August 22, 2013

NAT configurations for Moxas EDR series

What is a NAT? Not to be confused with those pesky flying insects, GNATs. NAT or Network Address Translation is a routing process where IP address information is translated to another IP address. Both addresses are typically of different subnetworks or segments in which Layer 3 devices such as the EDR-G902, EDR-G903 and EDR-810 series readily support. Types of NATs typically use

N:1 NAT This is a very popular NAT process that is encountered all the time, especially if your network utilizes the Internet connection. N:1 NAT is when one (1) IP address translates to multiple (N) IP addresses, very much how the Internet connection at home and small office is set-up to do. Port Forwarding When you are in a N:1 NAT, you sometimes need to access services that is located in the LAN side of the network (or the N part of the NAT) which is hidden from the WAN or Internet. Port Forwarding will associate a specific port or a range of ports from the LAN and map it to another set of ports which can be different to the WAN. This is usually used to forward ports in order to access Websites or FTP servers from the LAN to WAN. Port Forwarding can be too restrictive especially if you have multiple similar services you would like to forward, such as HMI web interfaces and FTP servers.

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |2 . 1:1 NAT

The 1:1 NAT is a way to map one WAN IP Address to one LAN IP Address. This is very useful when you want to standardize the IP Address scheme of your production line while still providing connectivity. Application Scenario Overview Ten production lines independent from each other. The Customer requests to access the Web Interface from 2 of the 3 HMIs to look at production status for each line. The customer requests to have a set of specific data to be logged from each line to their existing SCADA server in the office network for production analysis. The Production Line and Office Network have different IP address schemes. Goal Minimize communication changes of PLCs and other Network devices in the production lines Keep all the production lines separated from each other. Provide the network connection to the SCADA server Provide the Web Interface service to the customers Office Network Solution Add an EDR router in each Production Line

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |3 Set the EDR series for 1:1 NATing Add the LAN IP address as the Gateway Address of the requested PLC and HMI Map the PLC and HMIs IP address to a set of IP addresses that will be part of the customers office Network. What will happen with the solution The Production Line network does not have to change; a gateway address is added so that requests/responses from the customer offices network will go to the EDR first. Each production line will not see each other; therefore, minimizes possible IP conflicts from the Production Line. The Office Network has full access only to the requested PLC and HMI. Additional security feature such as the EDRs built in Firewall can be implemented if desired to increase system security. How to Set-Up an EDR series for 1:1 NAT This section will cover set-by-step on how to set-up the EDR-G903 for 1:1 NATing. Keep in mind the set-up is very similar for the EDR-G902 and EDR-810 series as well. Overview Set the EDR-G903 for 1:1 NAT to route a P3K PAC and a C-More HMI to another network. Setting before adding the EDR-G903 o P3K PAC IP Address: 192.168.7.20 Subnet: 255.255.255.0 Gateway: None o C-More HMI IP Address: 192.168.7.21 Subnet: 255.255.255.0 Gateway: None Setting after adding the EDR-G903 o P3K PAC IP Address: 192.168.7.20 Subnet: 255.255.255.0 Gateway: 192.168.7.250 o C-More HMI IP Address: 192.168.7.21 Subnet: 255.255.255.0 Gateway: 192.168.7.250 o EDR-G903 LAN Port IP Address: 192.168.7.250 Subnet: 255.255.255.0 Gateway: Not Applicable WAN1 Port

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |4 IP Address: 10.10.10.2 Subnet: 255.255.255.0 Gateway: None 1:1 Mapping 192.168.7.20 to 10.10.10.200 192.168.7.21 to 10.10.10.210 Firewall Fully Open

Set-Up Instructions Connect to the LAN port of the EDR-G903 Login to the EDR-G903 Default IP address: 192.168.127.254 Username: Admin Password: No Password

For testing purposes, go to the Firewall settings and make sure all ports are open. Click on Firewall Policy Click on Policy Overview

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |5

Change the LAN IP address of the EDR-G903 Click Network Interface LAN o IP Address: 192.168.7.250 o Subnet Mask: 255.255.255.0 Click Activate Click Confirm

Dont forget to change the PCs IP computer to be part of the new LAN network

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |6

Change the WAN IP address of the EDR-G903 Click Network Interface WAN1 This can be DHCP; however, it has to be part of the same network the 1:1 NAT is mapped to. In this case 10.10.10.x Network o Connect Mode: Enable o Connect Type: Static IP o IP Address: 10.10.10.2 o In this set-up, the DNS and PPTP are not needed. Click Activate Click Confirm Configure the NAT for 1:1 Click on NAT

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |7

Click on New/Insert

A popup will appear Click OK

C-More HMI Configuration o NAT Mode: 1-1 o Interface: WAN1 o LAN/DMZ IP 192.168.7.21 o WAN IP 10.10.10.210 Make sure Enable is Checked Click Modify

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |8 Do the same for the P3K o NAT Mode: 1-1 o Interface: WAN1 o LAN/DMZ IP 192.168.7.20 o WAN IP 10.10.10.200 Click Activate Click Confirm Test Instructions Disconnect the computer to the LAN port of the EDR-G903 Connect the PLC/HMI Network to the LAN port Connect the PC to the WAN1 port of the EDR-G903

Change the IP address of the PC to be part of the 10.10.10.x network o PC IP Address: 10.10.10.40 o Subnet Mask: 255.255.255.0 o Gateway: Blank o DNS Servers: Blank

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Page |9 Ping the mapped P3K PAC

Ping the mapped C-More

Access the FTP Server of the C-More

Access the Remote web console of the C-More

Access the P3K PLC for programming for the NATed network Congratulations! The system has been set-up for 1:1 NATing

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

P a g e | 10

Can the LAN and WAN networks have the same IP address scheme and route properly?
KNOW THE ANSWER TO THE QUESTION?
ANSWER THE QUESTION FOR A CHANCE TO WIN A $100 AMAZON

GIFT CARD!

Click Here
http://www.quantumautomation.com/techcorner-questionnaire.html

About Us
Quantum Automation is a networking and controls distributor comprised of talented Electrical and Mechanical Engineers dedicated to understanding and delivering exactly what you need. Founded in 1991, Quantum Automation is the largest of four Value Added Resellers for AutomationDirect in America. We are also the largest distributor of Moxa networking products in America. Our other major product lines are: Advantech for industrial computers, IDEC for control products, and eWON for Remote Access Routers. Recognized for outstanding customer service, quality products, hands-on training, competitive prices, and over 30,000 part numbers to choose from, its no wonder thousands of OEMs, Systems Integrators, and End Users choose Quantum Automation as their #1 Value Added Reseller!

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803