RUT300 between Factory lan and PLC lan

Dear Sirs,
we do have a machine at a customer place.
Now customer wants to read/write some data from/to PLC.
Since Siemens PLC ethernet cards are very expensive I decided to try with your RUT300.
My idea is to connect the WAN port to the customer network and LAN port to machine network to keep networs phisically separated (I hope :wink: ).

The actual configuration is the following:

*** Machine LAN ***
PLC Address: 192.168.69.1
HMI Address: 192.168.69.100
subnet mask: 255.255.255.0
gateway: 192.168.69.169 (I always use this address as gaeway but it can be changed if necessary)

*** Customer LAN ***
192.168.1.xxx
subnet mask: 255.255.255.0

The idea is to ask customer for a small range of free addresses on its network to be assigned to our devices.
I would like to obtain something like this (just an example)

RUT300 LAN side: 192.168.69.169
RUT300 WAN side: 192.168.1.200
PLC WAN side: 192.168.1.201
HMI WAN side: 192.168.1.202

I tried to follow several examples I found on the forum but it does not worked to me.
So my questions are:

  1. Is it possible or I cannot reach the LAN side from WAN side using those addresses (pubblic, private, etc…).
  2. Can you suggest me how to setup RUT300 to get it working (and eventually modify PLC configuration if necessary)?
  3. is it possible to be completely transparent to all protocols (ping included?)

Regards.

Antonio.

Hello,

Thanks for reaching out to us!

You can configure your WAN port as a LAN port. You can reach out the wiki page regarding the configuration from here.
After that is done, your PC and PLC will now be connected to the same local area network (LAN) and should be able to communicate with one another.

But I guess this is not the thing you want. You can separate your LAN ports. You just need to configure Port Based or Tag Based VLAN configuration. You can see the configuration from here.

If you give me more detailed information regarding your topology(Which protocols will be used, etc,…) I can help you further!

Regards,
Caner

Hi Caner,

thank you for the answer.

You can find the topology attached (sorry for the quality buti t was the only way to send you a sketch).

I simply want the customer PCs to be able to communicate with our PLC (they may want to use an OPC-UA client as an example).

Consider that all the protocols/port and whatever you can imagine must be allowed.

So, my poor knowledge said I had to connect the customer side on the WAN port and the PLC side to the LAN but this is not mandatory, it was just an idea.

This is the first time I use this approach so feel free to suggest the best way.

Of course, we cannot ask customer to change their network and I cannot change my network. On PLC side I can only change the gateway address on the devices configuration.

Look forward for your reply.

Regards.

Hello,

Thanks for sharing your topology.

If you want to use OPC UA protocol for communication between your RUT300 and PLC, you can connect LAN to LAN.

But you also mentioned about the physically separating the networks. For this you need to configure VLAN’s. From the Network > VLAN , it can be done.

From this picture you can see that I created a new VLAN ID 3 and put LAN3 port to this VLAN ID.
From here, you can also create a separate LAN , from the Network > LAN


when you click “Add” a new window will pop up.
From the physical settings you can set newly created VLAN ID.

I’ve created new VLAN ID 3 and connected this VLAN to new LAN3. so VLAN ID 3 means eth0.3 in this example.

We also have really detailed Wiki link regarding those. You can reach from here and here

Regards,
Caner

Hi Caner,
thank you for having some time trying to give me a solution but what you wrote is still far from what I need.
I simplified the sketch (and also made it more readable).
as you can see I did not mentioned if the customer and plc networks are connected to Wan or Lan because I am fully open to do whatever suggested on that side.

The fixed points are:

  • The customer PC’s network configuration cannot be changed!
  • The customer PC cannot ping the PLC at the address 192.168.44.1

The request is:

  • The customer PC can only ping the PLC at the address 192.168.1.201
  • The customer PC must address all read write operation to the address 192.168.1.201
  • The customer PC must be able to read/write the PLC memory using every kind of protocol through any port.

Practically I need the RUT300 to act as a second NIC of my PLC.

Resuming: just tell me if this is possible and in case it is, please guide me step by step from scratch (I already restored to factory default the RUT300 a hundred of times :slight_smile: ).

I hope you can give me a solution before the weekend because on monday 19th I will trave to the customer place.

Regards.

Antonio

Hi @pippo,
IMHO your diagram already shows the solution.
RUT300 with 192.168.1.228 on the WAN side
and 192.168.44.169 on the LAN side

Port forwardings in the RUT300 for every port you need to communicate with the PLC like:

  • source IP any, source port any
  • destination IP any, destination port [the_one_you_need], protocol TCP (I guess)
  • forward to 192.168.44.1 port [same as above]

Regards,
Timelapse Admin

Quick, clean and easy as it had to be but… It does not work.
I reset to factory default.
Configured lan and Wan as mantioned.
Configured portfwrd as mentioned but does not work.

Included all protocols. Still ko.

Changed firewall rules to accept everything from Wan. Still ko.

Honestly. If a solution does not come I will be forced to change to another router or an ewon to have both remote access and IP NAT.

Thanks and regards.

Hi @pippo,

and on the Advanced Settings page set NAT loopback to off.
If not needed also remove the UDP protocol. For External port
use the on required by the PLC or set it to any.
Regards,
Timelapse Admin

Thank you for the new info but it does not work.
If you want me to send the screens of the actual setup of the router I can prepare them for you.
regards.

This topic was automatically closed after 15 days. New replies are no longer allowed.