Escolar Documentos
Profissional Documentos
Cultura Documentos
This documentation, whether illustrative, printed, online or electronic (hereinafter Documentation) is intended for use only as a
learning aid when using Rockwell Automation approved demonstration hardware, software and firmware. The Documentation
should only be used as a learning tool by qualified professionals.
The variety of uses for the hardware, software and firmware (hereinafter Products) described in this Documentation, mandates
that those responsible for the application and use of those Products must satisfy themselves that all necessary steps have been
taken to ensure that each application and actual use meets all performance and safety requirements, including any applicable
laws, regulations, codes and standards in addition to any applicable technical documents.
In no event will Rockwell Automation, Inc., or any of its affiliate or subsidiary companies (hereinafter Rockwell Automation) be
responsible or liable for any indirect or consequential damages resulting from the use or application of the Products described
in this Documentation. Rockwell Automation does not assume responsibility or liability for damages of any kind based on the
alleged use of, or reliance on, this Documentation.
No patent liability is assumed by Rockwell Automation with respect to use of information, circuits, equipment, or
software described in the Documentation.
Except as specifically agreed in writing as part of a maintenance or support contract, equipment users are responsible for:
properly using, calibrating, operating, monitoring and maintaining all Products consistent with all Rockwell
Automation or third-party provided instructions, warnings, recommendations and documentation;
ensuring that only properly trained personnel use, operate and maintain the Products at all times;
staying informed of all Product updates and alerts and implementing all updates and fixes; and
all other factors affecting the Products that are outside of the direct control of Rockwell Automation.
Reproduction of the contents of the Documentation, in whole or in part, without written permission of Rockwell Automation
is prohibited.
Throughout this manual we use the following notes to make you aware of safety considerations:
Identifies information about practices or circumstances that can cause an explosion in a hazardous
environment, which may lead to personal injury or death, property damage, or economic loss.
Identifies information that is critical for successful application and understanding of the product.
Identifies information about practices or circumstances that can lead to personal injury or death, property
damage, or economic loss. Attentions help you:
identify a hazard
avoid a hazard
recognize the consequence
Labels may be located on or inside the drive to alert people that dangerous voltage may be present.
Labels may be located on or inside the drive to alert people that surfaces may be dangerous temperatures.
About This Lab
Welcome to the Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Architectures Lab. The Stratix
5700 and Stratix 8000 are Rockwell Automation managed Ethernet switches that utilize Cisco technology and offer the best of
both worlds. These switches offer the Best of Cisco and the Best of Allen-Bradley.
The Stratix family of switches utilizes the Cisco Catalyst switch architecture and feature set, leveraging powerful configuration
tools, to provide secure integration with the enterprise network while at the same time supporting a familiar structure for IT
professionals.
Both the Stratix 5700 and 8000 Switches allow for easy setup and comprehensive diagnostics from within the Rockwell
Automation Integrated Architecture. These switches can be configured using Studio 5000 programming software. They also
automatically generate Logix tags for integrated diagnostics and include FactoryTalk View faceplates for status monitoring and
alarming. Together these features provide for an easy integration of networking devices into control and automation
architectures.
This lab covers a variety of advanced techniques, best practices, software packages, and products using EtherNet/IP. It will
demonstrate Network Address Translation (NAT) in Layer 2 as well as Layer 3 architectures, Virtual LAN (VLAN) segmentation,
and Connected Routing. A prior understanding of general Ethernet concepts, including switching and routing is recommended.
It is also recommended (but not required) to complete Applying Basic EtherNet/IP Features in Converged Plant-wide Ethernet
Architectures lab before starting this lab.
3 of 59
About Stratix 5700
In this lab, we will introduce you to the Stratix 5700 Ethernet managed switch with Cisco technology. The Stratix 5700
Managed Ethernet Switch is equipped with up to 20 ports that can include standard 10/100Mbps copper ports,
10/100/1000Mbps copper ports (optional), and SFP (Small Form factor Pluggable) fiber optic ports (optional).
There are two power connectors on the top right of the switch. You can connect the switch to two separate 24VDC
power sources for redundancy.
Additional connectors on the bottom right provide hardwired contacts for major and minor alarms.
The Express Setup button is located on the top. Express Setup allows you to easily configure the switch for
EtherNet/IP networks.
The Console ports on the top (RJ-45 or USB connector) allow direct access to the switch via Ciscos Command Line
Interface (CLI).
The Secure Digital (SD) card slot is located in the bottom. The optional SD card allows you to simplify device
replacement by storing switch configuration and firmware.
The Stratix 5700 can be managed via the Device Manager Web interface for configuration, troubleshooting and monitoring.
Using this software, real-time information can be viewed. In addition to the Device Manager, the switch can also be managed via
the Studio 5000 environment after Express Setup on the switch is complete.
The advanced features of the Stratix 5700 switch that are covered in this lab include Virtual LAN (VLAN) and Network
Address Translation (NAT).
A complete description of the hardware and software features of the Stratix 5700 switch can be found in the
Stratix Managed Switches User Manual (Publication 1783-UM007).
4 of 59
About Stratix 8000
In this lab, we will also use the Stratix 8000 Ethernet managed switch with Cisco technology. The Stratix 8000 Managed
Ethernet Switch is a modular switch that can be expanded up to 26 ports with the use of expansion modules.
There are two 24VDC power connectors on the top left of the switch. Additional connections on the power connectors
provide hardwired contacts for major and minor alarms.
The Express Setup button is located below the power connections. Express Setup allows you to easily configure the
switch for EtherNet/IP networks.
The Console port on the left (RJ-45 connector) allows direct access to the switch via Ciscos Command Line Interface
(CLI).
The CompactFlash card slot is located in the bottom. The flash card stores the switch configuration and firmware and
can be used for quick hardware replacement.
The Stratix 8000 can be managed via the Device Manager Web interface for configuration, troubleshooting and monitoring.
Using this software, real-time information can be viewed. In addition to the Device Manager, the switch can also be managed via
the Studio 5000 environment after Express Setup on the switch is complete.
The advanced features of the Stratix 8000 switch that are covered in this lab include Virtual LAN (VLAN), Dynamic Host
Configuration Protocol (DHCP) and Connected Routing.
A complete description of the hardware and software features of the Stratix 8000 switch can be found in the
Stratix Managed Switches User Manual (Publication 1783-UM007).
5 of 59
Before You Begin
Instructor Information
The Instructor Information outlines the setting up, resetting and troubleshooting the Lab. Please refer to Appendix A in the back
of the Lab Manual for additional Instructor Information.
Hardware
6 of 59
Connecting your Lab Station
Look at the lab diagram below. This system is comprised of two ControlLogix controllers, a Stratix 8000 and Stratix 5700,
Point I/O, ETAP, ArmorBlock I/O and a computer.
The top ControlLogix chassis is called Machine Controller in the lab. It has two Ethernet modules the module in slot 1
is connected to the Stratix 5700 switch, the module in slot 3 is connected to the Device Level Ring.
The bottom ControlLogix chassis is called Line Controller in the lab. The Ethernet module in slot 1 is connected to the
Stratix 8000 switch.
We have already made the connections for you. Note that numbers on the cables in the demo box may not match
numbers on the diagram.
7 of 59
Lab 1: Network Address Translation (NAT) in a Layer 2 Architecture
Introduction
Machine or process skid integration into a plants network can be difficult for several reasons. OEMs IP-address
assignments rarely match those of the end-users addresses, and network IP addresses are generally unknown until
the machine is being installed adding cost and time to the commissioning of the equipment. Multiple machines with
identical IP address schemes may create duplicate address issues. In some cases, there may be not enough free IP
addresses in the plant network to accommodate all new devices.
Network Address Translation (NAT) may help to solve these problems. NAT in the Allen-Bradley Stratix 5700 switch
is a hardware implementation that provides high performance wire speed translations and allows for:
Simplified IP-address mapping between machine-level IP addresses to the end users plant IP addresses
Commissioning of standard cookie cutter machines to end users without reprogramming IP addresses
Easier machine maintenance because machine configuration and controller programs remain standard
The Stratix 5700 switch with NAT technology also allows users to isolate some of the machine traffic by determining
which devices should be exposed to the larger network via NAT translation. Limiting access only to certain devices
can help optimize network performance at the local level.
8 of 59
Lab 1 Scenario
We want to add several machines to our current architecture with a single VLAN and no Layer 3 switch. Each
machine will have identical equipment and network layout. In order for us to have the same IP addressing for all
additional machines we will need to implement NAT.
Each demo box has a Line controller for supervisory control and a Machine controller for machine level operation.
We want to keep existing IP addresses on the machine and maintain only one Studio 5000 program for all machines
instead of having to reconfigure every device on each machine with new IP addresses. We will have to configure
NAT in the Stratix 5700 such that devices with existing Private IP addresses will be assigned a unique Public
address. We will also have to configure NAT to translate Public IP addresses, such as the Line controller and the PC,
to unique Private IP addresses.
The NAT and IP address configuration for Lab 1 is shown in the diagram below.
For the purposes of this lab, the upper ControlLogix chassis in your demo box represents the Machine
controller and the lower chassis represents the Line controller.
Note: NAT devices may use words such as "public" or outside to identify larger (i.e. plant-wide) network
with unique IP addressing scheme, and "private" or inside to describe smaller (i.e. machine-level) networks
with reusable IP addresses. The Stratix 5700 switch uses public / private terminology in the Device Manager.
9 of 59
Configuring NAT in the Stratix 5700 using the Device Manager Interface
First we will connect our PC to the machine level Stratix 5700 switch that has an IP Address of 192.168.1.2 and
configure NAT on this switch. The IP address of the PC is currently 192.168.1.30.
Because the 5700 switch has not been configured to do NAT yet, we cannot access the machine network
192.168.1.x from the line level switch (Stratix 8000) which operates in the 10.10.10.x IP subnet.
10 of 59
3. Click Details. Verify that the IP address is set to 192.168.1.30. Close the open windows.
11 of 59
4. Now, lets open the Device Manager Interface for the Stratix 5700 switch by launching Internet Explorer icon
on taskbar
5. Type the IP address 192.168.1.2 of the Stratix 5700 in the address bar and press Enter.
6. In the authentication box shown below, leave username blank and type rockwell (all lowercase, no
quotes) as the password.
12 of 59
7. You are now in the Stratix 5700 Device Manager. Go to the Configure menu and then click on NAT.
8. You will configure your NAT Instances on this page. Click the Add button.
13 of 59
9. The Add / Edit NAT Instance configuration window will appear. This is where the NAT translations for the
instance and other parameters are entered.
Next we need to select what interfaces and VLANs we are assigning to this instance.
14 of 59
8. In this lab we are using VLAN 10 and interface Gi1/1. Leave VLAN 10 checked and deselect all others.
9. Click the Add Row button in the Private to Public section. We are going to enter our Private to Public
translations first in the General tab. Make sure you click Save after each pair of addresses.
15 of 59
10. In the Private IP Address field and in the Public IP Address field, type the addresses shown in the table
above. Use type Single for each translation. Click Save after each pair of addresses. Click Add Row to
enter a new pair. See the table below for translations.
16 of 59
11. Now click on the Public to Private tab and enter the translations for Public devices as shown in the table.
We entered translations for one IP address at a time (Single translation type). You can also select a Range
type to translate a number of consecutive IP addresses, or a Subnet type to translate the whole IP subnet.
12. Click Submit to finalize the configuration and close the Device Manager.
17 of 59
Verifying NAT operation
13. After NAT is configured, we now want to connect our PC at the line (supervisory) level to the Stratix 8000
and change our PCs IP Address to the line network address of 10.10.10.30.
Remove the PC cable from Stratix 5700 Fa1/1. Connect the PC cable to Stratix 8000 Fa1/2 (lower switch).
14. Double-click on the Local Area Connection shortcut on the desktop and click on the Properties.
Select the IPv4 item and click Properties.
18 of 59
15. Change the PCs address to 10.10.10.30 and the local gateway address to 10.10.10.1.
16. Click OK and Close for both open windows to apply IP address changes.
Since we configured NAT on the Stratix 5700, we can now communicate with the machine network while
being connected to the line network (Stratix 8000).
17. Verify that the NAT configuration is working by opening Device Manager for the Stratix 5700. The address
we will now have to use to access the Stratix 5700 is the translated IP address of 10.10.10.2.
19 of 59
18. Once again you will be prompted to enter the authentication credentials in the box shown below, leave
username blank and type rockwell (all lowercase, no quotes) as the password. (Same as before)
19. By being able to access the switch from the translated address and from the Device Manager Dashboard
we can see the NAT Instances are being applied.
20 of 59
20. We can also check the NAT instances are working by clicking the Monitor tab and then selecting NAT
Statistics
21 of 59
Verifying EtherNet/IP Communication through NAT
Now with the NAT instances configured and working we are ready to download the programs to the Line
and Machine controllers.
21. Open the Logix Files folder by using the shortcut on the desktop. Open Bottom_CLX_Line_Lab1.ACD file
to download the program to the Line controller (bottom chassis). Make sure that you select the right file
(Line_Lab1).
22. Click on the Who Active button. Expand the VLAN10 Ethernet driver. Browse to the Line processor
10.10.10.20, slot 0 and click Download.
22 of 59
23. Click Download.
25. If a pop-up window did not appear and ask to go to the Run Mode, click the drop-down in the online bar and
select Run Mode.
23 of 59
Now we are ready to download the program to the Machine controller (top chassis).
26. Open the Logix Files folder by using the shortcut on the desktop. Open Top_CLX_Machine_Lab1.ACD file
to download the program to the Machine controller (top chassis). Make sure that you select the right file
(Machine_Lab1).
27. Click on the Who Active button. Expand the VLAN10 Ethernet driver. Browse to the Machine processor
10.10.10.3, slot 0 and click Download.
24 of 59
28. Click Download. Click Yes to change the controller to Remote Run mode.
29. If a pop-up window did not appear and ask to go to the Run Mode, click the drop-down in the online bar and
select Run Mode.
30. Once downloaded, the Line_Control tag data will be received via the Produced Consumed connection
between the Line and Machine Controllers.
Go to the Main routine in the Main program, rung 0. If the Produced Consumed connection is established,
the program makes the Point I/O outputs on the demo case to blink on and off, proving and illustrating the
communication through a NAT boundary.
25 of 59
31. Go to the Machine program I/O tree, right-click on the Local EN2TR 1756-EN2TR module in slot 1 and
click Properties.
Note that we had to use the public (outside) IP address 10.10.10.3 of the EN2TR when downloading to the
Machine controller since the PC was connected to the outside network (the Stratix 8000 switch). However,
the EN2TR module in the Machine program is configured with the actual IP address of 192.168.1.3.
26 of 59
32. Open the Properties window of the RemoteEN2TR 1756-EN2TR module on the Ethernet network.
The IP address of the remote (Line) module is configured as 192.168.1.20 in the Machine program. The
actual address of the module is 10.10.10.20 since it is located on the Public (Outside) network.
27 of 59
33. Click on the RSLinx Classic shortcut on the desktop and open the RSWho window. Expand the
VLAN10 Ethernet driver. Remember that we are browsing from the PC on the Public network 10.10.10.0:
The RSLinx Classic application shows both the actual (untranslated) and translated addresses for
the EN2TR modules in the Machine chassis because we added them to the NAT table.
We do NOT see other devices on the Machine network, for example the POINT I/O adapter, in
RSLinx since we did not configure translations for it.
We only see the real IP addresses of the Stratix 8000 switch (10.10.10.1) and the Line controller
module (10.10.10.20) since the PC is on the same network with these devices.
28 of 59
34. Start the FactoryTalk View SE Client application by clicking on the desktop shortcut. It may take
about a minute to load. The HMI application shows the overall network status. Make sure all connections
are green.
29 of 59
Lab 2: VLAN Segmentation, Connected Routing and Network Address Translation (NAT) for a Layer
3 Architecture.
Introduction
In the previous lab, we reviewed NAT in a Layer 2 architecture without VLAN segmentation and routing. Such
architecture may be appropriate for a very small network, but quickly becomes insufficient as the network grows.
Using NAT in a single VLAN architecture provides some level of segmentation by isolating untranslated devices
behind the NAT boundary. However, this method does not provide full segmentation since broadcast traffic would still
propagate across the network.
Larger production systems require hierarchal network design that include Layer 3 distribution switches to provide
VLAN segmentation and routing. Adding NAT into such network allows us to integrate multiple machines or skids
with identical IP addresses while providing VLAN segmentation for each machine.
30 of 59
Lab 2 Scenario
We want to add several machines to our current network. Each machine will have identical equipment and network
layout. In order for us to have the same IP addressing for all the additional machines we will still need to implement
NAT.
This time, we do not want to have a Layer 2 architecture and to create one big flat network with a single VLAN. We
will add network segmentation by using multiple VLANs and inter-VLAN routing in our new design. The desired
architecture is shown in the diagram below.
For the purposes of this lab, the upper ControlLogix chassis in your demo box represents the Machine
controller and the lower chassis represents the Line controller.
31 of 59
In order for this architecture to work, we will need to configure Connected Routing in the Stratix 8000 which enables
devices on any VLAN to communicate with each other if they use the switch as their default gateway.
First, we will create VLANs and assign them to the appropriate ports on the Stratix 8000 switch.
Then we will enable Connected Routing to be able to communicate between VLANs.
Finally, we will re-configure the previous NAT configuration in the Stratix 5700 switch for the new Layer 3
architecture.
The Line Controller will be configured on VLAN 20 and the PC will be configured to VLAN 30. The Machine devices
private IP addresses will be translated to the configured VLAN 10 addresses.
Instead of using a Public-to-Private translation for every device in the Public network, we will create a gateway
translation for the IP address of the Stratix 8000 switch in VLAN 10.
Ports that connect the switches are configured in the VLAN trunk mode. This means that Ethernet frames will
be tagged with a corresponding VLAN number when going out of these ports. Trunking allows switches to
send data from multiple VLANs over the same link while still maintaining segmentation between VLANs.
The new configuration will allow communication (produce/consume tags) between the two controllers (Line and
Machine) that will trigger the I/O lights to turn ON.
32 of 59
Configuring VLANs and Connected Routing
3. In the authentication box shown below, leave username blank and type rockwell (all lowercase, no
quotes) as the password.
4. You are now in the Stratix 8000 Device Manager. In the Stratix 8000, we will create multiple VLANs to
segment our network and we will also configure Connected Routing.
33 of 59
5. Expand the Configure tab and select VLAN Management.
6. In VLAN Management, you will see that VLAN 10 and VLAN 20 are already created. We used VLAN 10 for
the previous lab and VLAN 20 was created in advance. We will be creating VLAN 30 for the PC and HMI
application.
To create the VLAN 30, click the Add button.
34 of 59
7. To create a VLAN, you must give it a name and unique ID number. You can always modify the name of the
VLAN but not its number.
Enter a VLAN ID of 30, Name of VLAN30, select IP Assignment Mode to Static with an IP address of
10.10.30.1 and click OK to create the new VLAN.
Since we are configuring a VLAN on the Layer 3 switch, we need to assign an IP address to the Switch
VLAN Interface (SVI). This IP address will be the default gateway address for devices on that VLAN.
8. After creating the VLAN, we need to assign a port to our new VLAN. Before assigning the port, we will verify
that the port has the appropriate configuration (port role).
Expand the Configure tab and select Smartports.
35 of 59
9. Select port Fa1/6 and verify that it is set to Virtual Desktop for Automation. If not, select the role from the
list and click Save.
Virtual Desktop for Automation smartport optimizes port parameters for a PC connection and allows two
MAC addresses (one for a physical NIC, one for a VM). For information about smartports, see Stratix
Managed Switches User Manual (Publication 1783-UM007).
36 of 59
11. Port Fa1/6 is currently configured for the default VLAN 1. Select port Fa1/6 and click Edit.
12. Verify that the Administrative Mode is set to Access and change the Access VLAN to VLAN30-30. Click
OK to save configuration.
37 of 59
Before changing our PC IP address and moving it to the VLAN30 network, we will need to setup up
Connected Routing.
13. To enable connected routing, the Switch Management Database (SDM) template should be set as Lanbase
Routing. The SDM templates optimize how switch memory is allocated for specific features.
Go to the Admin Menu and select SDM-Template.
38 of 59
15. From the Configure menu, choose Routing.
16. To enable connected routing, check Enable Routing and click Submit. Leave the gateway address field
blank.
17. Click Yes at the pop-up window. The gateway address specifies the next-hop router for the default route out
of the Layer 3 switch. Since our Stratix 8000 switch is not connected to a larger network, we do not need to
provide a gateway address.
39 of 59
By enabling Connected Routing on the switch, we allow communication between devices on all VLANs.
These devices should use the switch as their default gateway. To restrict inter-VLAN communication for
certain devices, you can configure access control lists (ACLs) in the CLI.
Stratix 5700 with Full software option also supports Connected Routing.
With routing enabled, we can now move our PC to VLAN 30 and the Line controller to VLAN 20.
18. Change the IP address of the PC to 10.10.30.30 and the gateway to 10.10.30.1. Make sure that the third
octet is set to 30.
40 of 59
20. Plug the PC cable into the Stratix 8000 port Fa1/6, which we configured for VLAN30 in the previous steps.
21. Verify that the Connected Routing is working by first accessing Device Manager for the Stratix 8000 using
the 10.10.10.1 address.
22. Next try to ping the Line controller. Open the Command Prompt by clicking on the desktop shortcut
and type ping 10.10.10.20.
At this point, the Line controller is still on VLAN 10 with an IP address of 10.10.10.20. We will move the Line
controller to VLAN 20 in the next step.
41 of 59
The VLAN 20 was already preconfigured for this lab. The port Fa1/4 is configured for VLAN 20. The Line
Controllers 1756-EN2TR module is set to DHCP mode (bottom chassis, slot 1).
The Stratix 8000 switch is configured with the DHCP Persistence feature that will assign an IP address in
the corresponding VLAN based on the port where a device is plugged in.
23. In the Stratix 8000 Device manager, select Configure DHCP and click on the DHCP Persistence tab. As
you see, the DHCP server on the switch is configured to assign the 10.10.20.20 address on Fa1/4 interface.
24. From the Configure menu, select Port Settings. Here we see that port Fa1/4 is in the VLAN 20.
42 of 59
25. Remove the Line Controllers cable from the Stratix 8000 port Fa1/3 and plug it into Fa1/4.
Line Controller
(bottom chassis)
26. In order for DHCP to assign the new address of 10.10.20.20 to the Line controller, the 1756-EN2TR will
have to be power cycled after changing the connected port.
Open the power supply door of the bottom chassis and flip the switch off and on to power cycle the chassis
(alternatively, you can pull out and reset the EN2TR module in the chassis). Watching the display on the
EN2TR, you will see that it receives the new IP address of 10.10.20.20.
27. To verify the result, ping the new IP address 10.10.20.20.
We now are able to communicate between the PC in VLAN 30 and the Line Controller in VLAN 20.
43 of 59
Configuring NAT for the Layer 3 Architecture
We have not yet configured the NAT instance for the Layer 3 architecture we just created. At this point, we are still
using the NAT instance from the previous lab for a single VLAN network.
We will need to edit the current NAT instance in the Stratix 5700 by removing the Public to Private translations and
by adding a gateway translation.
To configure NAT, you create one or more unique NAT instances. In a typical implementation, only one
instance is required. A NAT instance contains entries that define each address translation, as well as other
configuration parameters.
The translations you define depend on whether traffic is routed through a Layer 3 switch / router or not.
If traffic is routed through a Layer 3 switch or router (Layer 3 architecture), you define the following:
A private-to-public translation for each device on the private subnet that needs to communicate on the
public subnet.
A gateway translation for the Layer 3 switch or router.
In a Layer 3 architecture, you do not need to provide translations for all devices on the public subnet that
belong to other VLANs. Private devices can reach public devices by using the translated gateway address
(i.e. the address of the Layer 3 switch / router).
You also do not need to configure NAT for every device on the private subnet. For example, you can choose
to omit some devices from NAT to increase security, decrease traffic, or conserve public address space.
28. Go the Device Manager interface for the Stratix 5700. Launch Internet Explorer by clicking the Internet
Explorer icon on taskbar
29. Type the translated IP address 10.10.10.2 of the Stratix 5700 in the address bar and press enter.
44 of 59
30. In the authentication box shown below, leave username blank and type rockwell (all lowercase, no
quotes) as the password.
45 of 59
33. Select the Public to Private tab. We need to delete all Public-to-Private translations used for the Layer 2
architecture lab. Select all three translations, and click Delete.
Make sure that the correct tab is selected!
You will be asked if you are sure you would like to delete the selected items. Click OK.
46 of 59
35. Enter the Gateway Translation of 10.10.10.1 for the Public and 192.168.1.1 for the Private. Click Save.
47 of 59
Verifying EtherNet/IP communication through NAT
We are now ready to download new programs for the Line Controller and then the Machine Controller.
These programs will use the IP address 10.10.20.20 of the Line Controller in VLAN 20.
38. Open the Logix Files folder by using the shortcut on the desktop. Open Bottom_CLX_Line_Lab2.ACD file
to download the program to the Line controller (bottom chassis). Make sure that you select the right file
(Line_Lab2).
39. Click the Who Active button. Expand the VLAN20_Lab2 Ethernet driver and browse to 10.10.20.20 slot 0.
Click Download.
48 of 59
40. Click Download
49 of 59
Next we will download the Machine controller program.
42. In the Logix Files folder, open Top_CLX_Machine_Lab2.ACD file to download the program to the Machine
controller (bottom chassis). Make sure that you select the right file (Machine_Lab2).
43. Click the Who Active button. Expand the VLAN10 Ethernet driver and browse to 10.10.10.3 slot 0. Click
Download.
50 of 59
44. Click Download. Click Yes to change the controller to Remote Run mode.
Once both programs are downloaded, the Point I/O outputs in the demo case will be solid green, proving
and illustrating the communication between the Line and Machine Controllers.
45. Right-click on the RemoteEN2TR module in the Machine program and select Properties.
As you see, the Machine program uses the real (untranslated) address 10.10.20.20 of the Line Controller.
Since we configured the gateway translation, we can use public IP addresses to communicate to the
devices in other VLANs.
51 of 59
46. Go to the FactoryTalk View SE client application, click on Lab 2 Display button, and verify that all lines are
showing green.
52 of 59
Lab Summary
In this lab, you have worked through exercises that demonstrated the power and flexibility of the Stratix 5700 and the Stratix
8000 Ethernet Managed Switches, and reviewed Network Address Translation, VLANs, Connected Routing and DHCP
Persistence features of Stratix switches. You have completed the following tasks:
53 of 59
Instructors Use Only
Lab Configuration and Setup Guide
Lab Information
Lab Name Applying Advanced EtherNet/IP Features in Converged Plant-wide Ethernet Architectures
Lab Description This hands-on lab will demonstrate Network Address Translation (NAT) in Layer 2 and Layer 3
architectures, VLAN segmentation, and Connected Routing. A prior understanding of general
Ethernet concepts, including switching and routing is recommended.
Lab Creator Eduard Polyakov Sr. Commercial Engineer
Date Created 9/1/2014
Updates: 3/31/2015 minor cleanup, updated screenshots
9/14/2015 added DLR on 5700 switch, updated screenshots and diagrams
12/8/2015 added startup script to configure switches automatically, minor revisions
Hardware Configuration
Qty Demo Cat.# / Description Slot IP Address Firmware
1 ENET21 Demo Box
Top CLX Chassis
1756-L75 Slot 0 26.013
1756-EN2TR Slot 1 192.168.1.3 5.008
1756-IB16ISOE Slot 2 2.009
1756-EN2TR Slot 3 192.168.1.4 5.008
Bottom CLX Chassis
1756-L75 Slot 0 26.013
1756-EN2TR Slot 1 10.10.x.20 (DHCP) 5.008
1756-IB16ISOE Slot 2 2.009
1756-SFM Slot 3 N/A
Stratix 5700 Ethernet Switch N/A 192.168.1.2 IOS 15.2(3)EA1
Stratix 8000 Ethernet Switch N/A 10.10.10.1 (VLAN 10) IOS 15.2(3)EA1
1783-ETAP 192.168.1.6 2.002
1734-AENTR Slot 0 192.168.1.5 3.012
1734-IB8 Slot 1 3.022
1734-OB8E Slot 2 3.022
1734-OE2V Slot 3 3.005
1732E-IB16M12SOEDR 192.168.1.7 1.007
54 of 59
Computer/Host Settings
IP Address Configured as outlined in the various lab sections
Windows 7 with Internet Explorer V9, V10, V11 or Mozilla V26,
Operating System V27 installed
Application Versions
Vendor Software Version Service Pack
RA Studio 5000 Logix Designer 26.01
RA RSLinx 3.73
RA FTViewSE 8.00
Cisco Cisco Network Assistant 6.2
Note: Please be aware that IP addresses of some of the devices change during the lab. The Stratix 8000 switch
has several VLAN interfaces, each with its own IP address.
This hands-on lab uses the ENET21 Demo Box. This system is comprised of 2 Control Logix controllers, 2 different types of
Stratix Ethernet Switches, 1 Point I/O module, 1 Armor Block module, 3 different styles of Ethernet modules, and 1 Computer.
Note: The same demo box is used for this Advanced EtherNet/IP lab and the Basic EtherNet/IP
lab. The switch configuration and cabling for some of the devices is different between the labs.
Please make sure that correct reset steps are followed since the box may be configured for a
different lab.
55 of 59
Lab Resetting and Startup Procedures
This section describes how to reset the hardware and verify configuration when setting up the lab and between the sessions.
Please read all steps through one time before hooking and starting up the lab.
1. Connect all Ethernet devices to the corresponding Ethernet ports on the Stratix 8000 and 5700 switches as seen
below. Note that the Line Controller (connected to the Stratix 8000) is in the bottom chassis of the demo box.
The Machine Controller (connected to the Stratix 5700 and DLR) is in the top chassis.
a. Make sure that Line EN2TR Slot 1 Port 1 (Bottom CLX) is connected to the Stratix 8000 Fa1/3. This is
necessary for the correct IP address assignment in the Lab 1.
b. Note that during the lab users will move some cables to different switch ports. Please make sure that
connections are restored between the sessions according to the diagram.
2. Restart the Advanced EtherNet/IP lab image on the PC. The IP address of the VM is set to 192.168.1.30.
56 of 59
When the lab image is restarted, a script is running to restore switch configurations. Please follow
the steps below to make sure that it executes correctly.
3. You should see the message on the screen. Connect the PC Ethernet cable to the Stratix 8000 port Fa1/1. This is
a temporary connection to restore the Stratix 8000 switch configuration. Click OK to continue.
4. The script verifies connectivity to the switch and if the TFTP server is running, then copies the correct configuration
to the Stratix 8000 switch. DO NOT close or click on any open windows.
5. Wait until you see the next message on the screen. Connect the PC Ethernet cable to the Stratix 5700 port Fa1/1.
This is a temporary connection to restore the Stratix 5700 switch configuration. Click OK to continue.
6. The script verifies connectivity to the switch and if the TFTP server is running, then copies the correct configuration
to the Stratix 5700 switch. DO NOT close or click on any open windows.
7. Move the PC Ethernet cable back to the Stratix 8000 port Fa1/2. This completes the cabling for the lab
according to the diagram.
The IP address can remain as 192.168.1.30. Lab 1 uses this address in the beginning.
8. Power cycle the bottom ControlLogix chassis to reset the EN2TR module and get the new IP address via DHCP.
9. Verify IP address assignment for the EN2TR modules.
a. Machine EN2TR slot 1 (Top CLX) - 192.168.1.3
b. Machine EN2TR slot 3 (Top CLX) - 192.168.1.4
c. Line EN2TR slot 1 (Bottom CLX) 10.10.10.20
10. During the initial setup before the event, make sure that DLR Supervisor mode is disabled on EN2TR modules
192.168.1.3 and 192.168.1.20 and enabled on the EN2TR module 192.168.1.4.
11. Review the list of known issues and troubleshooting steps on the next page before conducting the lab.
It is recommended to run through the lab on all stations before the event starts.
57 of 59
Lab Troubleshooting
Some of the issues that may happen during the lab and during the reset are listed here.
58 of 59
Cannot restore configurations using Cisco CNA Shut down the TFTP server that is running on the image.
(message says The embedded TFTP server
cannot start).
Cannot connect to the switch via the script, CNA Try the following steps to resolve the issue:
or webpage using the normal steps. Cannot ping 1. Make sure that direct connection is made to the switch through the
the IP address of the switch from the PC. correct port (see reset steps above).
2. Verify the IP address of the PC (see reset steps above).
3. Reset the demo box.
4. Reboot the PC (physical machine, not VM).
5. Verify that the correct physical NIC on the PC is used (typically event
computers have two NICs, one for the demo box connection, and
another for classroom connection)
6. In case if the switch configuration has been altered (wrong IP address,
wrong VLAN on the port etc.), the switch needs to be reset to the factory
default configuration and the correct IP address should be assigned.
This can be done using the Express Setup button. Please refer to the
Stratix switch manual.
7. Serial console connection and CLI can also be used to correct the
configuration (requires knowledge of IOS commands).
8. After the switch has been reset to the factory default configuration and
correct IP address has been assigned, use the startup script to restore
the lab configuration.
Duplicate IP Address error in one of the EN2TR Try the following steps to resolve the issue:
modules 1. Check the IP address of the physical NIC of the PC (not the VM). Make
sure that it has NOT been assigned in the 192.168.1.1 192.168.1.7
range, or .20, .30. If the PCs NIC is set to DHCP and keeps getting the
overlapping address, do the following in the command prompt:
ipconfig /release
net stop dhcp
net start dhcp
ipconfig /renew
2. Verify settings for other devices.
3. Reset the EN2TR module.
4. Power cycle the demo box.
5. Restart the VM image.
59 of 59