Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

Register Log in
  • Congratulations waross on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

hide IP addresses

Status
Not open for further replies.
RyreInc

RyreInc

Electrical
Apr 7, 2011
205
0
16
US
Not sure if this is the right location for this, or if there is an appropriate forum on this site... I'm pretty new to industrial networking concepts, if there's a better forum or site for this let me know!

I have a machine that uses 2 IP addresses (PLC and HMI) to communicate. These come into an unmanaged switch which also connects these devices to the plant network. The customer wants to see only one IP on their network though. Initially we thought a managed switch would do the trick, but it looks like even if communication is prevented the blocked IP will still be visible to the network. Speaking with a technical expert at one of our vendors pointed us to a Hirschmann EAGLE One, which will work, but has a lot of features we will not utilize, and is pretty expensive.

Are there any other options out there to hide an IP address from one device (the network) while allowing communication with another device?
 
Replies continue below

Recommended for you

Sort by date Sort by votes
Maybe put a cheap router between your machine and the network. Then turn on its IP filtering and or DMZ permissions to allow the rest of the network to only reach the one IP.

I'd ask this question in Eng-Tips sister site Tek-Tips. Bunch of very smart computer nerds there.

Keith Cress
kcress -
 
Upvote 0 Downvote
Thanks Keith, I posed the question over there, we'll see how they respond. In the meantime, anyone one else feel free to chime in!
 
Upvote 0 Downvote
Could you elaborate a little on the network nodes? When you say machine "uses" 2 addresses, do you mean it has 2 addresses or it communicates with 2 other nodes? Are the two addresses on one node (ie. one MAC address with 2 IP addresses) or are they two different nodes? If the machine needs to communicate with these two addresses, how do you suppose it will communicate if one is hidden? I'm sure I'm missing something, but as it stands it sounds like you're asking how to prevent the machine from working...
 
Upvote 0 Downvote
LiteYear, you reveal my ignorance on the issue! [smile]

The machine has two nodes, two addresses. These need to communicate with each other, and do so currently through an unmanaged switch. When the system is then attached to the network only one of the two IP addresses should be visible.

So the two nodes need to communicate with each other, but only one of the nodes is visible and can communicate with the outside network.
 
Upvote 0 Downvote
The only way to do this is to use either a router or a firewall. I do not believe that it can be done with a managed switch. The reason being is that IP addresses are layer 3 while managed and unmanaged switches are layer 2 (for the most part). The router would probably be the least expensive route.
 
Upvote 0 Downvote
Ah, gotcha, then yes I concur with the other suggestions.

I think the neatest way would be to have a simple dedicated router that the two nodes plug in to so they can talk to each other. The uplink port of the router would be connected to the switch. The router could be configured to be a "transparent bridge" for the node you want visible. That means that as far as the visible node and all the nodes on the wider network are concerned, there's only one network. Quietly though, the router is forwarding packets back and forth for the visible node.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DM2
  • Locked
  • Question
Problem Connecting with MODSCAN64 via TCP/IP
Replies
1
Views
36
thebard3
thebard3
rotw
  • Locked
  • Question
Simulation of Modbus TCP/IP - Small Program for Fetching Data
Replies
16
Views
17
LionelHutz
LionelHutz
Back
Top