Deriving IP addresses
Your specific security context determines the network structure and also the IP addresses. To assign the IP addresses that are suitable for you, you must derive them from your security context.
The following is an example security context that you must adapt to your application.
.png)
Zone segmentation IP address spaces:
| No. | Zone segments | IP address spaces | Subnetmask |
| 1 | System integrity | 172.16.10.0/28 | 255.255.255.240 |
| 2 | Manufacturing Zone Management & Control | 172.16.20.0/24 | 255.255.255.0 |
| 3 | Machine | 172.16.30.0/26 | 255.255.255.192 |
| 4 | Production line 1 | 172.16.40.0/24 | 255.255.255.0 |
| 5 | Production line 2 | 172.16.50.0/24 | 255.255.255.0 |
1 System integrity: 172.16.10.0/28, Subnetmask 255.255.255.240:
| No. | Zone segment | IP address |
| 1.1 | IT firewall network segmentation Manufacturing Zone Management & Control | 172.16.10.10 |
| 1.2 | AXC F 2152 network segmentation AXC F 2152 left pluggable Ethernet connection | 172.16.10.30 |
| 1.3 | mGuard RS 4000 network segmentation firewall and VPN | 172.16.10.40 |
| 1.4 | mGuard 1102 network segmentation firewall | 172.16.10.50 |
2 Manufacturing Zone Management & Control: 172.16.20.0/24, Subnetmask 255.255.255.0:
| No. | Zone segment | IP address |
| 2.1 | SCADA/MES | 172.16.20.60 |
| 2.2 | Engineering Station | 172.16.20.100 |
| 2.3 | Edge Device EPC 1522 Device and Patchmanagement | 172.16.20.50 |
| 2.4 | Time Server FL TIMESERVER NTP | 172.16.20.40 |
3 Machine: 172.16.30.0/26, Subnetmask 255.255.255.192:
| No. | Zone segment | IP address |
| 3.1 | AXC F 2152 CPU Ethernet interface | 172.16.30.10 |
| 3.2 | HMI Touch-Panel - TP 6070-WVPS | 172.16.30.20 |
| 3.3 | Buscoupler AXL F BK PN TPS with Smart IOs | 172.16.30.30 |
4 Production line 1: 172.16.40.0/24,Subnetmask 255.255.255.0:
| No. | Zone segment | IP address |
| 4.1 | mGuard RS 4000 Local IP Address | 172.16.40.5 |
| 4.2 | AXC F 2152 CPU ethernet interface | 172.16.40.10 |
| 4.3 | HMI Touch-Panel - TP 6070-WVPS | 172.16.40.20 |
| 4.4 | AXC F 2152 CPU ethernet interface | 172.16.40.11 |
| 4.5 | Buscoupler AXL F BK PN TPS with Smart IOs | 172.16.40.30 |
5 Production line 2: 172.16.50.0/24,Subnetmask 255.255.255.0:
| No. | Zone segment | IP address |
| 5.1 | mGuard 1102 Local IP Address | 172.16.50.5 |
| 5.2 | AXC F 2152 CPU ethernet interface | 172.16.50.10 |
| 5.3 | HMI Touch-Panel - TP 6070-WVPS | 172.16.50.20 |
| 5.4 | AXC F 2152 CPU ethernet interface | 172.16.50.11 |
| 5.5 | Buscoupler AXL F BK PN TPS with Smart IOs | 172.16.50.30 |
- First, define a network definition. This is reflected in the first 24 bits of the IP addresses (in the example: 172.16.xx.xxx). Bits 25 to 32 are reserved for the local devices.
- The Engineering Station (where the PLCnext Engineer is located) has the IP address 172.16.20.100 (255.255.255.0).
- The Machine Level is configured so that access from the Manufacturing Zone to the Machine Level is via the Ethernet interface of the extension module.
- The extension module is assigned the IP address 172.16.10.30. The IP address of the PLCnext Control is 172.16.30.10 (255.255.255.240).
For more information about the zones of the security context, refer to the topic Generic Security Concept .
• Published/reviewed: 2023-11-02 • Revision 011 •