Crimson 3.x Crimson RLOS Devices with Dual Ethernet Ports
Products
CR3000 series HMIs with Dual Ethernet Ports
Graphite series HMIs and Controllers with Dual Ethernet Ports
G3 Panel series HMIs with Dual Ethernet ports or Ethernet option card
DSP, CSMSTR, and PTV with Ethernet option card
Required Software
Crimson Versions C3.0, C3.1, and C3.2
Use Case
Crimson based devices with dual Ethernet ports can be used to connect to two separate networks. This applies to all Crimson devices that are running on the Red Lion Operating System (RLOS). This does not apply to Linux based devices such as the FlexEdge Controller series.
A typical use case is when you have an isolated PLC network and a corporate LAN. You want to connect the HMI to both the PLCs and the network, but do not want the PLCs on the corporate LAN. The dual port systems can connect to both networks at the same time; and keep the PLC traffic off the company network. This enables you to access the Web Server’s Virtual HMI for the Remote View. You can access data logs. You can also connect with any supported protocols and/or services on the company LAN as needed for SCADA system etc.
Basically, you can connect the ports to any two separate network subnets. But you cannot configure both Ethernet ports in the same subnet, or it will result in packet loss. That does not work because any packets that come in on Ethernet 2 would get the response sent out Ethernet 1, because it is in the same subnet. If they are connected to separate networks, which are configured in the same range, the outgoing traffic gets sent out port 1, even if it came in port 2.
Note that we do not support having both ports connected on the same switch/subnet either. The issue here is the Ethernet ports have a different MAC address. If a packet comes in port 2, it gets sent out port 1, but now it is tagged with a different MAC ID, therefore this does not work. There is not any way you can configure both ports to be in the same range. This is not supported.
Gateways and Routing
Another key point is you can only define one default Gateway address on one of the Ethernet ports. You cannot define a gateway address on both ports. If you do need to use multiple gateways on an RLOS based system, this can be done. But you need to use the Static Route Table to define all the gateways, except for the default gateway. You can only have one default gateway defined, which is the gateway you set on one of the Ethernet ports. But if you try to define gateways on both ports, the second gateway will not get used.
The sequence we use for outgoing packets is first we check the destination address to see if it is in the same subnet as either port. If it is, then we send it out at that port directly to that IP address.
If neither port is in the same subnet range, then we check the Static Route table to see if the destination IP address matches any of the defined routes. If it does, we send the packets to that gateway address, with a tag for its final destination.
If none of the static routes match the destination, then we use the "default gateway". The "default gateway” is the Gateway address that you defined directly on one of the ports. But you can only define one of these as the default gateway. If you try to define them both, the second Gateway will not get used.
Static Routing Table
The Routing Table enables you to define up to 6 static routes. These routes will be checked, in the order defined, to see if any routes match the destination IP address. To define a route, you can enter the destination subnet’s base address in the Destination field. Then enter the Subnet Mask for that subnet. In the Gateway field enter the address of the router you want to use. The router must have a valid IP address on one of the two subnets that you are physically connected to on Ethernet 1 or Ethernet 2. This router also needs to be able to get to the final destination IP address through your network.
For example, let’s assume that Ethernet 1 is set to the default IP of 192.168.1.20, and Ethernet 2 is set to the default of 192.168.2.20. Both of these have a default class C mask of 255.255.255.0. On Ethernet 1 you defined 192.168.1.1 as the default Gateway.
The issue is you need to connect to a PLC at 10.10.10.123. The default gateway defined on Ethernet 1 cannot actually reach it. You need to use a gateway on Ethernet 2’s subnet at IP address 192.168.2.1, which can connect to your target destination. The problem is this doesn’t work if you define this gateway on the Ethernet 2 port, because you already have a gateway defined on Ethernet 1 which is your default gateway.
What you need to do is define a static route for the target destination. To do that, in the Network section click on the Routing tab, then click on the link Edit Routing Table. In the Destination field, enter the target subnet’s base address. In this example, the target IP for the PLC is 10.10.10.123, and the Mask on that subnet is 255.255.255.0. That means the base address for that subnet is 10.10.10.0, with a usable host IP range between 10.10.10.1 and 10.10.10.254, which covers the target IP for that PLC. Therefore you would enter 10.10.10.0 as the Destination, 255.255.255.0 for the Mask, and 192.168.2.1 as the Gateway.
Note: Do not enable that Routing Mode | IP Routing option, unless you actually want to enable the HMI to act as a router between these two networks. If you enable that, then it allows all traffic between these two networks, which may not be desirable. If you leave this option disabled, then the only traffic we will allow between Ethernet 1 and Ethernet 2 is what you have explicitly defined in communications protocols. All other traffic would be blocked.
Attached is a sample file for then example described.
Disclaimer
It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of this document is at your own risk. Red Lion standard product warranty applies.
Red Lion Technical Support
If you have any questions or need assistance, you can contact Red Lion Technical Support by clicking here or calling 1-877-432-9908.