What Subnet do you put your PLC's on??

gbradley · Apr 8, 2022

JesperMP said:
...
You can look in the list that I linked to.

10-4,
That makes me feel better.
Good list.
https://www.softwaretestinghelp.com/default-router-ip-address-list/

NetNathan · Apr 8, 2022

Most of my systems have a computer, so I use at least 2 ethernet cards.
1 is for the customer to connect for backups and service.
The other is for the PLC to the computer (I do not like at all having the PLC on the same network as the company.)

I will use 192.168.x.x fo PLC to computer, but it is around 192.168.101.x and mask is 255.255.255.0.
The equipment gets a lower IP number and +100 for computer.
So if equipment number is 15, then PLC is 192.168.101.15 and computer is 192.168.101.115.

mass89 · Apr 9, 2022

We usually use 192.168.x.x for systems not networked. If the customer wants the system networking they would usually be able to specify a subnet with available IPs, often a VLAN dedicated for control systems 10.xxx.yy.zzz

seth350 · Apr 11, 2022

Something I have been thinking about…
Say, hypothetically someone could access any networked industrial control device (as long as IP address is known) on a company WAN that spans multiple states in the USA. Also, they could go online, upload, download, reset, etc said devices.

Is that a common thing?

Saffa · Apr 12, 2022

seth350 said:
Something I have been thinking about…
Say, hypothetically someone could access any networked industrial control device (as long as IP address is known) on a company WAN that spans multiple states in the USA. Also, they could go online, upload, download, reset, etc said devices.

Is that a common thing?

Pretty common. Place I used to work at only had 3 controls engineers covering 7 operations across the whole of NZ. One guy on call, so you would have to connect to the VPN and look at something several hundred kms away.

Control network was separate from the general company LAN though.

TurpoUrpo · Apr 12, 2022

JesperMP said:
Absolutely AVOID 192.168.x.y.
If you have the same subnet on both side of a Router, most often Routing wont work.

Learned the hard way.
Basically avoid 192.168.x.y and 10.z.x.y altogether.

Also look here (browse down to the list):
https://www.softwaretestinghelp.com/default-router-ip-address-list/
The article says IPs of wireless routers, but in my experience it is any kind of router.

I am not telling what IPs we are using, but I suggest selecting a scheme that is not commonly used with routers.

This is just poor project management to try to guess a range that is not in use. Subnet ranges should be agreed, usually communicated and decided from the end-user but the provider of the machinery needs to also understand to take the topic to discussion if needed.

Aardwizz · Apr 12, 2022

seth350 said:
Something I have been thinking about…
Say, hypothetically someone could access any networked industrial control device (as long as IP address is known) on a company WAN that spans multiple states in the USA. Also, they could go online, upload, download, reset, etc said devices.

Is that a common thing?

A company I worked at had a production line that they wanted to duplicate in Hong Kong. They sent all the drawings, specs and code of the existing line to the engineers there..

When Hong Kong was going live, they were having trouble getting things to work. Simultaneously, the existing line started having weird issues, like drives coming on all by themselves.

It seems that no one changed the IP addresses in the code for the new line, and the corporate network was routing commands from Hong Kong to the US system !

JaxGTO · Apr 12, 2022

In one of the biggest plant I do work at they use the 192.168.x.y for the Plant network. But it is 100% isolated from the Office network.
We use subnets for IO where the IP is easily changed by a maintenance person where a computer is not required.
All of the PLCs have a base address like 192.168.1.10 then its IO is all 192.168.10.y
We also have 100% managed Stratix switches all connected on a fiber network. We are using vLans to separate and route the traffic.

The main thing about keeping the 192.168.1.y is that a new device that has rotary switches for the last octet can be easily replaced without the need of a computer. For this customer it includes Flex IO, SMC Valve banks, and Festo valve banks.

JesperMP · Apr 13, 2022

In response to my post:

TurpoUrpo said:
This is just poor project management to try to guess a range that is not in use. Subnet ranges should be agreed, usually communicated and decided from the end-user but the provider of the machinery needs to also understand to take the topic to discussion if needed.

We are delivering standard machines. Consider that we have several thousand machines in the field at customers sites.
1. Each machine has the same IP address structure as the next identical machine.
2. We cannot arrange beforehand that networking is coordinated with the end-customer.
3. The end-customer may change things on his side at any time.
4. The end-customer provides the internet connection for remote support, and the router very often gets assigned an IP in the abovementioned ranges. If we don't exclude these IP ranges from our standard network setup we will run into problems.

So the satisfy both our and the customers networking setup, while still allowing everything to communicate with each other, the solution (for us) is not to coordinate beforehand with the customer, but to provide a solution that handles this scenario per standard.

What Subnet do you put your PLC's on??

gbradley

Lifetime Supporting Member

NetNathan

Lifetime Supporting Member

mass89

Member

seth350

Member

Saffa

Member

TurpoUrpo

Lifetime Supporting Member

Aardwizz

Member

JaxGTO

Member

JesperMP

Lifetime Supporting Member + Moderator

Similar Topics