What Subnet do you put your PLC's on??

Dayvieboy

Lifetime Supporting Member
Dayvieboy
Join Date
Jun 2013
Location
San Francisco Bay Area
Posts
132
Does it ever make sense to use the default
192.168.xxx.xxx to put equipment on?

Using the most popular private subnet in the world
for machines seems to invite many problems and
makes troubleshooting much harder

I was just on project having issues going online with a PLC.
Turns out they were thinking the PLC was alive but were actually pinging something that is not even a PLC a 1/4 mile & 2 buildings away.

(IT is dealing with this as private networks should never be seen public)

I have had problems several times over the years when people
plug things into an incorrect network, do not use a VLAN/NAT,
put the PLC on a the public network
& several other reasons.

192.168.1.xxx is the Rockwell option for Ethernet adaptors
when using the hardware thumbwheel.

I am thinking of using 1.0.0.xxx
Since we have hundreds of PLC's and will have
to type the IP's thousands of times a year
it will save several thousands of keystrokes & typos.

I tried finding articles on often & seldom used subnets but found nothing

Curious what other subnets people use for their machine networks.





Some info I found on private networks:

https://sourcedaddy.com/networking/private-subnets.html

https://www.computerweekly.com/news/...e-IP-explained

https://en.wikipedia.org/wiki/Private_network
 
192.168.1.x, always, unless a customer specifies otherwise. Most devices we use are biased towards that subnet, why make our lives more difficult?

Ping 1.0.0.100, something replies. That is why you use private subnets, not public ones.

Edit: some context, on average, our machines have 15-20 addresses. When they are part of another network, we use a CompactLogix with dual configurable ports (5069), customer networks the machine on the alternate port configured for their network.
 
Last edited:
I have delt with many customer networks. Some of the largest networks are in saw mills. They use 192.168.xxx.yyy. The use the xxx for the machine center. The yyy field indicates what kind of device is attached. For instance, 192.168.xxx.002 will be a PLC. 192.168.xxx.003 will be a HMI. Etc. It keeps things organized.


At work we are not so organized. Everyone is on 192.168.xxx.yyy.
However, my computer has a second Ethernet port so I put the motion controllers on 10.0.1.yyy just so the motion controllers don't chew up the main network's bandwidth.
At home my network is also 10.0.1.yyy so when I use the company VPN, my local devices do not interfere with the company network.
 
Absolutely AVOID 192.168.x.y.
If you have the same subnet on both side of a Router, most often Routing wont work.

Learned the hard way.
Basically avoid 192.168.x.y and 10.z.x.y altogether.

Also look here (browse down to the list):
https://www.softwaretestinghelp.com/default-router-ip-address-list/
The article says IPs of wireless routers, but in my experience it is any kind of router.

I am not telling what IPs we are using, but I suggest selecting a scheme that is not commonly used with routers.
 
I never use 192.168.xxxx.xxx because it it has caused conflicts of the same device id on customer networks in the past.

We have a job number for each piece of equipment. I always set the equipment to the first two digits of the job number, last two digits of the job number, the unit (if there are more than 1 of the same unit) and then the location of the object.

For example, if the job number is 8536 I would put everything on
85.36.1.1 PLC
85.36.1.2 HMI
etc.

The chances that you will pick the same subnet the customer's network is using is highly unlikely. I always note that address in the drawings, and if the customer sends us a requested network address I use that.
 
Interesting discussion. I always understood it was very important to use a private IP class range. I'm not enough of an networking expert to give a reason why, but it does seem to make the most sense if connecting the machine network to any type of router. Most of the sites we work on are Class A (10.x.x.x) or Class C (192.168.x.x)
 
In the private range, I try to avoid 192.168 because so many consumer devices use that. As Rson said above I try to use something that's not common like the traditional private ranges used in consumer and IT as this can be helpful when working with advanced networking and troubleshooting.

Customer preference will be the most driving factor but if they have no preference I choose something out of the common spectrum in most cases.
 
Rson said:
if the job number is 8536 I would put everything on
85.36.1.1 PLC
85.36.1.2 HMI
etc.
Click to expand...

I would advise against this and always use a private IP range in the class A,B or C network ranges, as these are not routable on the public network. Sure 192.168.1.xxx or 192.168.0.xxx are very common but there are many other network addresses in the private address space than using the public IP range.
 
Always 192.168.x.x or 10.x.x.x or 172.16-31.y.y


Some IP addresses are asking for trouble though. x.x.0.1, x.x.1.1, x.x.x.255, x.x.x.0, and maybe I would also include x.x.x.254.


In anycase, static IPs should be requested and assigned from the network adminstrator. Anyone just choosing their own static IPs for fun, well, at least we know who to blame.
 
This is indeed an interesting discussion. We've been trying to find the answer to this question for a long time. We can't seem to get a straight answer from anyone.

We have miraculously teamed with our IT department to plan this out. We have hundreds of PLCs and literally thousands of devices that could potentially be on the same network. We have decided to leave the local machine networks alone and isolated. Meaning, they will remain on their 192.168.x.x networks and we will use a NAT device to connect to the devices of interest (mainly the PLCs since they can contain all the information necessary to uplink).

In addition to the NAT, the upper level networks will be segmented. Either by line or department depending upon the level of interconnection required. The upper level networks are isolated for security and will only route to the systems that require the connection.

This is a lot to maintain but it eliminates the fears I'm seeing from the responses, "don't use 192.168.x.x."
 
IO_Rack said:
"don't use 192.168.x.x."
Click to expand...

The only reason to avoid this address space is because many consumer devices/industrial automation devices default or are setup with a static IP in this address space. The biggest threat is having a duplicate IP on a running network.
 
@IO rack.
+1 the use of NAT routers. We use these extensively.

@chelton.
No it is not the only reason. Like I said before, if there is the same IP subnet on both side of a router, not necessarily identical IPs, then routing wont work.
We see this problem when we want to remote in via VPN, and our VPN router for example gets the IP 192.168.0.1 on the outside line, and there is also many devices on the machine side with IPs like 192.168.0.10, 192.168.0.11 etc.
 
I have had problems several times over the years when people
plug things into an incorrect network, do not use a VLAN/NAT,
put the PLC on a the public network
& several other reasons.
Click to expand...

IT originally wanted to connect all PLCs and devices to their network so they could control the traffic. I handed them a list of protocols and port numbers from Rockwell and Omron and they quickly backed off.

I also want to mention the NAT. With the Rockwell solution, we would be required to set the gateway address on any device we wanted to talk to. We found another device that doesn't require that. I wish I knew the specification for this or why it's possible with one device and not the other.

Our idea is to not change any network settings on the local machine networks.
 
sbaum said:
Interesting discussion. I always understood it was very important to use a private IP class range. I'm not enough of an networking expert to give a reason why, but it does seem to make the most sense if connecting the machine network to any type of router. Most of the sites we work on are Class A (10.x.x.x) or Class C (192.168.x.x)
Click to expand...

This is the right answer because These are private subnets. This means traffic cannot be routed to them or from them to/from the internet. These ranges are a critical security layer to secure a control network.

I can see avoiding 192.168 because of so many default IPs being in this range. IT should be able to help you get an exclusive 10.x.x.x subnet of whatever class you need to support the number of devices expected on the network.

If you use public IPs for PLCs, you are playing with fire.
 

Similar Topics

A
WinCC PC-PLC cross-subnet communication configuration in TIA
In our production plant we have multiple different networks (subnets). IT dept have setup routing between them so different subnets can...
Replies
0
Views
84
aamirawan91
A
A
WinCC SCADA to the S7-PLC cross-subnet communication?
Is it possible to connect a PC with running WinCC Advanced or Unified to a siemens PLC such as S7-1200 across different subnets? The computers can...
Replies
0
Views
75
aamirawan91
A
dalporto
1756-EN2TR Ethernet Module - Change Subnet Mask
Hi. Rockwell learning curve 132-1b. I was having trouble to change IP address on a EN2TR. Finally found out that I need to change the IP...
Replies
1
Views
746
AlfredoQuintero
A
L
VLAN routing (communication between 2 IP adress with diferent subnet)
Hello everyone, I have a question... is it possible that two IPS in different network segments can see each other through communication between...
Replies
3
Views
1,095
harryting
H
C
FTLinx, Local Subnet Devices Thru EN2T
We have two, nearly identical machines. One configuration utilizes a L33ERM and I am able to see and access the local subnet devices, such as...
Replies
8
Views
990
cb423
C
Back
Top Bottom