You are on page 1of 59

L03 - Applying Advanced EtherNet/IP Features in

Converged Plant-wide Ethernet Architectures

For Classroom Use Only!

Important User Information

This documentation, whether illustrative, printed, online or electronic (hereinafter Documentation) is intended for use only as a
learning aid when using Rockwell Automation approved demonstration hardware, software and firmware. The Documentation
should only be used as a learning tool by qualified professionals.

The variety of uses for the hardware, software and firmware (hereinafter Products) described in this Documentation, mandates
that those responsible for the application and use of those Products must satisfy themselves that all necessary steps have been
taken to ensure that each application and actual use meets all performance and safety requirements, including any applicable
laws, regulations, codes and standards in addition to any applicable technical documents.

In no event will Rockwell Automation, Inc., or any of its affiliate or subsidiary companies (hereinafter Rockwell Automation) be
responsible or liable for any indirect or consequential damages resulting from the use or application of the Products described
in this Documentation. Rockwell Automation does not assume responsibility or liability for damages of any kind based on the
alleged use of, or reliance on, this Documentation.

No patent liability is assumed by Rockwell Automation with respect to use of information, circuits, equipment, or
software described in the Documentation.

Except as specifically agreed in writing as part of a maintenance or support contract, equipment users are responsible for:
• properly using, calibrating, operating, monitoring and maintaining all Products consistent with all Rockwell
Automation or third-party provided instructions, warnings, recommendations and documentation;
• ensuring that only properly trained personnel use, operate and maintain the Products at all times;
• staying informed of all Product updates and alerts and implementing all updates and fixes; and
• all other factors affecting the Products that are outside of the direct control of Rockwell Automation.

Reproduction of the contents of the Documentation, in whole or in part, without written permission of Rockwell Automation
is prohibited.

Throughout this manual we use the following notes to make you aware of safety considerations:

Identifies information about practices or circumstances that can cause an explosion in a hazardous
environment, which may lead to personal injury or death, property damage, or economic loss.

Identifies information that is critical for successful application and understanding of the product.

Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you:
• identify a hazard
• avoid a hazard
• recognize the consequence

Labels may be located on or inside the drive to alert people that dangerous voltage may be present.

Labels may be located on or inside the drive to alert people that surfaces may be dangerous temperatures.

About This Lab

Welcome to the “Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Architectures” Lab. The Stratix
5700 and Stratix 8000 are Rockwell Automation managed Ethernet switches that utilize Cisco technology and offer the best of
both worlds. These switches offer the Best of Cisco and the Best of Allen-Bradley.
The Stratix family of switches utilizes the Cisco Catalyst switch architecture and feature set, leveraging powerful configuration
tools, to provide secure integration with the enterprise network while at the same time supporting a familiar structure for IT
professionals.
Both the Stratix 5700 and 8000 Switches allow for easy setup and comprehensive diagnostics from within the Rockwell
Automation Integrated Architecture. These switches can be configured using Studio 5000 programming software. They also
automatically generate Logix tags for integrated diagnostics and include FactoryTalk View faceplates for status monitoring and
alarming. Together these features provide for an easy integration of networking devices into control and automation
architectures.
This lab covers a variety of advanced techniques, best practices, software packages, and products using EtherNet/IP. It will
demonstrate Network Address Translation (NAT) in Layer 2 as well as Layer 3 architectures, Virtual LAN (VLAN) segmentation,
and Connected Routing. A prior understanding of general Ethernet concepts, including switching and routing is recommended.
It is also recommended (but not required) to complete “Applying Basic EtherNet/IP Features in Converged Plant-wide Ethernet
Architectures” lab before starting this lab.

What You Will Accomplish In This Lab

As you complete the exercises in this hands-on session, you will:
 Learn how to set up the advanced functions of a Stratix family managed Ethernet switches.
 Learn how to configure the Stratix 5700 and Stratix 8000 via either of the following methods:
o Device Manager – outlines basic and advanced configurations along with troubleshooting tools
o Studio 5000 – outlines basic and advanced configurations along with diagnostics and troubleshooting tools
available for use within a Studio 5000 program
 Learn how to set up NAT in Layer 2 and 3 Architectures.
 Learn how to segment a network with multiple VLANs and set up Connected Routing.
 Learn how to use DHCP Persistence for automatic IP address assignment.
Lab 1 will walk you through the steps of setting up NAT for Layer 2 architecture system using Device Manager .
Lab 2 will walk you through the steps of VLAN assignment and network segmentation, Connected Routing and NAT in a Layer 3
architecture.

3 of 59

About Stratix 5700

In this lab, we will introduce you to the Stratix 5700 Ethernet managed switch with Cisco technology. The Stratix 5700
Managed Ethernet Switch is equipped with up to 20 ports that can include standard 10/100Mbps copper ports,
10/100/1000Mbps copper ports (optional), and SFP (Small Form factor Pluggable) fiber optic ports (optional).

 There are two power connectors on the top right of the switch. You can connect the switch to two separate 24VDC
power sources for redundancy.
 Additional connectors on the bottom right provide hardwired contacts for major and minor alarms.
 The Express Setup button is located on the top. Express Setup allows you to easily configure the switch for
EtherNet/IP networks.
 The Console ports on the top (RJ-45 or USB connector) allow direct access to the switch via Cisco’s Command Line
Interface (CLI).
 The Secure Digital (SD) card slot is located in the bottom. The optional SD card allows you to simplify device
replacement by storing switch configuration and firmware.
The Stratix 5700 can be managed via the Device Manager Web interface for configuration, troubleshooting and monitoring.
Using this software, real-time information can be viewed. In addition to the Device Manager, the switch can also be managed via
the Studio 5000 environment after Express Setup on the switch is complete.

The advanced features of the Stratix 5700 switch that are covered in this lab include Virtual LAN (VLAN) and Network
Address Translation (NAT).

A complete description of the hardware and software features of the Stratix 5700 switch can be found in the
Stratix Managed Switches User Manual (Publication 1783-UM007).

4 of 59

About Stratix 8000

In this lab, we will also use the Stratix 8000 Ethernet managed switch with Cisco technology. The Stratix 8000 Managed
Ethernet Switch is a modular switch that can be expanded up to 26 ports with the use of expansion modules.

 There are two 24VDC power connectors on the top left of the switch. Additional connections on the power connectors
provide hardwired contacts for major and minor alarms.
 The Express Setup button is located below the power connections. Express Setup allows you to easily configure the
switch for EtherNet/IP networks.
 The Console port on the left (RJ-45 connector) allows direct access to the switch via Cisco’s Command Line Interface
(CLI).
 The CompactFlash card slot is located in the bottom. The flash card stores the switch configuration and firmware and
can be used for quick hardware replacement.
The Stratix 8000 can be managed via the Device Manager Web interface for configuration, troubleshooting and monitoring.
Using this software, real-time information can be viewed. In addition to the Device Manager, the switch can also be managed via
the Studio 5000 environment after Express Setup on the switch is complete.

The advanced features of the Stratix 8000 switch that are covered in this lab include Virtual LAN (VLAN), Dynamic Host
Configuration Protocol (DHCP) and Connected Routing.

A complete description of the hardware and software features of the Stratix 8000 switch can be found in the
Stratix Managed Switches User Manual (Publication 1783-UM007).

5 of 59

Studio 5000 v26.EA1 preloaded  Stratix switch Add-On Profile (AOP) v8.01. Tools and Prerequisites  PC with Microsoft Internet Explorer V9.0 Hardware This hands-on lab uses the following hardware:  ENET 21 Demo Box Machine Controller POINT I/O Stratix 5700 Line Controller Stratix 8000 6 of 59 . V11 or Mozilla Firefox V25.Before You Begin Instructor Information The Instructor Information outlines the setting up.EA1 preloaded  Stratix 8000 with IOS 15. V10.0  Stratix 8000 AOI and FactoryTalk View Faceplate v6. resetting and troubleshooting the Lab. FactoryTalk View Studio 8  Stratix 5700 with IOS 15.2(3).2(3).01 for Studio 5000  Stratix 5700 AOI and Factory Talk View Faceplate v3. V26 with JavaScript enabled. Please refer to Appendix A in the back of the Lab Manual for additional Instructor Information.

Point I/O. We have already made the connections for you. the module in slot 3 is connected to the Device Level Ring. It has two Ethernet modules – the module in slot 1 is connected to the Stratix 5700 switch. The bottom ControlLogix chassis is called “Line Controller” in the lab.Connecting your Lab Station Look at the lab diagram below. Note that numbers on the cables in the demo box may not match numbers on the diagram. ETAP. The Ethernet module in slot 1 is connected to the Stratix 8000 switch. 7 of 59 . This system is comprised of two ControlLogix controllers. ArmorBlock I/O and a computer. The top ControlLogix chassis is called “Machine Controller” in the lab. a Stratix 8000 and Stratix 5700.

Multiple machines with identical IP address schemes may create duplicate address issues. and network IP addresses are generally unknown until the machine is being installed – adding cost and time to the commissioning of the equipment. A Layer 3 device with routing capability is not required since all network traffic stays within the same VLAN. Network Address Translation (NAT) may help to solve these problems. In some cases. The network diagram below depicts a Layer 2 architecture where the inside and outside zones comprise only one VLAN. The inside zone would be the equivalent of a machine being added into a larger outside network. 8 of 59 . NAT in a Layer 2 architecture The simplest architecture to apply NAT is a small scale Layer 2 network with a single VLAN and no Layer 3 switch. OEM’s IP-address assignments rarely match those of the end-user’s addresses. Limiting access only to certain devices can help optimize network performance at the local level. NAT in the Allen-Bradley Stratix 5700 switch is a hardware implementation that provides high performance “wire speed” translations and allows for: • Simplified IP-address mapping between machine-level IP addresses to the end user’s plant IP addresses • Commissioning of standard “cookie cutter” machines to end users without reprogramming IP addresses • Easier machine maintenance because machine configuration and controller programs remain standard The Stratix 5700 switch with NAT technology also allows users to isolate some of the machine traffic by determining which devices should be exposed to the larger network via NAT translation.Lab 1: Network Address Translation (NAT) in a Layer 2 Architecture Introduction Machine or process skid integration into a plant’s network can be difficult for several reasons. there may be not enough free IP addresses in the plant network to accommodate all new devices.

Each machine will have identical equipment and network layout. such as the Line controller and the PC. to unique Private IP addresses. We will have to configure NAT in the Stratix 5700 such that devices with existing “Private” IP addresses will be assigned a unique “Public” address.e. 9 of 59 . plant-wide) network with unique IP addressing scheme.e. Note: NAT devices may use words such as "public" or “outside” to identify larger (i. the upper ControlLogix chassis in your demo box represents the Machine controller and the lower chassis represents the Line controller. For the purposes of this lab. machine-level) networks with reusable IP addresses. Each demo box has a Line controller for supervisory control and a Machine controller for machine level operation.Lab 1 Scenario We want to add several machines to our current architecture with a single VLAN and no Layer 3 switch. The Stratix 5700 switch uses public / private terminology in the Device Manager. We will also have to configure NAT to translate Public IP addresses. In order for us to have the same IP addressing for all additional machines we will need to implement NAT. We want to keep existing IP addresses on the machine and maintain only one Studio 5000 program for all machines instead of having to reconfigure every device on each machine with new IP addresses. and "private" or “inside” to describe smaller (i. The NAT and IP address configuration for Lab 1 is shown in the diagram below.

x from the line level switch (Stratix 8000) which operates in the 10.30.x IP subnet. Connect the PC cable to port Fa1/1 on the Stratix 5700. The IP address of the PC is currently 192.168. Because the 5700 switch has not been configured to do NAT yet.2 and configure NAT on this switch.10. 1.1. Unplug the PC cable from port Fa1/2 on the Stratix 8000.10. 2.Configuring NAT in the Stratix 5700 using the Device Manager Interface First we will connect our PC to the machine level Stratix 5700 switch that has an IP Address of 192. Double-click on the desktop shortcut for the Local Area Connection. 10 of 59 .168.1.168. we cannot access the machine network 192.1.

1. Close the open windows.3. Verify that the IP address is set to 192.30. 11 of 59 . Click Details.168.

leave “username” blank and type “rockwell” (all lowercase.2 of the Stratix 5700 in the address bar and press Enter. Now.1. Type the IP address 192. let’s open the Device Manager Interface for the Stratix 5700 switch by launching Internet Explorer icon on taskbar 5. 12 of 59 . no quotes) as the password.4.168. In the authentication box shown below. 6.

8. You are now in the Stratix 5700 Device Manager.7. Click the Add button. 13 of 59 . Go to the Configure menu and then click on NAT. You will configure your NAT Instances on this page.

each instance is assigned to all VLANs on port Gi1/1 and no instances on port Gi1/2:  If a VLAN is assigned to a NAT instance. its traffic remains untranslated and is permitted to pass through the uplink (trunk) port. while different. need to share the same VLAN to communicate.  By default. Next we need to select what interfaces and VLANs we are assigning to this instance. This is where the NAT translations for the instance and other parameters are entered. This means both your private and public subnets.  If a VLAN is not assigned to a NAT instance. 14 of 59 . Type Advanced_Lab in the Name field of the NAT instance. consider the following:  NAT implementation on the Stratix 5700 does NOT change VLAN tags. its traffic is being translated or dropped according to the NAT tables and configuration parameters of the NAT instance. When assigning VLANs to a NAT instance. 9. The Add / Edit NAT Instance configuration window will appear. 10.

In this lab we are using VLAN 10 and interface Gi1/1. Click the Add Row button in the Private to Public section. 9. We are going to enter our Private to Public translations first in the General tab. 15 of 59 . Make sure you click Save after each pair of addresses. Leave VLAN 10 checked and deselect all others. 8.

3 EN2TR DLR 192.4 16 of 59 .4 10.10. type the addresses shown in the table above. See the table below for translations.10. Click Save after each pair of addresses. Device Private Public Private to Public Stratix 5700 192.1.10.3 10.1. In the “Private IP Address” field and in the “Public IP Address” field.10.10.10.2 NAT Table EN2TR 192.2 10.168.1. Use type Single for each translation. Click Add Row to enter a new pair.10.168.168.

12.1.10.1 192.10.1 NAT Table Line EN2TR 10.168.10. You can also select a Range type to translate a number of consecutive IP addresses.10. Click Submit to finalize the configuration and close the Device Manager.10. 17 of 59 .30 192.11.168. Now click on the “Public to Private” tab and enter the translations for Public devices as shown in the table. Device Public Private Public to Private Stratix 8000 10.1. or a Subnet type to translate the whole IP subnet.20 PC 10.30 We entered translations for one IP address at a time (Single translation type).20 192.1.10.168.

Remove the PC cable from Stratix 5700 Fa1/1. 14. 18 of 59 . After NAT is configured.10. Connect the PC cable to Stratix 8000 Fa1/2 (lower switch). Select the IPv4 item and click Properties.10. we now want to connect our PC at the line (supervisory) level to the Stratix 8000 and change our PC’s IP Address to the line network address of 10.Verifying NAT operation 13. Double-click on the Local Area Connection shortcut on the desktop and click on the Properties.30.

15. 16.10.10.1. Click OK and Close for both open windows to apply IP address changes. Verify that the NAT configuration is working by opening Device Manager for the Stratix 5700. The address we will now have to use to access the Stratix 5700 is the translated IP address of 10. Since we configured NAT on the Stratix 5700.30 and the local gateway address to 10.10.10. 19 of 59 .10. we can now communicate with the machine network while being connected to the line network (Stratix 8000). Change the PC’s address to 10.2. 17.10.

By being able to access the switch from the translated address and from the Device Manager Dashboard we can see the NAT Instances are being applied. leave “username” blank and type “rockwell” (all lowercase. Once again you will be prompted to enter the authentication credentials in the box shown below. no quotes) as the password.18. 20 of 59 . (Same as before) 19.

20. We can also check the NAT instances are working by clicking the Monitor tab and then selecting NAT Statistics 21 of 59 .

22 of 59 . slot 0 and click Download. Expand the VLAN10 Ethernet driver. 22. Browse to the Line processor 10. Open the Logix Files folder by using the shortcut on the desktop. Open Bottom_CLX_Line_Lab1. Click on the Who Active button.ACD file to download the program to the Line controller (bottom chassis). 21.20.10.Verifying EtherNet/IP Communication through NAT Now with the NAT instances configured and working we are ready to download the programs to the Line and Machine controllers. Make sure that you select the right file (“Line_Lab1”).10.

Click Yes to change the controller to Remote Run mode. 24. 23 of 59 . click the drop-down in the online bar and select Run Mode. Click Download. 25.23. If a pop-up window did not appear and ask to go to the Run Mode.

10. 27.10. 24 of 59 . Open the Logix Files folder by using the shortcut on the desktop. Browse to the Machine processor 10. Click on the Who Active button. 26. Expand the VLAN10 Ethernet driver. Make sure that you select the right file (“Machine_Lab1”). Open Top_CLX_Machine_Lab1. slot 0 and click Download. Now we are ready to download the program to the Machine controller (top chassis).ACD file to download the program to the Machine controller (top chassis).3.

rung 0. Click Download. click the drop-down in the online bar and select Run Mode. the Line_Control tag data will be received via the Produced Consumed connection between the Line and Machine Controllers. the program makes the Point I/O outputs on the demo case to blink on and off.28. If the Produced Consumed connection is established. If a pop-up window did not appear and ask to go to the Run Mode. proving and illustrating the communication through a NAT boundary. 30. 25 of 59 . Go to the Main routine in the Main program. Click Yes to change the controller to Remote Run mode. Once downloaded. 29.

3 of the EN2TR when downloading to the Machine controller since the PC was connected to the outside network (the Stratix 8000 switch).10.10.31. Go to the Machine program I/O tree. the EN2TR module in the Machine program is configured with the actual IP address of 192.168. Note that we had to use the public (outside) IP address 10. 26 of 59 .3.1. right-click on the “Local EN2TR” 1756-EN2TR module in slot 1 and click Properties. However.

27 of 59 .20 since it is located on the Public (Outside) network.20 in the Machine program.168.32. Open the Properties window of the “RemoteEN2TR” 1756-EN2TR module on the Ethernet network.10.10.1. The actual address of the module is 10. The IP address of the remote (Line) module is configured as 192.

Expand the VLAN10 Ethernet driver.33.  We only see the real IP addresses of the Stratix 8000 switch (10.10.10.10.10.20) since the PC is on the same network with these devices. Remember that we are browsing from the PC on the Public network 10.1) and the Line controller module (10.10. Click on the RSLinx Classic shortcut on the desktop and open the RSWho window.  We do NOT see other devices on the Machine network. in RSLinx since we did not configure translations for it. 28 of 59 . for example the POINT I/O adapter.10.0:  The RSLinx Classic application shows both the actual (untranslated) and translated addresses for the EN2TR modules in the Machine chassis because we added them to the NAT table.

34. The HMI application shows the overall network status. You have successfully completed Lab 1. It may take about a minute to load. 29 of 59 . Start the FactoryTalk View SE Client application by clicking on the desktop shortcut. Make sure all connections are green.

we reviewed NAT in a Layer 2 architecture without VLAN segmentation and routing. Adding NAT into such network allows us to integrate multiple machines or skids with identical IP addresses while providing VLAN segmentation for each machine. Larger production systems require hierarchal network design that include Layer 3 distribution switches to provide VLAN segmentation and routing. with each machine using a separate VLAN in a Layer 3 architecture. However. each Stratix 5700 does NAT for the VLAN associated with the machine. Introduction In the previous lab. this method does not provide full segmentation since broadcast traffic would still propagate across the network.Lab 2: VLAN Segmentation. 30 of 59 . Utilizing a NAT device in each machine allows them to use identical IP addresses and to be connected to the network without having to modify programs or device settings. Such architecture may be appropriate for a very small network. but quickly becomes insufficient as the network grows. VLAN segmentation limits the broadcast domain and helps to prevent network problems in one machine from affecting rest of the network. Connected Routing and Network Address Translation (NAT) for a Layer 3 Architecture. NAT in a Layer 3 Architecture The diagram below demonstrates multiple machines or skids being integrated into a larger network using Stratix 5700 NAT. In this architecture. The Layer 3 switch in the Public network is a default gateway for each VLAN and routes the traffic between VLANs. Using NAT in a single VLAN architecture provides some level of segmentation by isolating untranslated devices behind the NAT boundary.

Each machine will have identical equipment and network layout. For the purposes of this lab. We will add network segmentation by using multiple VLANs and inter-VLAN routing in our new design. 31 of 59 . This time. the upper ControlLogix chassis in your demo box represents the Machine controller and the lower chassis represents the Line controller. The desired architecture is shown in the diagram below. we do not want to have a Layer 2 architecture and to create one big flat network with a single VLAN. In order for us to have the same IP addressing for all the additional machines we will still need to implement NAT.Lab 2 Scenario We want to add several machines to our current network.

Trunking allows switches to send data from multiple VLANs over the same link while still maintaining segmentation between VLANs.  Finally. The new configuration will allow communication (produce/consume tags) between the two controllers (Line and Machine) that will trigger the I/O lights to turn ON.  First. we will create a gateway translation for the IP address of the Stratix 8000 switch in VLAN 10. 32 of 59 . Ports that connect the switches are configured in the VLAN trunk mode. we will create VLANs and assign them to the appropriate ports on the Stratix 8000 switch. The Line Controller will be configured on VLAN 20 and the PC will be configured to VLAN 30.In order for this architecture to work. we will re-configure the previous NAT configuration in the Stratix 5700 switch for the new Layer 3 architecture. This means that Ethernet frames will be tagged with a corresponding VLAN number when going out of these ports. we will need to configure Connected Routing in the Stratix 8000 which enables devices on any VLAN to communicate with each other if they use the switch as their default gateway. The Machine device’s private IP addresses will be translated to the configured VLAN 10 addresses. Instead of using a Public-to-Private translation for every device in the Public network.  Then we will enable Connected Routing to be able to communicate between VLANs.

In the Stratix 8000. 3.10.Configuring VLANs and Connected Routing 1. we will create multiple VLANs to segment our network and we will also configure Connected Routing. In the authentication box shown below. Type the IP address 10. Launch Internet Explorer by clicking the internet explorer icon on taskbar 2. 4. 33 of 59 . no quotes) as the password.10. You are now in the Stratix 8000 Device Manager.1 of the Stratix 8000 in the address bar and press enter. leave “username” blank and type “rockwell” (all lowercase.

you will see that VLAN 10 and VLAN 20 are already created. 34 of 59 . Expand the Configure tab and select VLAN Management.5. click the Add button. To create the VLAN 30. We used VLAN 10 for the previous lab and VLAN 20 was created in advance. 6. In VLAN Management. We will be creating VLAN 30 for the PC and HMI application.

30.1” and click “OK” to create the new VLAN. 35 of 59 . Before assigning the port. This IP address will be the default gateway address for devices on that VLAN.7. You can always modify the name of the VLAN but not its number. we need to assign a port to our new VLAN. we need to assign an IP address to the Switch VLAN Interface (SVI). After creating the VLAN. select IP Assignment Mode to “Static” with an IP address of ”10. you must give it a name and unique ID number. 8. Name of “VLAN30”.10. Expand the Configure tab and select Smartports. Since we are configuring a VLAN on the Layer 3 switch. To create a VLAN. Enter a VLAN ID of “30”. we will verify that the port has the appropriate configuration (port role).

10. 36 of 59 .9. Now. Virtual Desktop for Automation smartport optimizes port parameters for a PC connection and allows two MAC addresses (one for a physical NIC. one for a VM). If not. go to the Configure tab and select Port Settings. Select port Fa1/6 and verify that it is set to Virtual Desktop for Automation. see Stratix Managed Switches User Manual (Publication 1783-UM007). For information about smartports. select the role from the list and click Save.

Click OK to save configuration. Select port Fa1/6 and click Edit. Port Fa1/6 is currently configured for the default VLAN 1. Verify that the Administrative Mode is set to “Access” and change the Access VLAN to VLAN30-30. 37 of 59 . 12.11.

13. Before changing our PC IP address and moving it to the VLAN30 network. the Switch Management Database (SDM) template should be set as Lanbase Routing. we will need to setup up Connected Routing. the SDM template has already been configured for you. To enable connected routing. Verify that the SDM template is set to “Lanbase Routing”. The SDM templates optimize how switch memory is allocated for specific features. Go to the Admin Menu and select SDM-Template. Do NOT CHANGE the template. To save time. The process of changing the template causes the switch to automatically restart. 38 of 59 . 14.

The gateway address specifies the next-hop router for the default route out of the Layer 3 switch. From the Configure menu. 16. we do not need to provide a gateway address. Leave the gateway address field blank. check Enable Routing and click Submit. 17. choose Routing. 39 of 59 . Since our Stratix 8000 switch is not connected to a larger network. To enable connected routing. Click Yes at the pop-up window.15.

By enabling Connected Routing on the switch. 40 of 59 . To restrict inter-VLAN communication for certain devices. These devices should use the switch as their default gateway.30 and the gateway to 10. we allow communication between devices on all VLANs. Click OK and close open windows to apply IP address changes. you can configure access control lists (ACLs) in the CLI.30.10.1. 19. Stratix 5700 with Full software option also supports Connected Routing. Verifying Connected Routing operation With routing enabled. 18.30.10. Make sure that the third octet is set to “30”. Change the IP address of the PC to 10. we can now move our PC to VLAN 30 and the Line controller to VLAN 20.

Open the Command Prompt by clicking on the desktop shortcut and type “ping 10.10. 41 of 59 . At this point.10. Plug the PC cable into the Stratix 8000 port Fa1/6.20”.20. 22. 21. which we configured for VLAN30 in the previous steps. Next try to ping the Line controller.10.10.20.1 address. the Line controller is still on VLAN 10 with an IP address of 10. Verify that the Connected Routing is working by first accessing Device Manager for the Stratix 8000 using the 10. We will move the Line controller to VLAN 20 in the next step.10.10.

As you see.20. select Port Settings.10. 23. From the Configure menu. In the Stratix 8000 Device manager. The VLAN 20 was already preconfigured for this lab. 42 of 59 . 24. slot 1).20 address on Fa1/4 interface. The Stratix 8000 switch is configured with the DHCP Persistence feature that will assign an IP address in the corresponding VLAN based on the port where a device is plugged in. the DHCP server on the switch is configured to assign the 10. select Configure – DHCP and click on the DHCP Persistence tab. The Line Controller’s 1756-EN2TR module is set to DHCP mode (bottom chassis. The port Fa1/4 is configured for VLAN 20. Here we see that port Fa1/4 is in the VLAN 20.

43 of 59 .10.20. In order for DHCP to assign the new address of 10. Watching the display on the EN2TR.20. Remove the Line Controller’s cable from the Stratix 8000 port Fa1/3 and plug it into Fa1/4. the 1756-EN2TR will have to be power cycled after changing the connected port. Open the power supply door of the bottom chassis and flip the switch off and on to power cycle the chassis (alternatively.20 to the Line controller.10.10. you will see that it receives the new IP address of 10. 27.20.20. We now are able to communicate between the PC in VLAN 30 and the Line Controller in VLAN 20.20. To verify the result. ping the new IP address 10.25. you can pull out and reset the EN2TR module in the chassis). Line Controller (bottom chassis) 26.

If traffic is routed through a Layer 3 switch or router (Layer 3 architecture).e. you create one or more unique NAT instances. 28. or conserve public address space.  A gateway translation for the Layer 3 switch or router.10. you do not need to provide translations for all devices on the public subnet that belong to other VLANs. A NAT instance contains entries that define each address translation. only one instance is required. we are still using the NAT instance from the previous lab for a single VLAN network.2 of the Stratix 5700 in the address bar and press enter. Go the Device Manager interface for the Stratix 5700. as well as other configuration parameters. In a typical implementation. The translations you define depend on whether traffic is routed through a Layer 3 switch / router or not. At this point. you define the following:  A private-to-public translation for each device on the private subnet that needs to communicate on the public subnet. We will need to edit the current NAT instance in the Stratix 5700 by removing the “Public to Private” translations and by adding a gateway translation. You also do not need to configure NAT for every device on the private subnet. Launch Internet Explorer by clicking the Internet Explorer icon on taskbar 29. To configure NAT. In a Layer 3 architecture. Type the translated IP address 10. decrease traffic. For example.Configuring NAT for the Layer 3 Architecture We have not yet configured the NAT instance for the Layer 3 architecture we just created. 44 of 59 .10. the address of the Layer 3 switch / router). you can choose to omit some devices from NAT to increase security. Private devices can reach public devices by using the translated gateway address (i.

Go to the Configure menu. and click Edit. and select NAT. In the authentication box shown below. no quotes) as the password. Select Advanced_Lab NAT instance. 45 of 59 . leave “username” blank and type “rockwell” (all lowercase. 31. 32.30.

Make sure that the correct tab is selected! You will be asked if you are sure you would like to delete the selected items. Select all three translations. DO NOT CLICK SUBMIT AT THIS POINT YET!!! 34. and click Delete. we will leave all the Private-to-Public translations as configured earlier. Click OK. Select the Public to Private tab. 46 of 59 . Go to the Gateway Translation section and click Add Row. In the General tab.33. We need to delete all Public-to-Private translations used for the Layer 2 architecture lab. We need to enter a Gateway Translation so devices in the machine can reach the default gateway (the Stratix 8000 switch).

Open the command prompt and ping the Machine controller at 10.10.3.10.35. 37. Click Submit to save changes in NAT configuration. 36.1 for the Private.10. 47 of 59 .1.1 for the Public and 192.10. Now we will verify if the new NAT configuration with gateway translation is working properly.168. Enter the Gateway Translation of 10. Click Save.

20 slot 0. Expand the VLAN20_Lab2 Ethernet driver and browse to 10. These programs will use the IP address 10. 39.20 of the Line Controller in VLAN 20.10.Verifying EtherNet/IP communication through NAT We are now ready to download new programs for the Line Controller and then the Machine Controller.ACD file to download the program to the Line controller (bottom chassis). Click Download.20. Open Bottom_CLX_Line_Lab2. Make sure that you select the right file (“Line_Lab2”).10. Open the Logix Files folder by using the shortcut on the desktop. 38. Click the Who Active button. 48 of 59 .20.

49 of 59 .40. Click Download 41. Click Yes to change the controller to Remote Run mode.

Next we will download the Machine controller program. 42. open Top_CLX_Machine_Lab2.3 slot 0. Click Download.ACD file to download the program to the Machine controller (bottom chassis). 43. Click the Who Active button. Make sure that you select the right file (“Machine_Lab2”). Expand the VLAN10 Ethernet driver and browse to 10. 50 of 59 .10.10. In the Logix Files folder.

20 of the Line Controller. 45. the Machine program uses the real (untranslated) address 10. As you see. Right-click on the RemoteEN2TR module in the Machine program and select Properties. we can use public IP addresses to communicate to the devices in other VLANs. the Point I/O outputs in the demo case will be solid green.10. 51 of 59 . proving and illustrating the communication between the Line and Machine Controllers.20.44. Since we configured the gateway translation. Click Yes to change the controller to Remote Run mode. Click Download. Once both programs are downloaded.

Go to the FactoryTalk View SE client application.46. 52 of 59 . You have successfully completed the Lab. and verify that all lines are showing green. click on Lab 2 Display button.

VLANs. an SVI for the VLAN and assigned a port to a VLAN.Lab Summary In this lab. and reviewed Network Address Translation.  Enabled Connected Routing between VLANs.  Configured a NAT instance in a Layer 3 architecture by specifying a Gateway translation.  Stratix 8000 Ethernet Managed Switch  Configured a VLAN.  Reviewed the DHCP Persistence feature. you have worked through exercises that demonstrated the power and flexibility of the Stratix 5700 and the Stratix 8000 Ethernet Managed Switches. 53 of 59 . You have completed the following tasks:  Stratix 5700 Layer 2 Ethernet Managed Switch  Configured a NAT instance in a Layer 2 architecture by specifying Private-to-Public and Public-to-Private translations. Connected Routing and DHCP Persistence features of Stratix switches.

008 Bottom CLX Chassis 1756-L75 Slot 0 26.168.007 54 of 59 .008 1756-IB16ISOE Slot 2 2.022 1734-OB8E Slot 2 3.10.1.168.20 (DHCP) 5. updated screenshots and diagrams 12/8/2015 – added startup script to configure switches automatically. minor revisions Hardware Configuration Qty Demo Cat. VLAN segmentation.005 1732E-IB16M12SOEDR 192.2(3)EA1 Stratix 8000 Ethernet Switch N/A 10.7 1.168.168.008 1756-IB16ISOE Slot 2 2. updated screenshots 9/14/2015 – added DLR on 5700 switch.3 5.2(3)EA1 1783-ETAP 192. including switching and routing is recommended.1. A prior understanding of general Ethernet concepts.1.# / Description Slot IP Address Firmware 1 ENET21 Demo Box Top CLX Chassis 1756-L75 Slot 0 26.009 1756-SFM Slot 3 N/A Stratix 5700 Ethernet Switch N/A 192.168.013 1756-EN2TR Slot 1 10.1.Instructor’s Use Only Lab Configuration and Setup Guide Lab Information Lab Name Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Architectures Lab Description This hands-on lab will demonstrate Network Address Translation (NAT) in Layer 2 and Layer 3 architectures.5 3.1 (VLAN 10) IOS 15.10.x. and Connected Routing.1.012 1734-IB8 Slot 1 3.4 5.002 1734-AENTR Slot 0 192.10. Commercial Engineer Date Created 9/1/2014 Updates: 3/31/2015 – minor cleanup.013 1756-EN2TR Slot 1 192. Lab Creator Eduard Polyakov – Sr.1.2 IOS 15.6 2.009 1756-EN2TR Slot 3 192.168.022 1734-OE2V Slot 3 3.

3 different styles of Ethernet modules. 55 of 59 .01 RA RSLinx 3. 1 Point I/O module. and 1 Computer. V10.73 RA FTViewSE 8. 1 Armor Block module. Computer/Host Settings IP Address Configured as outlined in the various lab sections Windows 7 with Internet Explorer V9. Note: The same demo box is used for this “Advanced EtherNet/IP” lab and the “Basic EtherNet/IP” lab.2 Note: Please be aware that IP addresses of some of the devices change during the lab. V11 or Mozilla V26.00 Cisco Cisco Network Assistant 6. The switch configuration and cabling for some of the devices is different between the labs. Operating System V27 installed Application Versions Vendor Software Version Service Pack RA Studio 5000 Logix Designer 26. This hands-on lab uses the ENET21 Demo Box. The Stratix 8000 switch has several VLAN interfaces. each with its own IP address. 2 different types of Stratix Ethernet Switches. Please make sure that correct reset steps are followed since the box may be configured for a different lab. This system is comprised of 2 Control Logix controllers.

b. The IP address of the VM is set to 192.Lab Resetting and Startup Procedures This section describes how to reset the hardware and verify configuration when setting up the lab and between the sessions. 56 of 59 . a. This is necessary for the correct IP address assignment in the Lab 1.30. Restart the Advanced EtherNet/IP lab image on the PC.168. Connect all Ethernet devices to the corresponding Ethernet ports on the Stratix 8000 and 5700 switches as seen below. Please make sure that connections are restored between the sessions according to the diagram. Note that during the lab users will move some cables to different switch ports. Make sure that “Line” EN2TR Slot 1 Port 1 (Bottom CLX) is connected to the Stratix 8000 Fa1/3. Note that the Line Controller (connected to the Stratix 8000) is in the bottom chassis of the demo box.1. The Machine Controller (connected to the Stratix 5700 and DLR) is in the top chassis. 1. 2. Please read all steps through one time before hooking and starting up the lab.

a.10.1. When the lab image is restarted. Wait until you see the next message on the screen. This completes the cabling for the lab according to the diagram.192. “Line” EN2TR slot 1 (Bottom CLX) – 10.1. a script is running to restore switch configurations.1. Connect the PC Ethernet cable to the Stratix 8000 port Fa1/1. Click OK to continue. DO NOT close or click on any open windows. Please follow the steps below to make sure that it executes correctly.168.20 and enabled on the EN2TR module 192. This is a temporary connection to restore the Stratix 8000 switch configuration.192.168.3 b.3 and 192. You should see the message on the screen. 7. During the initial setup before the event.10. Lab 1 uses this address in the beginning.4 c. 5. This is a temporary connection to restore the Stratix 5700 switch configuration.1. Move the PC Ethernet cable back to the Stratix 8000 port Fa1/2.1. make sure that DLR Supervisor mode is disabled on EN2TR modules 192. DO NOT close or click on any open windows. “Machine” EN2TR slot 1 (Top CLX) . Review the list of known issues and troubleshooting steps on the next page before conducting the lab. then copies the correct configuration to the Stratix 5700 switch. Power cycle the bottom ControlLogix chassis to reset the EN2TR module and get the new IP address via DHCP.1. 6.20 10. 8.4. 9. “Machine” EN2TR slot 3 (Top CLX) . The script verifies connectivity to the switch and if the TFTP server is running. Click OK to continue. The IP address can remain as 192. 57 of 59 . Verify IP address assignment for the EN2TR modules. 11. then copies the correct configuration to the Stratix 8000 switch. 3. 4.168. Connect the PC Ethernet cable to the Stratix 5700 port Fa1/1. The script verifies connectivity to the switch and if the TFTP server is running.168.30. It is recommended to run through the lab on all stations before the event starts.168.168.

There are several steps where IP addresses and ports should with the controller) change. Verify that the TFTP server is running on the PC (it is used to upload configurations to switches). 2.Lab Troubleshooting Some of the issues that may happen during the lab and during the reset are listed here. The issue may be password. only password is required. 5. 1. 2. Cannot restore configurations using the script. There should be no issues with the event PCs. Check if the PC cable is plugged in the correct port on the correct switch. cannot ping. that the switch has been updated with the new firmware and the Express Setup procedure applied.e. SDM template should be Lanbase Routing (Lab 2). restart the browser in Device Manager FactoryTalk Security logon prompt when opening Try the following steps: Studio 5000 1. Routing should be enabled (Lab 2). The Symantec software on the computers with a standard RA image requires connection to the corporate network to allow TFTP connections. Verify the following: Restore process fails. Correct IP address and the port for the PC according to the place in the connect to a switch via the webpage or go online lab. not configuring Gateway addresses in the Lab 2. Possible Issues During the Lab Problem Troubleshooting Steps Cannot communicate to devices and switches Verify the following to resolve the issue: when supposed to during the lab (i. 4. 3. 1. Reset the module in the chassis (note that this module is NOT used during connection fault in I/O tree the lab) Possible Issues When Preparing or Resetting the Lab Problem Troubleshooting Steps Cannot login to the switch using rockwell Try to enter username admin and password rockwell. Configure directories using username labuser and password rockwell as the local Windows administrator. mistyping IP addresses. 1756-IB16ISOE module (slot 2) may blink red. After the correct lab configuration is restored. NAT configuration on the Stratix 5700 switch. 2. The latest firmware requires a username for the Express Setup. 3. Port Fa1/1 on both switches must be used to reset switch configurations. Open FactoryTalk Directory Configuration Wizard (Start – Rockwell Software – FactoryTalk Tools). “Unsupported device” message on the Dashboard Clear IE cache. 58 of 59 . Common mistakes are reversing private and public IP addresses. Select both Network and Local directories as options. 3. Correct VLAN assignment on the Stratix 8000 switch (Lab 2). Check that Windows firewall is disabled and Symantec or other antivirus software is not running on the PC. not configuring Public to Private tab.

4. use the startup script to restore the lab configuration.). If the PC’s NIC is set to DHCP and keeps getting the overlapping address. Serial console connection and CLI can also be used to correct the configuration (requires knowledge of IOS commands).168. Verify settings for other devices. Cannot connect to the switch via the script. not VM). Reset the demo box. Restart the VM image. In case if the switch configuration has been altered (wrong IP address.168. 59 of 59 . This can be done using the Express Setup button. Cannot ping 1. Please refer to the Stratix switch manual. . 2. 7.30. 3. Reset the EN2TR module. Check the IP address of the physical NIC of the PC (not the VM). (message says “The embedded TFTP server cannot start”). one for the demo box connection. 5.Cannot restore configurations using Cisco CNA Shut down the TFTP server that is running on the image. 8.1.7 range. Power cycle the demo box. CNA Try the following steps to resolve the issue: or webpage using the normal steps.20. Make sure that it has NOT been assigned in the 192. the switch needs to be reset to the factory default configuration and the correct IP address should be assigned. Duplicate IP Address error in one of the EN2TR Try the following steps to resolve the issue: modules 1. 5. 4. Verify the IP address of the PC (see reset steps above). or . After the switch has been reset to the factory default configuration and correct IP address has been assigned. do the following in the command prompt: ipconfig /release net stop dhcp net start dhcp ipconfig /renew 2. Reboot the PC (physical machine. and another for classroom connection) 6. Verify that the correct physical NIC on the PC is used (typically event computers have two NICs. wrong VLAN on the port etc. 3. correct port (see reset steps above).1.1 – 192. Make sure that direct connection is made to the switch through the the IP address of the switch from the PC.