Deriving IP addresses 

Your specific security context determines the network structure and also the IP addresses. To assign the IP addresses that are suitable for you, you must derive them from your security context.

The following is an example security context that you must adapt to your application.

 

Zone segmentation IP address spaces:

No.  Zone segments IP address spaces Subnetmask
1 System integrity 172.16.10.0/28  255.255.255.240
2 Manufacturing Zone Management & Control 172.16.20.0/24 255.255.255.0
3 Machine 172.16.30.0/26 255.255.255.192
4 Production line 1 172.16.40.0/24  255.255.255.0
5 Production line 2 172.16.50.0/24  255.255.255.0

 

1 System integrity: 172.16.10.0/28,  Subnetmask 255.255.255.240:

No.  Zone segment IP address
1.1 IT firewall network segmentation Manufacturing Zone Management & Control 172.16.10.10
1.2 AXC F 2152 network segmentation AXC F 2152 left pluggable Ethernet connection  172.16.10.30
1.3 mGuard RS 4000 network segmentation firewall and VPN 172.16.10.40
1.4 mGuard 1102 network segmentation firewall 172.16.10.50

 

Manufacturing Zone Management & Control: 172.16.20.0/24,  Subnetmask 255.255.255.0:

No.  Zone segment IP address
2.1 SCADA/MES 172.16.20.60
2.2 Engineering Station 172.16.20.100
2.3 Edge Device EPC 1522 Device and Patchmanagement 172.16.20.50
2.4 Time Server FL TIMESERVER NTP 172.16.20.40

 

Machine: 172.16.30.0/26,  Subnetmask 255.255.255.192:

No.  Zone segment IP address
3.1 AXC F 2152 CPU Ethernet interface 172.16.30.10
3.2 HMI Touch-Panel - TP 6070-WVPS 172.16.30.20
3.3 Buscoupler AXL F BK PN TPS with Smart IOs 172.16.30.30

 

4 Production line 1: 172.16.40.0/24,Subnetmask 255.255.255.0:

No.  Zone segment IP address
4.1 mGuard RS 4000 Local IP Address 172.16.40.5
4.2 AXC F 2152 CPU ethernet interface 172.16.40.10
4.3 HMI Touch-Panel - TP 6070-WVPS 172.16.40.20
4.4 AXC F 2152 CPU ethernet interface 172.16.40.11
4.5 Buscoupler AXL F BK PN TPS with Smart IOs 172.16.40.30

 

Production line 2: 172.16.50.0/24,Subnetmask 255.255.255.0:

No.  Zone segment IP address
5.1 mGuard 1102 Local IP Address 172.16.50.5
5.2 AXC F 2152 CPU ethernet interface 172.16.50.10
5.3 HMI Touch-Panel - TP 6070-WVPS 172.16.50.20
5.4 AXC F 2152 CPU ethernet interface 172.16.50.11
5.5 Buscoupler AXL F BK PN TPS with Smart IOs 172.16.50.30

 

  • First, define a network definition. This is reflected in the first 24 bits of the IP addresses (in the example: 172.16.xx.xxx). Bits 25 to 32 are reserved for the local devices.
  • The Engineering Station (where the PLCnext Engineer is located) has the IP address 172.16.20.100 (255.255.255.0).
  • The Machine Level is configured so that access from the Manufacturing Zone to the Machine Level is via the Ethernet interface of the extension module.
  • The extension module is assigned the IP address 172.16.10.30. The IP address of the PLCnext Control is 172.16.30.10 (255.255.255.240).


For more information about the zones of the security context, refer to the topic Generic Security Concept .

 

 

 

 


•  Web browser recommendation: Chrome, Firefox 78 or newer, Edge 88 or newer, or Safari • 
• Published/reviewed: 2023-01-13 • Revision 005 •