can be too restrictive especially if you have multiple similar services you would like to forward, such as HMI web interfaces and FTP servers.
The 1:1 NAT is a way to map one WAN IP Address to one LAN IP Address. This is very useful when you want to standardize the IP Address scheme of your production line while still providing connectivity. Application Scenario Overview Ten production lines independent from each other. The Customer requests to access the Web Interface from 2 of the 3 HMIs to look at production status for each line. The customer requests to have a set of specific data to be logged from each line to their existing SCADA server in the office network for production analysis. The Production Line and Office Network have different IP address schemes. Goal Minimize communication changes of PLCs and other Network devices in the production lines Keep all the production lines separated from each other. Provide the network connection to the SCADA server Provide the Web Interface service to the customers Office Network Solution Add an EDR router in each Production Line
Page |3 Set the EDR series for 1:1 NATing Add the LAN IP address as the Gateway Address of the requested PLC and HMI Map the PLC and HMIs IP address to a set of IP addresses that will be part of the customers office Network. What will happen with the solution The Production Line network does not have to change; a gateway address is added so that requests/responses from the customer offices network will go to the EDR first. Each production line will not see each other; therefore, minimizes possible IP conflicts from the Production Line. The Office Network has full access only to the requested PLC and HMI. Additional security feature such as the EDRs built in Firewall can be implemented if desired to increase system security. How to Set-Up an EDR series for 1:1 NAT This section will cover set-by-step on how to set-up the EDR-G903 for 1:1 NATing. Keep in mind the set-up is very similar for the EDR-G902 and EDR-810 series as well. Overview Set the EDR-G903 for 1:1 NAT to route a P3K PAC and a C-More HMI to another network. Setting before adding the EDR-G903 o P3K PAC IP Address: 192.168.7.20 Subnet: 255.255.255.0 Gateway: None o C-More HMI IP Address: 192.168.7.21 Subnet: 255.255.255.0 Gateway: None Setting after adding the EDR-G903 o P3K PAC IP Address: 192.168.7.20 Subnet: 255.255.255.0 Gateway: 192.168.7.250 o C-More HMI IP Address: 192.168.7.21 Subnet: 255.255.255.0 Gateway: 192.168.7.250 o EDR-G903 LAN Port IP Address: 192.168.7.250 Subnet: 255.255.255.0 Gateway: Not Applicable WAN1 Port
Page |4 IP Address: 10.10.10.2 Subnet: 255.255.255.0 Gateway: None 1:1 Mapping 192.168.7.20 to 10.10.10.200 192.168.7.21 to 10.10.10.210 Firewall Fully Open
Set-Up Instructions Connect to the LAN port of the EDR-G903 Login to the EDR-G903 Default IP address: 192.168.127.254 Username: Admin Password: No Password
For testing purposes, go to the Firewall settings and make sure all ports are open. Click on Firewall Policy Click on Policy Overview
Page |5
Change the LAN IP address of the EDR-G903 Click Network Interface LAN o IP Address: 192.168.7.250 o Subnet Mask: 255.255.255.0 Click Activate Click Confirm
Dont forget to change the PCs IP computer to be part of the new LAN network
Page |6
Change the WAN IP address of the EDR-G903 Click Network Interface WAN1 This can be DHCP; however, it has to be part of the same network the 1:1 NAT is mapped to. In this case 10.10.10.x Network o Connect Mode: Enable o Connect Type: Static IP o IP Address: 10.10.10.2 o In this set-up, the DNS and PPTP are not needed. Click Activate Click Confirm Configure the NAT for 1:1 Click on NAT
Page |7
Click on New/Insert
C-More HMI Configuration o NAT Mode: 1-1 o Interface: WAN1 o LAN/DMZ IP 192.168.7.21 o WAN IP 10.10.10.210 Make sure Enable is Checked Click Modify
Page |8 Do the same for the P3K o NAT Mode: 1-1 o Interface: WAN1 o LAN/DMZ IP 192.168.7.20 o WAN IP 10.10.10.200 Click Activate Click Confirm Test Instructions Disconnect the computer to the LAN port of the EDR-G903 Connect the PLC/HMI Network to the LAN port Connect the PC to the WAN1 port of the EDR-G903
Change the IP address of the PC to be part of the 10.10.10.x network o PC IP Address: 10.10.10.40 o Subnet Mask: 255.255.255.0 o Gateway: Blank o DNS Servers: Blank
Access the P3K PLC for programming for the NATed network Congratulations! The system has been set-up for 1:1 NATing
P a g e | 10
Can the LAN and WAN networks have the same IP address scheme and route properly?
KNOW THE ANSWER TO THE QUESTION?
ANSWER THE QUESTION FOR A CHANCE TO WIN A $100 AMAZON
GIFT CARD!
Click Here
http://www.quantumautomation.com/techcorner-questionnaire.html
About Us
Quantum Automation is a networking and controls distributor comprised of talented Electrical and Mechanical Engineers dedicated to understanding and delivering exactly what you need. Founded in 1991, Quantum Automation is the largest of four Value Added Resellers for AutomationDirect in America. We are also the largest distributor of Moxa networking products in America. Our other major product lines are: Advantech for industrial computers, IDEC for control products, and eWON for Remote Access Routers. Recognized for outstanding customer service, quality products, hands-on training, competitive prices, and over 30,000 part numbers to choose from, its no wonder thousands of OEMs, Systems Integrators, and End Users choose Quantum Automation as their #1 Value Added Reseller!