Log In

Come Join Us!

Are you an
Engineering professional?
Join Eng-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Eng-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here




I am in need of splitting 3 pc's and 4 PLC's from a network. They had hooked them up to a corporate network. NOT SECURE.
I can't shut down these systems and change ip addresses.They hook up through a switch before they go to a corporate networt.
What i want to do is put a firewall up in between these 2 networks but not have to change there ip addresses. I will need to connect to them from the corporate network using Remote Desktop to connect to the engineering computer.
The question i have is can a router have the same ip address format on both sides and work correctly? How can i split this systems up and block all computers from connecting to them except through using Remote Desktop and the correct login?
Any help would greatly be appreciate.

RE: Networking

Some routers allow for a variety of security methods, MAC filtering, WEP, etc.  Not obvious which side you're trying to protect, but if your switch supports it, you can limit access to the MAC addresses you specify.

This has the effect of appearing to be an open network, but anyone whose MAC address is allowed will get no access.


FAQ731-376: Eng-Tips.com Forum Policies

RE: Networking

If your switch is a managed switch, you can place all your PLC's and PC's on a sepparate VLAN. This way they would be effectively isolated from your corporate network.

If you want to limit traffic types, but still have access to teh outside world, (i.e Internet for the PC's) then you will need to firewall the addresses and build a security scope defining which machines and IP's have access to which outbound IP's and TCP/UDP ports. This would be made easier if the PLC's and PC's were on a separate subnet (change the IP's) altogether.
This is also one of the recommended practices from the API Cyber Security Group for industrial automation and control. I do not know the actuial document ID, but a quick search on the API website will turn it up.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Eng-Tips Forums free from inappropriate posts.
The Eng-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Eng-Tips forums is a member-only feature.

Click Here to join Eng-Tips and talk with other members! Already a Member? Login


Close Box

Join Eng-Tips® Today!

Join your peers on the Internet's largest technical engineering professional community.
It's easy to join and it's free.

Here's Why Members Love Eng-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close