HELP, my head is spinning in the Ethernet!

[Controls Guy]

Also, ErokC, there are other ways to update specific information in the PLC without fully exposing your PLC to the internet.

First, I typically build in user account admin functionality so the customers can maintain their own accounts.

Or, you could have a local PC that checks an email account for user account information and sends the updates to the PLC (you should probably implement some encryption scheme, not send the account names and passwords in plain text).

OR, maybe the PLC can check the email directly.  (BobO, can Do-Mores collect email?)

[BobO]

OR, maybe the PLC can check the email directly.  (BobO, can Do-Mores collect email?)

Natively? No. For those with the right skills and experience, it is doable. Wouldn't recommend it for most.

[Controls Guy]

OK, that's what I suspected.  (Might be a viable future feature)

So I think I'd go with one of the other two options:  Either build the account maintenance functionality into the app, or have a local PC check an email account for the [encrypted] account updates, decrypt/parse, and forward changes (or the whole enchilada every time) to the PLC.

[rlp122]

There are three ways to get your PLC visible on the Internet:

1. Port forwarding through the router to the ISP.  By far the easiest way, but it leaves the PLC vulnerable to the Internet bad guys. 

2. Get a static IP address from the ISP to put in the PLC and DMZ the PLC.  Not recommended at all.

3. Use a VPN.  By far the most secure method and it keeps all the bad guys from poking at the PLC with malicious software.

[ERokc]

I took my laptop to Subway and was able to connect to the PLC.  FINALLY!
Thanks to ADCs tech support I finished setting it up, almost.

All I did was set port forwarding on the router connected to the PLC. Port 0x7070 allows Designer to find the PLC.
I put my WAN IP address in place of the LAN IP in Designer Connection Link for the PLC.

Now I need more security. As mentioned before I connected the PLC to a wireless access point (bridge in infrastructure mode) and it has MAC filtering. It will only allow source MAC addresses I enter to connect. I would think that would create a barrier to unauthorized access.

I need to put in the MAC addresses of the two computers that I use Designer to connect with.

Question, How do I find the MAC addresses for the two PCs? ipconfig doesn't give me MAC.

[ERokc]

If Physical address = MAC address I've found them in the router. Now to enter one and see if it blocks or not.

[ERokc]

Well, MAC Filtering not working?
The Access Point allows one computer not listed to connect.
What's up with that?  I'll sleep on it.

[CReese]

ipconfig /all will give you MAC addresses for each interface.

I would still recommend a VPN or a LogMeIn VPN Remote Desktop, if for no other reason than you can have multiple devices per network, but also for security. As it is, you are limiting all traffic from the WAN to your site on your required ports to just your bridge/PLC combination.