Programming SLC 5/05 over the internet

chakorules

Member
Join Date
Apr 2002
Location
Huntington, IN
Posts
194
I've almost got my own question answered but I figured I'd think out loud.

I am designing a machine that is located in another state:

me --->internet--->other plant--->my provided router--->their internal network---->SLC 5/05

I am pretty sure all I need to do is convice the customer to give our supplied router a dedicated IP address.

So the way I see it:

I will start RS Linx, connect to the internet, enter the IP address of the router that we supplied, and the same router will have a real world internet approved IP address that my customer assigned. Inside the router, NAT will be enabled, which will direct my request from the router, to the SLC 5/05 which has an IP address of 192.168.0.1. This is the companies internal network IP structure.

But what if the company can not provide a dedicated IP address for my router? What other options do I have then? My customer has already strictly said, no dial in modems...a little wierd, but that was the request. So without the aid of a dial in modem, what other options do I have? Actually they asked that they did not want a dedicated phone line to the PLC, but they did not say I couldn't VPN into there network with my modem.

So I guess my second option would be use my own dialup modem and VPN into their internal network, provided that the IT person will create a VPN account on their domain controller server. However this option is not using the internet...

Is there a third option? I've heard something like using RS Linx Gateway, what does this product gain me? Anything?
 
Chris,

Your saying that you would dial into their network and VPN that way correct?

You can VPN into thier network via the internet as well. I do this from home sometimes if I need to get on our network.

I dial into my ISP and connect like I normally would, I then launch the VPN connection which has previously been setup which automatically logs me into my companys network using my usual login. It is as if I am logged in at my computer at my desk except I am at home.

I don't know how it is setup on the company network side but on my computer there is an IP address supplied to the VPN settings. I would imagine this is the IP Address for the router or firewall. I'm not well versed in that stuff.
 
I realize that I'm swimming against the tide here...but I don't think that I would want to program a machine from another part of the country. I would want to be there when the GO button was pushed. I understand what a great troubleshooting time saving tool remote access can be. But writting new code.......I don't think I'll ever do that. And I can guarantee that if I were the plant manager that I would not allow it.
 
Maybe I mis-typed my question.

I will be designing and debugging the machine at my location. When I am finished it will ship out of state. Generally we use remote access when there is trouble. So then the customer calls us because they do not staff a controls engineer. We hi-jack the PLC and tell them what is wrong over the phone 9/10 it's a bad prox or photoeye.

I bet if you were the plant manager, you WOULD allow this because your bean counter does not like to pay travel time and hotel stay for your contracted help to arrive. ;-)

Did you have any suggestion about the remote access that could help me?
 
Your saying that you would dial into their network and VPN that way correct?

Well I did not realize that I could VPN using the internet, I thought it was still all done with modems. Thanks for the TIP. I'll keep that on the back burner.

I prefer NOT VPN, maybe something more cleaner. Hopefully down the lines of the router and the dedicated IP address, but I wanted to know if there was any other way that maybe if Rockwell Software had come out with a magic gateway software or something like this that could be used in case the dedicated IP address thing does not work out.
 
What's a horse of a different color

Well that does make a difference!!!! I would and have used remote access for troubleshooting. Many of our division people are itching to sit in the home office and write new code. Then blow it into the processor over the eithernet network.
 
Maybe you can convince your customer's IT department into enabling a Port Forwarding function on an IP address that is exposed to the Internet (not necessarily a special one for you).

The only port you have to forward to communicate with an SLC-5/05 is TCP Port 2222.

I am doing this right now with a cheap Linksys router and RCA cablemodem. Put IP address 12.228.2.51 into your RSLinx Ethernet driver (if you have Internet access on your programming machine) and you should be able to see the SLC-5/05 in my apartment near Lake Union.

That's the cheap and dirty way, relying on a password or OEM lock bit to provide security for the SLC. The really secure way to do it is to establish a VPN tunnel.
 
Hi ,
Hope you don't mind as this wasn't for me , but I did , and I can . Thats really nice . Could you confirm the hardware that you have at your end and the set-up used (being a bit lazy here , could probably guess this for myself ) As you say , security is the main problem here , and whilst a processor password is the quick sort (******** doesn't seem to work all the time) . I am fairly sure I understand what you mean about port configs (2222) but would love it if you could confirm all .
Thanks!
 
Ken,

Thanks for the DEMO! I connected no problems and there didn't appear to be any lag using 56K internet access.

You talked about security, but I see that you have to PLC in RUN key position which will not allow any ladder changes, so that in a sense is some what a security method, but not 100% because of forces and toggle bits...

I understand what you mean about "port forwarding". Most companies already have a Router installed for their internet connection, port forwarding should work. I'll check into this.

Thanks again.
 
Fareast makes the point eloquently; this is not a secure way to connect a controller to the Internet. This particular demo is running a SLC-5/05 with a DeviceNet scanner module in Slot 01 of a 7-slot chassis. It's meant strictly to be a training demo for DeviceNet explicit messaging.

I don't know if a typical enterprise router has the ability to allow Port Forwarding only for packets that come from a specific IP, or if there is some way to allow a remote user to use a secure login before opening up a forwarded port.

My router is the popular Linksys BEFSR42, which is cheap and has been very effective for my home network. There is a "port forwarding" feature that sends any packet coming into my Internet IP address that is requesting TCP Port 2222 forward into my internal IP address for the SLC controller, which is 192.168.1.101.
 
All that RSLogix 500 needs to communicate over any network, including routing TCP/IP over the Internet, is RSLinx Lite.

RSLinx Gateway is specifically made to allow TCP/IP clients to access A-B proprietary networks like ControlNet and DH+. If you wanted Internet access to a DH+ network, you could set up a computer running RSLinx Gateway and a 1784-PKTX card, and use the same port forwarding or VPN techniques.

But for this brief demo or any remote diagnostic application, RSLinx Lite will work.

P.S. Whoever forced my DeviceNet scanner into Idle mode; yes, it worked. I now Write-Protected Channel 1 on the controller. See if you can do it again !
 
Last edited:
I got it to work. I was also able to cofigure the devicenet pass-thru driver and it saw the processor. If I has RSNetworx, would I be able to see the D-Net?

BTW- I have never done this stuff before, though I have thought about it. You have lowered my apprehension level quite a bit.
 
You could browse the DeviceNet with that Pass-Through driver with just RSLinx, but you'd need RSNetworx for DeviceNet in order to actually configure any of the slave devices.

I pulled the DNet cable off the scanner just to keep anything from being accidentally turned on while we mess with the controller via the Internet. I'll plug it back in tonight and disable the output power on my relays and lamps instead.
 
Hi all,
As far as remote access to a machine, I found a cool package from http://www.crossteccorp.com/netopremote/index.html called Net-Op.

All you have to do is load the "host" software on a computer on-site that is connected to the machine and set it up to start when the computer boots (in case of power failure at the site). This computer would also have to have a modem and a direct dial phone line.

Then at home you have the "guest" software installed on your computer and a modem.

With a little configuration of the Net-Op software (phone numbers, passwords, etc) you can dial in to the remote computer and "take it over" from your house or wherever you have "guest" installed. (laptop at the airport?)

COMPUTER AT SITE:
power up computer,
Net-Op "host" runs during startup (TSR)
RSLogix runs (or whatever software programs your PLC or other device)
modem connected and waiting

HOME/REMOTE COMPUTER:
click on Net-Op "guest"
dial up
run remote computer & software from where you are

This is kind of slow for me through my 56K connection, but I think they have Net-Op for DSL type connections and such. And being a local connection saves on a long-distance call, for me. They may have solutions for internet also, but the 56K works good for my situation.

And it's relativly CHEAP.

Good luck & happy holidays!

Jim
 

Similar Topics

I am just finishing up my project, which was my first experience with PLCs. I thank everyone that has helped me work through the RIO and analog...
Replies
11
Views
2,961
Hello, I've taken on yet another basket case old machine running an 7 slot SLC 5/03 PLC.... I have run into a situation where I see the same 4...
Replies
3
Views
5,613
Hello guys. Got Slc5/04 with 9pin d shell port in it. Have cheked some manuals and this port is an RS 232. I want to ask if I could use a generic...
Replies
3
Views
2,337
i have a slc 5/02, but i'm not sure wich software to use (i have both rslogix 500 and 5000) but the main problem is that i dont have the cable, i...
Replies
12
Views
5,665
On site computer is using 1784-PKTX. The computer is connecting to 1785-KA5. I can program the SLC 5/03 with DH+.(1784-PKTX to 1785-KA5 to SLC...
Replies
1
Views
1,726
Back
Top Bottom