Joined: 12 July 2008
Looking for some general advice as I am not a networking expert (tend to hang out in control & automation).
I will try and explain my quandry as clearly as possible
I have an existing facility with several machines connected to a PC to control them via a fieldbus known as Interbus. The connection to the PC is via what is termed as a COP card. On the PC we have a software suite running to control these machines (four per COP card). Communication comes from the host system over TCP/IP with each machine assigned an individual port number on the PC IP address, so the host can send individual message to each machine and the machine can report back its status, errors etc etc.
We are undertaking upgrades from the PC control (due to unsupportability) to PLC control which works well and we have already completed a few of these. Each PLC has a Comms card and can control up to two machines, so we have to get changes made at the host level to split machines on new IP addresses, as this is usually a prolonged commissioning period we have to keep swapping between the old and new system, and each time have the host modified.
This works fine when the host is our own, but has proved more difficult with third party host suppliers, some of which no longer exist.
So to the question, which I think would work but am looking for clarification before putting in more effort.
I want to put a managed switch in place in the network connected to the host with the same IP address as the existing PC (host is happy it can see the IP). On the "other side" of the switch I would have the orginal PC (maybe still with its original IP address) and the first of the new PLC's with a new IP address.
The switch would then foward anything for the ports still connected to the PC say 8001, 8002, 8004 and anything for the machine now on the PLC port 8004 would be forwarded to the PLC on the new IP address.
This would allow the commissioning engineer to swap the machines between new and old system with just a simple change in the switch each time.
Would it be a problem if the host establishes a connection (server) with the PC (client) when putting the switch in?
I am sure its not as simple as that but if anyone has advice or a better solution it would be appreciated.
Joined: 15 November 2008
I would use a router/firewall, if you've got the cash a Cisco PIX or something in order to ensure all other ports are blocked, plus tie down your third party by IP address, giving you more security. Even better, create a VPN between the sites and restrict access lists to those devices you need to give him access to, determine TCP or UDP type of protocols, this way he can communicate without switching ports and if ever needed, all of the devices.
Managed switch in my opinion won't work, if it does, opens up potential security issues.
Hope that helps.
Matt Wilson CertDir, CITP, FIET, FBCS, FIoD, FCIM