Help with Corp IT

where i used to work, the IT department was the engineering Staff. we had 2 networks. corporate and plant.

where i am now, the IT department assigned us a group of ip addresses we could use, the first 11 addresses were reserved for the IT group for future use.

whet you need to do is get them to give you a plant network that cannot be seen by corporate. or get a list of addresses that you can only use.
i suspect that the duplicate ip address issue is coming from the IT group not knowing your plc addresses. explain to them that they are shutting down the plant operations because of this. if that doesn't work, let the line stay down because of the issue and that will get everyone's attention. then the plant manager will get involved.
regards,
james

I had the same issue as robertkjonesjr said in his reply with a stratix 5700 which is pretty much the same switch. Rockwell said it is fairly common and can be solved by disabling the IPDT function using the process described in there tech note ID:BF2882. When this happened I recall them also checking to see if I had DHCP enabled. We do not use it so it was not selected, but I do remember the tech saying that it is common for people forgetting to set up a DHCP pool on the switch so it knows which addresses to exclude.

Your doomed..... Rule 1) Don't let IT near a control system they don't have a clue!

I had a similar issue to this on a site with all Cisco/Stratix switches and it took a hell of a lot of digging before someone uncovered the root cause.

Basically, my company was installing a new control system on an existing site, and when we plugged in the uplink from the wider plant network to our Stratix switch, it would within an hour (sometimes instantly) take down several unrelated production lines. Several of the devices affected were displaying duplicate IP address faults. You better believe that we quadruple and quintuple checked that there were no duplicate IP's going on (there were not) but no matter what, as soon as that switch was on the network, we were guaranteed to cause problems.

In the end, it turns out that it had absolutely nothing to do with duplicate IP's and everything to do with a quirk of the spanning tree management protocol and a stroke of incredibly bad luck.

I'm not a network engineer so I may be a little inaccurate on the details, but essentially, on a managed network, one switch must be in charge of spanning tree management (i.e. scanning the network to ensure that there are no loops that shouldn't be there, and shutting down ports to block undesired loops if one is found). Generally, in a large network, this will be the main layer 3 router. The switch that is in charge of this is designated by some sort of parameter, whereby the device on the network with the lowest number is in charge. This (I presume) allows you to set up multiple devices to be ready to take over should the main device fail.

But, I hear you ask, what happens if the people responsible for setting up this network (coughRockwellAutomationcough) forget to set these settings, and all the devices on the network have the same (default) priority value? I'm glad you asked!

As it turns out, in that case, the device in charge of spanning tree is determined to be the one that has the lowest mac address.

Guess which of the 500+ network devices on this particular network just happened to have the lowest mac address?

Yep. The stratix switch in our new control panel.

So shortly after joining the network, our humble stratix 5700 realised it had a very important job to do, and started messing with ports all over the network trying to map out the spanning tree structure for an entire facility. For completely understandable reasons, this caused some problems with network communications. For reasons I cannot fathom, some of those issues presented as PLC's reporting a duplicate IP address.

So we got RA on the line to sort out the priority settings in their core network infrastructure, and the problem immediately went away.

I swear, networking problems can drive a sane man stark raving bonkers in less than 24 hours.

I bought one Stratix switch to look into and it did the same RSTP thing. After I found out that's what it was I boxed it up and sent it back.

If there is one thing about AB that gets under my skin it's when they do this kind of thing thinking their way is always the best way and to hell with the existing system. I mean
plugging in a new switch should not take out the network under any circumstances. A cisco that its based on doesn't do that.

In fairness to RA, that's not a Rockwell feature, that's just how RSTP works. If you you don't specifically configure at least one device with a lower priority parameter, the tiebreaker is the mac address. We (and presumably you, in that case) just got unlucky with happening to have the device with the lowest mac address on the network.

I only blame RA because this site contracted them to install and configure their entire network backbone, and the RA techs didn't set that setting correctly. If they had, the whole issue would never have occurred. So yes, we can blame RA, but only the people, not the hardware.

The feature is not RA, but enabling it by default is an RA decision.

TheWaterboy said:

The feature is not RA, but enabling it by default is an RA decision.

Click to expand...

Fair point. Do the cisco switches not have it enabled by default?

None I have used do. Its a bad idea for exactly this reason. Same reason they don't have DHCP enabled by default either. You should have to OPT IN to features like that, not out.

create a NAT sheet in excel, first colum is your PLC network IP's (hopefully 192.186.x.x) next is a NAT address assigned by IT(10.x.x.x). then your device description. tell IT this NAT table needs to be on a separate VLan for security. DHCP address need their own VLan.