Applying Advanced EtherNet/IP Features in

Converged Plant-wide Ethernet Systems

For Classroom Use Only!

 Important User Information

This documentation, whether, illustrative, printed, ―onlineǁ or electronic (hereinafter ―Documentationǁ) is intended for use only as
a learning aid when using Rockwell Automation approved demonstration hardware, software and firmware. The Documentation
should only be used as a learning tool by qualified professionals.

The variety of uses for the hardware, software and firmware (hereinafter ―Productsǁ) described in this Documentation,
mandates that those responsible for the application and use of those Products must satisfy themselves that all necessary steps
have been taken to ensure that each application and actual use meets all performance and safety requirements, including any
applicable laws, regulations, codes and standards in addition to any applicable technical documents.

In no event will Rockwell Automation, Inc., or any of its affiliate or subsidiary companies (hereinafter ―Rockwell Automation) be
responsible or liable for any indirect or consequential damages resulting from the use or application of the Products described
in this Documentation. Rockwell Automation does not assume responsibility or liability for damages of any kind based on the
alleged use of, or reliance on, this Documentation.

No patent liability is assumed by Rockwell Automation with respect to use of information, circuits, equipment, or
software described in the Documentation.

Except as specifically agreed in writing as part of a maintenance or support contract, equipment users are responsible for:
• properly using, calibrating, operating, monitoring and maintaining all Products consistent with all Rockwell
Automation or third-party provided instructions, warnings, recommendations and documentation;
• ensuring that only properly trained personnel use, operate and maintain the Products at all times;
• staying informed of all Product updates and alerts and implementing all updates and fixes; and
• all other factors affecting the Products that are outside of the direct control of Rockwell Automation.

Reproduction of the contents of the Documentation, in whole or in part, without written permission of Rockwell Automation
is prohibited.

Throughout this manual we use the following notes to make you aware of safety considerations:

Identifies information about practices or circumstances that can cause an explosion in a hazardous
environment, which may lead to personal injury or death, property damage, or economic loss.

Identifies information that is critical for successful application and understanding of the product.

Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you:
• identify a hazard
• avoid a hazard
• recognize the consequence

Labels may be located on or inside the drive to alert people that dangerous voltage may be present.

Labels may be located on or inside the drive to alert people that surfaces may be dangerous temperatures.
Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet
Systems

Contents
Before You Begin .......................................................................................................................................... 5
About this lab ................................................................................................................................................................. 5
What You Will Accomplish In This Lab .......................................................................................................................... 5

About Stratix 5700 ......................................................................................................................................... 6

Stratix 5700 Managed Ethernet Module......................................................................................................................... 6

About Logix Controllers ................................................................................................................................. 7

ControlLogix: Perfect for high-speed, high-performance, multidiscipline control........................................................... 7

About Studio 5000 ......................................................................................................................................... 8

What’s new? .................................................................................................................................................................. 8
Logix Designer ............................................................................................................................................................... 8
View Designer ................................................................................................................................................................ 8
Tools and Prerequisites ................................................................................................................................................. 9
Lab Materials ................................................................................................................................................................. 9
Hardware ....................................................................................................................................................................... 9
Instructor Information ................................................................................................................................................... 10

Connecting your Lab Station ....................................................................................................................... 10

Lab 1: Network Address Translation (NAT) for a Layer 2 Architecture....................................................... 11

About This Lab ............................................................................................................................................................. 11
Scenario: ...................................................................................................................................................................... 12
Configuring NAT in the Stratix 5700 using the Device Manager Interface ................................................................... 12

Lab 2: VLAN Segmentation, Connected Routing, and Network Address Translation (NAT) for a Layer 3
Architecture. ................................................................................................................................................ 32
About This Lab ............................................................................................................................................................. 32

3 of 67
Scenario: ...................................................................................................................................................................... 33
Network Segmentation by Creating VLANs ................................................................................................................. 35

Appendix A: Configuration/Setup Guide ..................................................................................................... 56

Lab Setup and Configuration Information ...................................................................... Error! Bookmark not defined.

4 of 67
Before You Begin

Before you begin this Hands-On lab, please be sure to close any applications that are currently open.

About this lab

Welcome to the Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Systems Lab. The Stratix
5700 and Stratix 8000 are Rockwell Automation Ethernet Switches that utilize Cisco technology inside and offer the
best of both worlds. These switches offer the Best of Cisco and the Best of Allen-Bradley.
The Stratix family of switches utilizes the Cisco Catalyst switch architecture and feature set, leveraging powerful
configuration tools, to provide secure integration with the enterprise network while at the same time supporting a
familiar structure for IT professionals.
The Stratix 5700 and Stratix 8000 Managed Ethernet Switches are Rockwell Automation switch products
designed to help ease deployment of your Ethernet networks on machines and on the plant floor. Configuration
can be completed using either the integrated web-based Device Manager or via Rockwell Automation’s
Studio5000 programming. Use of the Studio 5000 software allows for easy setup and comprehensive diagnostics
as part of the Rockwell Automation Integrated Architecture. Additionally, Studio 5000 automatically generates
Logix tags for integrated diagnostics and includes FactoryTalk View faceplates for status monitoring and
alarming. Together these features provide for a premier integration of network devices into control and
automation systems.
This lab covers a variety of advanced techniques, best practices, software packages, and products using
EtherNet/IP. It will demonstrate Network Address Translation (NAT) in Layer 2 as well as Layer 3 architectures,
Virtual LAN (VLAN) segmentation, and Connected Routing. A prior understanding of general Ethernet concepts,
including switching and routing is recommended.

What You Will Accomplish In This Lab

As you complete the exercises in this hands-on session, you will:

Learn how to set up the advanced functions of a Stratix family managed Ethernet switches.

Learn how to configure the Stratix 5700 and Stratix 8000 via either of the following methods:
o Device Manager – outlines basic and advanced configurations along with troubleshooting tools
o Studio5000 – outlines basic and advanced configurations along with diagnostics and
troubleshooting tools available for use within a Studio 5000 program

Learn how to set up NAT in Layer 2 and 3 Architectures.

Learn how to segment a network with multiple VLANs.

Learn how to set up Connected Routing.
Lab 1- Will walk you through the steps of setting up NAT for Layer 2 architecture system using Device Manager.

5 of 67
Lab 2- Will walk you through the steps of VLAN assignment and network segmentation, Connected Routing and NAT
in a Layer 3 architecture.

About Stratix 5700

In this lab, we will introduce you to the Stratix 5700 Ethernet managed switch with Cisco technology. The Stratix 5700
Managed Ethernet Switch is equipped with up to 20 ports that can include standard 10/100Mbps copper ports,
10/100/1000Mbps copper ports (optional), and SFP fiber optic ports (optional).

SFPs (Small Form factor Pluggable) are small modules that allow you to select from a variety of fiber optic
transceivers for the switch. You will need to select different SFPs depending on the speed and type of fiber
you are planning to use.

The Stratix 5700 can be managed via the Device Manager Web interface for configuration, troubleshooting and monitoring.
Using this software, real-time information can be viewed. In addition to the Device Manager, the switch can also be managed via
the Studio 5000 environment after Express Setup on the switch is complete.

Through Device Manager, a front panel view of the Stratix 5700 can be observed where switch components are color-coded to
indicate state of the switch. An existing fault or error condition can be observed to match the front of the physical switch LEDs
status indicators.

Additional advanced features of the switch that are covered in other labs include Virtual LAN (VLAN), Network Address
Translation (NAT), and Precision Time Protocol (PTP – CIPSync) capabilities to name a few.

Stratix 5700 Managed Ethernet Module

A complete description of the ports and system diagnostic LEDs can be found in the Device Manager and the
Hardware Manual (Publication 1783-UM004C-EN-P.pdf).

6 of 67
About Logix Controllers

CompactLogix and ControlLogix Processors

ControlLogix: Perfect for high-speed, high-performance, multidiscipline control

ControlLogix brings together the benefits of the Logix platform — common programming environment, common networks, and
common control engine — to provide the high-performance your application requires in an easy-to-use environment. Tight
integration between the programming software, controller, and I/O reduces development time and cost at commissioning and
during normal operation.

ControlLogix offers the following benefits:

Premier high-speed, high-performance control platform for multidiscipline control (sequential, process, drive, and motion).

Fully-redundant controller architecture provides bumpless switchover and high availability.

Widest range of communication options and analog, digital and specialty I/O.

Select ControlLogix products are TUV-certified for use in SIL 2 applications
With memory options ranging up to 32MB, ControlLogix controllers support intensive process applications and provide fast
processing of motion instructions in a single integrated solution.

ControlLogix provides modular network communications that let you purchase only what you need. Interface using ControlLogix
communication modules via a ControlLogix gateway, without the need for a processor in the gateway chassis, or interface
directly to a ControlLogix controller.

The ControlLogix solution also provides time synchronization capabilities, which is particularly useful in first fault and process
sequencing applications.

7 of 67
About Studio 5000

What’s new?
Studio 5000 is the first evolution of our Integrated Engineering Environment and is the foundation for the future of Rockwell
Automation Engineering Design tools and capabilities. It is the one place needed for design engineers to develop all the
elements of their control system. All in one intuitive tool and environment that increases development efficiencies resulting in
shorter design cycles and faster time-to-market.

Logix Designer
Studio 5000 is a modular framework for engineering collaboration with plug-ins for specific engineering tasks. For example,
there will be a core plug-in that will be used for developing projects for Logix controllers. This plug-in is referred to as Logix
Designer. Logix Designer brings the existing RSLogix 5000 user interface into the Studio 5000 environment which will introduce
new shared components. These components will bring even more power, flexibility, and organization to the Logix design
environment. Studio 5000 will be required for all Logix controllers that are running version 21 firmware or greater.

View Designer
A future version will introduce a new core plug-in to Studio 5000 called View Designer. View Designer is the graphical design
environment for the View 5000 touch screen terminals. This allows developers to design PAC and HMI applications in a single
design environment. The shared services between the Studio 5000 plug-ins allow major components, such as a tag database, to
be shared between PAC and HMI applications.

8 of 67
Tools and Prerequisites
• PC with Microsoft Internet Explorer V9, V10, V11 or Mozilla Firefox V25, V26 with JavaScript enabled, Studio 5000
v23, FactoryTalk View Studio 8
• Stratix 5700 with FW V15.2(1).EY1 preloaded
• Stratix 5700 Add On Profile (AOP) v. 6.05.02 for integration into Studio 5000
• Stratix 5700 AOI and Factory Talk View Faceplate v2.1
• Stratix 8000 with FW V15.2(1).EY1 preloaded
• Stratix 8000 AOP v6.03.09
• Stratix 8000 AOI and FactoryTalk View Faceplate v5

Lab Materials
For this Hands-On lab, we have provided you with the following materials that will allow you to complete the labs in
this workbook.

Hardware

This hands-on lab uses the following hardware:

• ENET 21 Demo Box
• PC with Microsoft Internet Explorer V9, V10, V11 or Mozilla Firefox V25, V26 with JavaScript enabled, Studio 5000
v23, FactoryTalk View Studio 8

9 of 67
Instructor Information
The Instructor Information outlines the:
• Setting up of the Lab
• Troubleshooting the Lab
Please refer to Appendix A in the back of the Lab Manual for additional Instructor Information

Connecting your Lab Station

Look at the lab diagram below. This system is comprised of two ControlLogix controllers, a Stratix 8000 and Stratix 5700,
Point I/O, ETAP, ArmorBlock and a Computer.

We have already made the connections for you. Verify and trace all the cables.

10 of 67
Lab 1: Network Address Translation (NAT) for a Layer 2 Architecture.

About This Lab

A common situation that machine builders find themselves in, is one where there is already a single, flat network on
the manufacturing floor. The addition of a new machine or line would add numerous devices to a limited network
space. Many of these on-machine devices do not need to communicate with devices outside of the machine. This is
where layer 2 NAT can be leveraged to integrate one or more machines to an existing network, without having to
assign unique addresses to each machine IP enabled component.
The network diagram below depicts a layer 2 network, in that the inside and outside zones comprise only one VLAN.
The inside zone would be the equivalent of a machine being added into a larger outside network. A layer 3 device
with routing capability is not required since all network traffic in this network stays within the same VLAN.

11 of 67
Scenario:
We want to add several machines to our current architecture. Each machine will have identical equipment and
network architecture. In order for us to have the same IP addressing for all the additional machines we will need to
implement layer 2 NAT. Each Station has a Line controller for supervisory control and a Machine controller for
machine level operation. We want to maintain only one Studio 5000 program for all future machines instead of having
to reconfigure every device on each machine with new IP addresses to connect to the plant network. We will have to
configure NAT in the Stratix 5700 such that devices with existing “Private” IP addresses will be assigned a unique
“Public” address. We will also have to configure Public devices with unique Private IP address. This allows
communication to and from the devices on the private (inside) side and public (outside) side as show in the above
layer 2 architecture.
We will configure NAT to allow communication (produce/consume) between the two controllers (Line and Machine)
that will trigger the I/O lights to flash through a sequence.
For the purposes of this lab, the upper ControlLogix chassis in your demo box represents the Machine controller and
the lower chassis represents the Line controller.

Configuring NAT in the Stratix 5700 using the Device Manager Interface

First we will connect our PC to the machine level Stratix 5700 switch that has an IP Address of 192.168.1.2 and
configure NAT on this switch.

1. Move PC Network cable from port FA1/2 on the Stratix 8000 to port FA1/1 on the Stratix 5700.

12 of 67
2. Verify the PC IP address is set to 192.168.1.30. From the Control Panel go to the Network and Sharing
Center.

Click Change adapter settings

13 of 67
Right Click Local Area Connection and select Properties.

From Local Area Connection Properties, select Internet Protocol Version 4 (TCP/IPv4). Once selected, click
the Properties button.

14 of 67
Verify the PC’s IP Address is set to 192.168.1.30 with a Subnet Mask of 255.255.255.0

3. Now, let’s open the Device Manager Interface for the Stratix 5700 switch by launching Internet Explorer icon
on taskbar

4. Type the IP address of the Stratix 5700 in the address bar and press enter. 192.168.1.2

5. In the authentication box shown below, leave “username” blank and type “rockwell” (all lowercase, no
quotes) as the password.

15 of 67
6. You are now in the Stratix 5700 Device Manager. Go to the Configure menu and then click on NAT.

16 of 67
7. Refer to the image shown below, this is where you will configure your NAT Instances. Click the Add button.

8. The “Add/Edit NAT Instance” configuration window will appear. This is where the NAT instance translations
are entered.

17 of 67
9. The Name field is where you will type the name of your NAT instance. For this lab please type
Advanced_Lab.

18 of 67
Next we need to select what interfaces and VLANS we are assigning to this instance.

When assigning VLANs to a NAT instance, consider the following:

• NAT does not change VLAN tags. This means both your private and public subnets, while different,
need to share the same VLAN to communicate.
• You can assign a maximum of 128 VLANs to one or more instances.
• You can assign the same VLAN to multiple instances as long as the VLAN is associated with different
ports. For example, you can assign VLAN 10 to both instance A and instance B as long as VLAN 10 is
associated with port Gi1/1 on instance A and port Gi1/2 on instance B.
• By default, each instance is assigned to all VLANs on port Gi1/1 and no instances on port Gi1/2. VLANs
associated with a trunk port may or may not be assigned to a NAT instance:
• If a VLAN is assigned to a NAT instance, its traffic is subject to the configuration parameters of the NAT
instance.
• If a VLAN is not assigned to a NAT instance, its traffic remains un-translated and is always permitted to
pass through the trunk port.

8. In this lab we are using VLAN 10 and interface Gi1/1. Go ahead and leave VLAN “10” checked and
deselect all others.

19 of 67
9. Click the Add Row button. We are going to enter our Private to Public translations first.

See the chart below for translations.

Device Private Public

Stratix 5700 192.168.1.2 10.10.10.2
Private to Public
EN2TR 192.168.1.3 10.10.10.3
NAT Table
EN2TR DLR 192.168.1.4 10.10.10.4
ArmorBlock 192.168.1.7 10.10.10.7
Device Public Private
Public to Private Stratix 8000 10.10.10.1 192.168.1.1
NAT Table Line EN2TR 10.10.10.20 192.168.1.20
PC 10.10.10.30 192.168.1.30

20 of 67
10. In the “Private IP Address” field and in the “Public IP Address” field, type the addresses shown in the table
above. Click Save after each pair of addresses.

11. Now click on the “Public to Private” tab and enter the translations shown in the table above.

21 of 67
12. Click Submit to finalize the configuration and close the Device Manager.

13. After NAT is configured, we now want to connect our PC at the supervisory level to the Stratix 8000 Port
FA1/2 and change our PC’s IP Address to 10.10.10.30. (Remove cable from Stratix 5700 FA1/1 and place
into Stratix 8000 FA1/2).

22 of 67
14. Verify the NAT configuration is working, by opening Device Manager for the Stratix 5700. The address we
will now have to use to access the Stratix 5700 is the translated IP address of 10.10.10.2

15. Once again you will be prompted to enter the authentication credentials in the box shown below, leave
“username” blank and type “rockwell” (all lowercase, no quotes) as the password. (Same as before)

23 of 67
16. By being able to access the switch from the translated address and from the Device Manager Dashboard
we can see the NAT Instances are being applied.

24 of 67
We can also check the NAT instances are working by clicking the Monitor tab and then selecting NAT Statistics

25 of 67
 17. Now with the NAT instances configured and working we are ready to download the programs to the Line
and Machine controllers. In the Logix Files folder on the desktop, open EIP_Advanced_Line_LAB_1.ACD
and download the program.

From the Communication tab select WhoActive and browse to the Line Processor address of 10.10.10.20 and
select Download.

26 of 67
18. Click Download.

19. Click Yes to change the controller to Remote Run mode.

27 of 67
20. Now we are ready to download the program to the machine controller. In the Logix folder on the desktop,
open EIP_Advanced_Machine_LAB_1.ACD. Download the program.

28 of 67
21. From the Communication tab select Who Active, expand LAB_1_VLAN10 Ethernet driver, browse to the
Machine Processor address of 10.10.10.3, slot 0 and select Download.

22. Click Download.

29 of 67
23. Click Yes to change the controller to Remote Run mode.

24. Once Downloaded, the Point I/O outputs on the demo case will start to blink on and off, proving and
illustrating the communication between the Line and Machine Controllers through a NAT boundary.

30 of 67
25. Start the View SE application by clicking on the desktop shortcut. The View SE application shows the overall
network status. Make sure all connections are green.

You have successfully completed this Lab.

31 of 67
Lab 2: VLAN Segmentation, Connected Routing, and Network Address Translation (NAT) for a Layer
3 Architecture.

About This Lab

Larger production systems require larger networks, with various levels of segmentation and routing. Typically layer 3
distribution switches or routers are utilized to accommodate a hierarchal network design. The addition of multiple
machines, would require the assigning of numerous IP address assignments, as well as reprogramming of each
machine to have unique addresses. The network diagram shown below demonstrates multiple machines or cell area
zones being integrated into a larger network.

Manufacturing
LAN VLAN30
OUTSIDE Cisco 3750X Line Controller

VLAN10 VLAN20

INSIDE INSIDE
Stratix 5700 Stratix 5700
NAT NAT

Machine 1 Machine 2

Each machine is the same, with devices having the same IP address in each machine. Utilizing a NAT device in each
machine allows them to be connected to the network without having to modify programs or device IP addresses. Not
all devices have to be exposed to the plant network, only those with a provided translation. This helps limit the
broadcast domain, hides machine devices from the rest of the network, and allows for simpler and faster integration
of the machines into the plant network. In the layer 3 architecture shown above, The Stratix 5700 NAT table would be
configured with a gateway address instead of using an additional public to private translation table.

32 of 67
Scenario:
We want to add several identical machines to our current process. Each machine will have identical equipment and
network architecture. In order for us to have the same IP addressing for all additional machines we will still need to
utilize NAT but not NAT in a layer 2 architecture. Knowing we will have a large network, we don’t want to create one
big flat network. So we will add various levels of network segmentation by adding multiple VLANs and routing to our
new architecture.
We will utilize all the equipment in our demo box to create our new architecture. The desired architecture is shown in
the diagram below.

The Line Controller will be configured on VLAN20 and the PC will be configured to VLAN30. The Machine device’s
private IP addresses will be translated to the configured VLAN10 addresses. In order for this architecture to work, we
will need to configure routing in the Stratix 8000. We will configure Connected Routing which enables all devices on
any VLAN that use the switch to communicate with each other if they use the switch as their default gateway.
The Line controller will be used for the supervisory control and a Machine controller for machine level operation. We
want to be able to maintain only one Studio 5000 program for all future machines and not have to reconfigure every
33 of 67
device on each machine with new IP addresses, all while maintaining connectivity with the Line controller for
supervisory control. We will have to re-configure the previous NAT configuration in the Stratix 5700 switch that will
enable devices with existing “Private” IP addresses to be assigned a unique “Public” addressing allowing
communication to and from the devices on the private (inside) side and public (outside) side as show in the above
architecture. Instead of using a Public to Private translation, a default gateway needs to be assigned to the instance.
The new configuration will allow communication (produce/consume) between the two controllers (Line and Machine)
that will trigger the I/O lights to turn ON.
For the purposes of this lab, the upper ControlLogix chassis in your demo box represents the Machine controller and
the lower chassis represents the Line controller.

34 of 67
Network Segmentation by Creating VLANs

1. Launch Internet Explorer by clicking the internet explorer icon on taskbar

2. Type the IP address of the Stratix 8000 in the address bar and press enter. 10.10.10.1

3. In the authentication box shown below, leave “username” blank and type “rockwell” (all lowercase, no
quotes) as the password.

35 of 67
4. You are now in the Stratix 8000 Device Manager. In the Stratix 8000, we will create multiple VLANs to
segment our network and we will also configure Connected Routing.

36 of 67
5. Expand the “Configure” tab and select “VLAN Management”.

6. In VLAN Management, you will see that VLAN10 and VLAN20 are already created. We used VLAN10 for
the previous lab and VLAN20 was created in advance. We will be creating the VLAN30 network for the PC
and HMI application.

37 of 67
7. To create the VLAN30 network, click the “Add” button.

8. To create a VLAN, you must give the VLAN a name and unique ID number. You can always modify the
name of the VLAN but not its number.

38 of 67
9. Enter a VLAN ID of “30”, Name of “VLAN30”, select IP Address mode to “Static” with an IP address of
”10.10.30.1” and click “OK” to create the new VLAN.

10. After creating the VLAN, we need to assign a port to our VLAN. Before assigning the port will verify the port
has the appropriate port role. Expand the “Configure” tab and select “Smartports”.

39 of 67
11. Select port Fa1/6 and change its role to “Virtual Desktop for Automation” and “Save” the change.

12. Now, go to the “Configure” tab and select “Port Settings”

40 of 67
13. Select port Fa1/6 and go to “Edit”. In the port Description enter “VLAN30” and make the Administrative
Mode “Access” and change the Access VLAN to “VLAN30-30” and click “OK”.

41 of 67
14. Before changing our PC IP address and moving it to the VLAN30 network, we will need to setup up
Connected Routing.
To enable connected routing, the Switch Management Database (SDM) template should be set as Lanbase
Routing. The SDM templates optimize how switch memory is allocated for specific features. This is done
from the Admin Menu, and choosing SDM-Template. (Note this step has already been done for you)

15. Verify that the SDM template is set to “Lanbase Routing”.

16. The process of changing the template causes the switch to automatically restart. (Note: to save time, this
step has already been done for you. Do NOT change the template unless it is a Default).

17. From the Configure menu, choose Routing.

42 of 67
18. To enable connected routing, check Enable Routing and click Submit.

Connected routing- Enables all devices on any VLAN that use the switch to communicate with each other if
they use the switch as their default gateway. To disable connected routing and prevent inter-VLAN
communication, you must configure access control lists (ACLs) by using the CLI.

43 of 67
19. Now with routing enabled we can continue moving our PC to the VLAN30 network and the Line controller to
the VLAN20 network. First, we will change the IP address of our PC and plug our PC cable into the Stratix
8000 port Fa1/6, which we configured for VLAN30 in the previous steps.

20. Verify the routing is working by first accessing Device Manager for the Stratix 8000. Next try to ping the Line
controller. From command interface type “ping 10.10.10.20”.

44 of 67
21. The Line controller is still on VLAN10 with an IP address of 10.10.10.20. From our architecture drawing we
decided to change the Line controller to VLAN20.
Recall, VLAN20 was already preconfigured for use in this lab using DHCP persistence feature of the Stratix
8000 switch. The line Controller’s 1756-EN2TR module was setup for DHCP also.

Now, we will use the preconfigured DHCP settings to assign the Line Controller a new IP address on the
VLAN20 network.

45 of 67
 From the Configure menu, select Port Settings. From the Port Setting we see port Fa1/4 has an Access
VLAN of 20.

22. Remove the Line Controller’s cable from the Stratix 8000 port Fa1/3 and plug it into Fa1/4. In order for
DHCP to assign the new address of 10.10.20.20 to the Line controller, the 1756-EN2TR will have to be
power cycled after changing the connected port. To power cycle the 1756-EN2TR module in the bottom
chassis, pull the module out of the chassis and then put it back in. Watching the display on the EN2TR, you
will see it go through the power cycle and get assigned the new IP address of 10.10.20.20. To verify, ping
the new IP address.

We have not yet configured the NAT instance for the layer 3 architecture we just created and we are still using the
layer 2 NAT instance. We will need to edit the current NAT instance in the Stratix 5700 by removing the “Public to
46 of 67
Private” translations and by adding a gateway translation.

To configure NAT, you create one or more unique NAT instances. In a typical implementation, only one
instance is required. A NAT instance contains entries that define each address translation, as well as other
configuration parameters.
The translations you define depend on whether traffic is routed through a Layer 3 switch or router or a Layer
2 switch. If traffic is routed through a Layer 3 switch or router, you define the following:
1. A private-to-public translation for each device on the private subnet that needs to communicate on the
public subnet.
2. A gateway translation for the Layer 3 switch or router.
You do not need to configure NAT for all devices on the private subnet. For example, you can choose to
omit some devices from NAT to increase security, decrease traffic on the port, or conserve public address
space.

23. Go the Device Manager interface for the Stratix 5700. Launch Internet Explorer by clicking the Internet
Explorer icon on taskbar
24. Type the IP address of the Stratix 5700 in the address bar and press enter. 10.10.10.2.

47 of 67
25. Go to the Configure menu, and select NAT.

26. Select Advanced_Lab, and click Edit.

48 of 67
27. In the Public to Private tab, we need to delete all the translations used for the layer 2 architecture lab.
Select all three translations, and click Delete.

You will be asked if you are sure you would like to delete the selected items. Click OK.
DO NOT CLICK SUBMIT AT THIS POINT

49 of 67
28. Go to the General tab, here we will leave all the translations from Private to Public. We need to enter a
Gateway Translation so the Stratix 8000 can route to our machine cell. Click Add Row.

29. Enter the Gateway Translation of 10.10.10.1 for the Public and 192.168.1.1 for the Private. Click Save.

50 of 67
 30. Now click Submit, to save the changes we made to this NAT Instance.

31. Now we will try to ping the Machine controller.

51 of 67
32. We are now ready to download our Line Controller program followed by the Machine Controller program.
Open the Logix Files folder on your Desktop and open the program EIP_Advanced_Line_Lab_2.ACD.
Download the program to the controller. If prompted for the path to the controller, select Lab2_Line Ethernet
driver in the tree and browse to 10.10.20.20 slot 0.

52 of 67
33. Click “Download”

34. Click “Yes” to change the controller to Remote Run mode.

53 of 67
35. Now with program downloaded to the Line Controller we want to download the Machine controller program.
In the Logix folder on the desktop, open EIP_Advanced_Machine_Lab_2.ACD. If prompted for the path to
the controller, select Machine_Lab2 Ethernet driver in the tree and browse to 10.10.10.3 slot 0.

54 of 67
36. Click “Download”.

37. Click “Yes” to change the controller to Remote Run mode.

38. Once Downloaded, the Point I/O outputs on the demo case will be solid Green. Proving and illustrating the
communication between the Line and Machine Controllers. Also check the FactoryTalk View Application for
Lab 2.

You have successfully completed the Lab.

55 of 67
Instructor’s Use Only: Lab Configuration and Setup
Guide

Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Systems

56 of 67
Lab Configuration Information

Lab Information

Lab Name Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet

Systems
Lab Description EtherNet/IP enables both seamless plant-wide information sharing and
convergence of industrial and non-industrial network traffic, while maintaining
real-time communication for control applications.
This hands-on lab will cover a variety of techniques, best practices, software and
products using EtherNet/IP. It will also demonstrate Network Address Translation
(NAT) in Layer 2 and Layer 3 architectures, VLAN segmentation, and Connected
Routing. A prior understanding of general Ethernet concepts, including switching
and routing is recommended.
Lab Creator Eduard Polyakov – Sr. Commercial Engineer
Date Created 9/1/2014
Updates: 2/12/2015

Hardware Configuration
Qty Demo Cat.# / Description Slot IP Address Firmware
1 ENET21 Demo Box
Top CLX Chassis
1756-L75 Slot 0 V23
1756-EN2TR Slot 1 192.168.1.3 V5.x
1756-IB16ISOE Slot 2 V2.7
1756-EN2TR Slot 3 192.168.1.4 V5.x
Bottom CLX Chassis
1756-L75 Slot 0 V23
Configured as outlined in
1756-EN2TR Slot 1 the various lab sections V5.x
1756-IB16ISOE Slot 2 V2.7
1756-SFM Slot 3 N/A
Stratix 5700 Ethernet Switch N/A 192.168.1.2 V15.2(1)EY1
Stratix 8000 Ethernet Switch N/A 10.10.10.1 (VLAN 10) V15.2(1)EY1
1783-ETAP 192.168.1.6 V2.1
1734-AENTR Slot 0 192.168.1.5 V3.2
1734-IB8 Slot 1 V3.22
1734-OB8E Slot 2 V3.22
1734-OE2V Slot 3 V1.1
1732E-IB16M12SOEDR 192.168.1.7 V1.6
57 of 67
Computer/Host Settings
Location Files
Computer Name Core
IP Address Configured as outlined in the various lab sections
Windows 7 with Internet Explorer V9, V10, V11 or Mozilla V26,
Operating System V27 installed

Application Versions
Vendor Software Version Service Pack
RA Studio 5000 V23
RA RSLinx V3.7
RA FTViewSE V8

Note: Please be aware that IP addresses of some of the devices change during the lab. The Stratix 8000
switch has several VLAN interfaces, each with its own IP address.

58 of 67
Photograph of Hardware:
This hands-on lab uses the ENET21 Demo Box. This system is comprised of 2 Control Logix controllers, 2 different types of
Stratix Ethernet Switches, 1 Point I/O module, 1 Armor Block module, 3 different styles of Ethernet modules, and 1 Computer.

Note: The same demo box is used for this Advanced lab and the “Applying EtherNet/IP and Stratix Switches”
lab (“Basic” lab). The switch configuration and cabling for some of the devices is different between the labs.
Please make sure that correct reset steps are followed since the box may be configured for a different lab.

59 of 67
Lab Resetting and Startup Procedures

This section describes how to reset the hardware and verify configuration when setting up the lab and between the sessions.
Please read all steps through one time before hooking and starting up the lab.
1. Wire up all Ethernet devices to the corresponding Ethernet ports on the Stratix 8000 and 5700 switches as seen
below. Note that the Line Controller (connected to the Stratix 8000) is in the bottom chassis of the demo box.
The Machine Controller (connected to the Stratix 5700 and DLR) is in the top chassis.

a. Make sure that “Line” EN2TR Slot 1 Port 1 (Bottom CLX) is connected to the Stratix 8000 Fa1/3. This is
necessary for the correct IP address assignment for Lab 1.
b. Note that during the lab some cables are moved to different switch ports. Please make sure that connections
are restored between the sessions according to the diagram.
2. Power cycle the demo box (if resetting between sessions or different labs). Wait approximately 2-3 minutes for

60 of 67
 switches to boot (port LEDs should start to flash green).
3. Restart the lab image on the PC. Change the IP address of the PC to 10.10.10.30.
Verify that the PC is plugged in the Stratix 8000 Fa1/2 port.

4. Restore the configuration on the Stratix 8000 switch using the Cisco Network Assistant (CNA).
a. Start the CNA (shortcut on the desktop).

b. Click Cancel when prompted for Cisco CCO credentials.

c. Type or select 10.10.10.1 in the Connect To field and click OK.

61 of 67
d. Enter rockwell as a password. Leave the username filed as blank.

Note: If the login fails, try to enter username admin and password rockwell. This may happen
when a switch has just been upgraded to the new firmware and reset with the Express Setup
procedure. After restoring configuration, only the password is needed.

e. Select Maintenance – Configuration Archive in the menu.

f. Select Restore tab. Select the option Show backed-up configurations of the selected device type. Select the
first item in the list. Make sure that the note says Lab 1 – Configuration… (CR disabled…). Click Restore.

62 of 67
 g. Wait until the message says Restore complete. Click OK. In the pop-up box, click Restart.

h. Click OK and exit the CNA program. The switch will restart in 60 seconds. The boot time for the Stratix 8000
is approximately 2 minutes.
5. Move the PC Ethernet cable to the Stratix 5700 port Fa1/1. This is a temporary connection to restore the 5700
switch configuration.
6. Change the IP address of the PC to 192.168.1.30.

63 of 67
7. Restore the configuration on the Stratix 5700 switch using the CNA.
a. Start the CNA (shortcut on the desktop).

b. Click Cancel when prompted for Cisco CCO credentials.

c. Select or type 192.168.1.2 in the Connect To field and click OK.

d. Enter rockwell as a password. Leave the username filed as blank.

Note: If the login fails, try to enter username admin and password rockwell. This may happen
when a switch has just been upgraded to the new firmware and reset with the Express Setup
procedure. After restoring configuration, only the password is needed.

64 of 67
e. Select Maintenance – Configuration Archive in the menu.

f. Select Restore tab. Select the option Show backed-up configurations of the selected device type. Select the
last item in the list. Make sure that the note says Stratix 5700 Start Configuration for the Advanced Lab1.
Click Restore.

g. Wait until the message says Restore complete. Click OK. In the pop-up box, click Restart.

65 of 67
 h. Click OK and exit the CNA program. The switch will restart in 60 seconds. The boot time for the Stratix 5700
is approximately 1 minute.

Note to Steps 4-7: Switch configurations change during the normal steps of the lab. Also, the demo box may
arrive configured for the “Basic EtherNet/IP Lab”. Therefore it is necessary to restore switch configurations.

8. Move the PC Ethernet cable back to the Stratix 8000 port Fa1/2. This completes the cabling for the lab
according to the diagram.
The IP address can remain as 192.168.1.30. Lab 1 uses this address in the beginning.
9. Verify IP address assignment for the EN2TR modules.
a. “Machine” EN2TR slot 1 (Top CLX) - 192.168.1.3
b. “Machine” EN2TR slot 3 (Top CLX) - 192.168.1.4
c. “Line” EN2TR slot 1 (Bottom CLX) – 10.10.10.20

66 of 67
Lab Troubleshooting
Some of the issues that may happen during the lab and during the reset are listed here.
Possible Issues During the Lab
Problem
Cannot communicate to devices and switches
when supposed to during the lab (i.e. cannot ping,
connect to a switch via the webpage or go online
with the controller)
Possible Issues When Resetting the Lab
Problem
Cannot login to the switch via the CNA or
webpage using rockwell password.
Cannot restore configurations using the CNA.
Restore process fails.
Cannot connect to the switch via the CNA or
webpage using the normal steps. Cannot ping the
IP address of the switch from the PC.
Troubleshooting Steps
Verify the following to resolve the issue:
1. Correct IP address and the port for the PC according to the place in the
lab. There are several steps where IP addresses and ports should
change.
2. NAT configuration on the Stratix 5700 switch. Common mistakes are
reversing private and public IP addresses, mistyping IP addresses, not
configuring Public to Private tab, not configuring Gateway addresses in
the Lab 2.
3. Correct VLAN assignment on the Stratix 8000 switch (Lab 2).
4. SDM template Lanbase Routing (Lab 2).
5. Routing is enabled (Lab 2).
Troubleshooting Steps
Try to enter username admin and password rockwell. The issue may be
that the switch has been updated with the new firmware and the Express
Setup procedure applied. The latest firmware requires a username for the
Express Setup. After the correct lab configuration is restored with the CNA,
only password is required.
Verify that Windows firewall is disabled. Verify that Symantec or other
antivirus software is not running on the PC. It seems like Symantec software
on the computers with a standard RA image requires connection to the
corporate network to allow TFTP connections. There should be no issues
with the event PCs.
Try the following steps to resolve the issue:
1. Make sure that direct connection is made to the switch through the
correct port (see reset steps above).
2. Verify the IP address of the PC (see reset steps above).
3. Reset the demo box.
4. Reboot the PC (physical machine, not VM).
5. In case if the switch configuration has been altered (wrong IP address,
wrong VLAN on the port etc.), the switch needs to be reset to the factory
default configuration and the correct IP address should be assigned.
This can be done using the Express Setup button. Please refer to the
product manual.
6. Serial console connection and CLI can also be used to correct the
configuration (requires knowledge of IOS commands).
7. After the switch has been reset to the factory default configuration and
correct IP address has been assigned, use the CNA to restore the lab
configuration.
67 of 67