Host Engineering Forum
General Category => Do-more CPUs and Do-more Designer Software => Topic started by: ERokc on September 04, 2013, 11:38:58 PM
-
The time has come to learn networking including the internet. I have learned a little and need direction to tutorials if available. I prefer to read as much as I can so when the pros advise me I know what they are talking about.
My goal is in two stages.
1. Connect my PC via WiFi to Do-more Ethernet port. I'm currently using USB.
2. Connect my PC via internet to WiFi to Do-more Ethernet port when the machine is moved to production.
My computers are connected peer to peer. If I need a server please advise. I want the PLC to be able to send me its IP address should it change (dynamic IP).
I have a Wifi access point set up in the Station-Infrastructure mode but don't know if the IP address I used to configure the AP is the one I use to communicate from the PLC. There is a gateway address too, is it associated with the router that connects to the internet?
There are too many options and not enough understanding on my part. It took a whole day to discover what Subnet Mask does. I'll never forget what caused the correct IP to not connect from the browser.
I need study material. I want to understand it well enough I can troubleshoot my connections for what I'm using. Any explicit instruction need detail, remember it's still magic in my head.
Your help is very much appreciated.
-
I am old school, so my first suggestion is a good old fashioned book. Amazon has several (http://www.amazon.com/s/ref=nb_sb_noss?url=search-alias%3Daps&field-keywords=beginners%20guide%20to%20networking) that are beginners guides to networking.
If you want free, Juniper Networks (https://learningportal.juniper.net/juniper/user_activity_info.aspx?id=769) has this nice self paced study guide.
There are plenty of other resources. A Google search for Beginners Networking should garner you more places to study.
-
Old school works for me. Juniper Networks is what I need. I'm tired after a long day and I can listen and make notes.
Thanks
-
To find another device on a network, i.e. when you are not directly connected to the device, you need another device to tell you where it is.
This is typically referred to as a 'gateway' in network terminology. You may specify a gateway explicitly, or allow your computer to search for one automatically on the local network. When done automatically, you will connect to a network via a gateway, which will automatically assign you an address (an IP address) that tells the gateway and other devices where to find you and how to route traffic such as http requests and such. Typically the gateway will assign you an address in the same subnet, meaning all except the last number in the IP address NNN.NNN.NNN.XXX will be the same as the gateway. For example, a gateway on 192.168.1.1 will give you an IP in the range 192.168.1.2 to 192.168.1.255.
Whenever you make a network request, your request is first routed to the gateway for direction. If it can tell you where to find what you are looking for, it will do so - for example if you want direction to another device on the subnet, such as 192.68.1.18. Otherwise, it will continue upward (to its gateway, etc.) until it reaches a device with WAN (internet) exposure. This device will then contact a DNS (Domain Name Server) to request resolution for the domain you requested (e.g. google.com). the DNS translates this information into an IP address and an internet location where you can find the resource you requested.
In the context of your PLC, you will configure your PLC directly through your USB port to take an IP address on the same subnet as your gateway router. If you have doubts about what the subnet is, connect to your network, open up a cmd window and type 'ipconfig' or check the properties of your network connection in windows for the same information. Using this information, assign your PLC an IP on the same subnet, but with a different address. For example, if your computer is on 10.0.0.5, set your PLC to something like 10.0.0.100. It's good practice to set these at 100 or higher to avoid conflict with automatically addressed devices.
Once you've done the above, you should be able to see your device using the NetEdit utility, and then connection is simple using the Link function in your logic editor.
Connection over the internet may be done a variety of ways, but all should include an intermediate device to either put you on the network virtually (VPN), or by relaying information read from the PLC via a server. I can think of a couple ways to connect to your PLC directly, but you want to avoid this by putting a layer of security the WAN and any hardware device such as a PLC. For industrial control applications, a dedicated hardware VPN is likely the most flexible and robust choice.
Good luck.
C
-
Juniper Networks A/V Basic Network lessons was exactly what I needed. Thanks for the link. I found ipconfig and other resources for network details.
I now have set up a bridge for the PLC that connects to my WiFi access point. I set it up and tested it with a laptop. Only took a week to get to this point. I connected it to the PLC today and I get nothing. That brings me to PLC settings that was described in the previous post.
So tomorrow I will set the IP address for the PLC and give it another go. This first connection is within my LAN. Once the machine is installed I plan to use my customer's WiFi AP do make the internet connection.
So would I get the customer's network IP and make an IP for the PLC?
Will the bridge give the additional security layer you mention?
Is there a way to get a list of assigned IPs from the router in the network?
I checked my notes for my customer's WiFi connection and found my iPod's IP is 192.168.1.114. I now know what it means. A week ago it was just a number to me.
Will another device that connects to that WiFi be assigned a different IP?
Will the iPod I used to connect still have the same IP? Was my iPod MAC address assigned to that IP?
If the routers DHCP assignment gets to the address I assigned the PLC will it skip over it?
If my customer's WAN IP address changes is there a way for the PLC to convey the new address. Would PING send the IP for the PLC and how would I capture it on my end? Would an email do it too? I bet it's somewhere in the header.
I really needed to learn this. If the network connection breaks I might have a chance of fixing it. I discovered NetEdit and will check it out. OK my head's starting to spin again. Got to quit for the day.
-
I now have set up a bridge for the PLC that connects to my WiFi access point. I set it up and tested it with a laptop. Only took a week to get to this point. I connected it to the PLC today and I get nothing. That brings me to PLC settings that was described in the previous post.
What is the bridge? Can you provide more info?
So would I get the customer's network IP and make an IP for the PLC?
You'll need to know what subnet the PLC and/or bridge will be on to configure them appropriately.
Is there a way to get a list of assigned IPs from the router in the network?
Yes. You can generally log in directly to the router by navigating to it in a web browser. Most home routers, for example, can be addressed on 192.168.1.1 or 10.0.0.1. When you're on their subnet, typing the address in the address bar will get you to a configuration page. There are many other network scanning tools, but this is is the most direct way. This will also allow you to create a reservation for the IP address you want for your bridge and/or PLC.
I checked my notes for my customer's WiFi connection and found my iPod's IP is 192.168.1.114. I now know what it means. A week ago it was just a number to me.
Will another device that connects to that WiFi be assigned a different IP?
Yes. Your gateway is at 192.168.1.1. Each device needs a unique IP address or you will get network conflicts.
Will the iPod I used to connect still have the same IP? Was my iPod MAC address assigned to that IP?
If the routers DHCP assignment gets to the address I assigned the PLC will it skip over it?
The easiest answer here is "it depends". A lot of times a router will create a temporary DHCP reservation so that the same computer will reconnect to the same IP if it temporarily loses connection. You can't assume this, however. It does assign it by hardware MAC for the interface.
The router should not assign IP addresses to the address you have assigned to the PLC. It will see an existing connection and skip over it. However, this does not mean that when your PLC powers up and connects to the router, that another device won't already been assigned that IP. In other words, your PLC doesn't check to see if the IP it asserts is taken before announcing to the network that it is located at that IP. That is why you want to either (or both) set the IP outside of the range used for DHCP, or create a reservation in the router that always assigns a particular IP to a particular MAC address. These are configurations in the router that will solve this potential conflict.
If my customer's WAN IP address changes is there a way for the PLC to convey the new address. Would PING send the IP for the PLC and how would I capture it on my end? Would an email do it too? I bet it's somewhere in the header.
This is a pretty typical issue, and you need to resolve whether or not they have a static IP from their ISP or not. If no, then your work is more complicated. The easiest route is to see if they can get one. There is often a small surcharge for doing so. If you don't get one, a lease on an IP will often last 48hrs, but this is totally dependent on the ISP's whim as to how they think it best to allocate their IPs.
A lot of routers these days have a feature that allows 'dynamic dns'. This involves updating a third-party as to the current IP, so that you can ask that third party what the address is. One such free service is dyndns. If your customer's router has this feature, then you can enter your dyndns account information into the router and it will keep them updated, even if the WAN IP changes. You would assign a dyndns domain name to your customer, e.g. mycustomer.dyndns.org, and when you wanted to reach your customer you would use the domain name mycustomer.dyndns.org and it would point you to your customer, whatever the IP at the moment may be.
If your router does not have this feature, you can set up another computer on the network to do the updating, but a static IP would be easiest. I wouldn't try to ad hoc a solution here.
There are a few other obvious options, such as a hardware VPN, or a peer-to-peer VPN such as LogMeIn or LogMeIn Hamachi, but these require another PC under your control on the network to be on and running to allow you access to other network devices.
-
Very enlightening. I will never know everything about networks, don't want or need to know everything.
A wireless bridge is a network connecting device to tie two separate networks together. Like between two buildings with a street between. That eliminates the need for wiring or ISP service to the other building. Can be used short or long distances determined by RF power and antennas.
I'm simply using the bridge in "infrastructure mode" to add WiFi to the PLC because my customer's WiFi is there and it eliminates the need for wire to be run to the machine. Infrastructure mode simply WiFi enables the PLC and no other device.
The bridge has an IP for access like the router does for setup. The PLC IP will be available through the bridge to the WLAN that is already there. In setting up the bridge I do a site scan and it lists WiFi access it receives. I pick the correct one to use (my customer) and match the security and other parameters with theirs. I'm expecting it to go smoothly. I always expect it to go smoothly.
BTW, I sent myself an email. The originating IP address (mine) is in the header. All I need to do is have the PLC send a daily email and if I can't connect I check the email header. I should be able to look at my customer's email and get their IP. I did, there it is, I will verify it tomorrow. I'm using Cox communication and they are too. My IP does not change. I have powered off the cable modem and my router, no change so I'm expecting it will stay static at no charge. If it changes I can fix that.
Didn't have time today to connect the PLC up to my LAN, hopefully I get time tomorrow. Thanks for all the info. It really is coming together in my head now.
-
CONNECTED! I have a link to my PLC via WiFi on my LAN. Next step is to connect from another network through the Internet. I don't see where my WAN IP is entered or how that path is established. I will install Designer on my laptop and take it to another network to test.
How do I set up Designer to link through the Internet?
-
I'm simply using the bridge in "infrastructure mode" to add WiFi to the PLC because my customer's WiFi is there and it eliminates the need for wire to be run to the machine. Infrastructure mode simply WiFi enables the PLC and no other device. The bridge has an IP for access like the router does for setup. The PLC IP will be available through the bridge to the WLAN that is already there. In setting up the bridge I do a site scan and it lists WiFi access it receives. I pick the correct one to use (my customer) and match the security and other parameters with theirs.
This is what I was asking. There are a lot of different things called 'bridges' and various ways to configure them.
BTW, I sent myself an email. The originating IP address (mine) is in the header. All I need to do is have the PLC send a daily email and if I can't connect I check the email header. I should be able to look at my customer's email and get their IP. I did, there it is, I will verify it tomorrow. I'm using Cox communication and they are too. My IP does not change. I have powered off the cable modem and my router, no change so I'm expecting it will stay static at no charge. If it changes I can fix that.
Didn't have time today to connect the PLC up to my LAN, hopefully I get time tomorrow. Thanks for all the info. It really is coming together in my head now.
Your IP can change all it wants, as long as you are initiating all connections. You just need to know where to find your remote device.
What do you plan to do with the IP? As I mentioned before, having a PLC accessible via the WAN (from your remote location) without intermediate security in place is a major security concern. You'd also need to ensure that the router allowed you communication over the ports you need to communicate with the PLC directly. I don't know what these are, but you'd need these open for incoming/outgoing traffic on both ends, and there is no guarantee that an intermediate gateway would allow this traffic to pass through. I would not go down this path for both security and practicality sake.
I think you'd be better off with a PC locally that you can log in to using a service like LogMeIn (with a very functional free version). You can then use this PC as if you were on the local network and communication with the PLC on the LAN.
-
CONNECTED! I have a link to my PLC via WiFi on my LAN. Next step is to connect from another network through the Internet. I don't see where my WAN IP is entered or how that path is established. I will install Designer on my laptop and take it to another network to test.
How do I set up Designer to link through the Internet?
It's all network configuration from here. You would create a link to the other device across the WAN, but as I mentioned, you'd need the ports opened on both ends in the gateway.
I'm not even sure, however, if the DoMore can see devices on different subnets.
EDIT: You can configure the subnet mask on the DoMore, so you should be able to see whatever you want, should you choose to do so.
-
I'm not even sure, however, if the DoMore can see devices on different subnets.
The only limitation is that anything requiring broadcast to operate (for instance PEERLINK) will not work outside the subnet.
-
I'm still not understanding how to connect Designer to Do-more over the internet.
Do I change my LAN IP to my WAN IP in the connection link of Designer that is on another network? Will Designer find Do-more?
-
If you can connect, you will have to specify an IP in Designer/NetEdit, and the router on the other end will have to send all that traffic to the the PLC using port forwarding. You won't be able to scan for available ... as you'd be scanning the entirety of the internet.
I think that you should reconsider trying to do this. If you can connect to your device, anybody can. Surely your customer would not want that.
-
Doesn't the password prevent anyone not having it from accessing the PLC?
I have to be able to connect to maintain operator names and passwords when they change without traveling to it.
Is there not any instructions for connecting?
One reason I chose D0-more was internet connectability. Why can't I get it?
I'll see if I can find a phone number.
-
Any device that you intend to access over the Internet either needs to be visible to the Internet with a fixed IP address, or you will have to set up something more exotic like a VPN. With an Internet-facing fixed IP address, it is super simple.
-
Also, ErokC, there are other ways to update specific information in the PLC without fully exposing your PLC to the internet.
First, I typically build in user account admin functionality so the customers can maintain their own accounts.
Or, you could have a local PC that checks an email account for user account information and sends the updates to the PLC (you should probably implement some encryption scheme, not send the account names and passwords in plain text).
OR, maybe the PLC can check the email directly. (BobO, can Do-Mores collect email?)
-
OR, maybe the PLC can check the email directly. (BobO, can Do-Mores collect email?)
Natively? No. For those with the right skills and experience, it is doable. Wouldn't recommend it for most.
-
OK, that's what I suspected. (Might be a viable future feature)
So I think I'd go with one of the other two options: Either build the account maintenance functionality into the app, or have a local PC check an email account for the [encrypted] account updates, decrypt/parse, and forward changes (or the whole enchilada every time) to the PLC.
-
There are three ways to get your PLC visible on the Internet:
1. Port forwarding (http://www.portforward.com) through the router to the ISP. By far the easiest way, but it leaves the PLC vulnerable to the Internet bad guys.
2. Get a static IP address from the ISP to put in the PLC and DMZ the PLC. Not recommended at all.
3. Use a VPN. By far the most secure method and it keeps all the bad guys from poking at the PLC with malicious software.
-
I took my laptop to Subway and was able to connect to the PLC. FINALLY!
Thanks to ADCs tech support I finished setting it up, almost.
All I did was set port forwarding on the router connected to the PLC. Port 0x7070 allows Designer to find the PLC.
I put my WAN IP address in place of the LAN IP in Designer Connection Link for the PLC.
Now I need more security. As mentioned before I connected the PLC to a wireless access point (bridge in infrastructure mode) and it has MAC filtering. It will only allow source MAC addresses I enter to connect. I would think that would create a barrier to unauthorized access.
I need to put in the MAC addresses of the two computers that I use Designer to connect with.
Question, How do I find the MAC addresses for the two PCs? ipconfig doesn't give me MAC.
-
If Physical address = MAC address I've found them in the router. Now to enter one and see if it blocks or not.
-
Well, MAC Filtering not working?
The Access Point allows one computer not listed to connect.
What's up with that? I'll sleep on it.
-
ipconfig /all will give you MAC addresses for each interface.
I would still recommend a VPN or a LogMeIn VPN Remote Desktop, if for no other reason than you can have multiple devices per network, but also for security. As it is, you are limiting all traffic from the WAN to your site on your required ports to just your bridge/PLC combination.