Introduction
A very natural question is what if the device that we want to access does not support S7-Routing (not from SIEMENS)? Well the answer is here with S7-1500’s IP forwarding.
What is IP Forwarding and Why S7-1500
IP forwarding is a network device feature that forwards network traffic between different networks that the device is connected to.
IP forwarding requires the network device to have at least two network interfaces. Since most of the S7-1500 PLCs have at least two network interfaces, this article will focus on the S7-1500 PLCs.
How to Use S7-1500 IP Forwarding
Hardware Configuration
It is extremely easy to configure S7-1500 IP forwarding. Simply tick the box in the PLC’s hardware configuration and the job is done.
There are two things that should be noted:
- IP forwarding will reduce the communication security and induce the risk of unauthorized network access.
- Only PLCs with at least two network interfaces can perform IP forwarding. PLCs like S7-1511-1 PN won’t be able to do it even with extended CP modules.
Network Configuration
In this example, there are two PLCs: TestPLC1 and TestPLC2.
TestPLC1 performs the IP forwarding and forwards the network traffic from its X1 port network to the X2 port network and reaches TestPLC2.
TestPLC1 Network Configuration
Below shows the TestPLC1’s X1 and X2 network configuration.
The router configuration to TestPLC1’s X1 port is not part of the example. It is my personal test environment’s network configuration.
TestPLC2 Network Configuration
Below is the TestPLC2’s network configuration.
Note that TestPLC2 is using TestPLC1’s X2 as a router. This is important to make the IP forwarding work.
Test The Network
After downloading the hardware configuration to both PLCs, the network overview should look like below.
My test environment runs PLCSim Advanced. The two PLC instances don’t need to be in run mode.
Below is the test result.
My test environment PC’s network adapter and the PLCSim Advanced network adapter are both in 192.168.68.0/24.
When I’m ping TestPLC2 whose IP address is 192.168.1.102, my test environment can get the response properly though it doesn’t have a network adapter in the 192.168.1.0/24 network.
In other words, TestPLC1 forwarded my ping from its X1 port to its X2 port and reached TestPLC2 and the response was forward back.
Limitations
The S7-1500 IP forwarding requires the PLC to have at least 2 network interfaces. Since there is no security configuration, it can be risky to use this feature in production and one of the network interfaces can potentially be accessed by unauthorized personnel.
Also, in most of the projects the S7-1500 PLC’s X1 interface will be used for field devices communication and its X2 interface will be used for IT system communication. If we want to access the field devices while we’re connected to the IT system’s network, there is a high chance the IT system will have more routing configuration for us to access the PLCs’ X2 interface. To allow us to access the field devices via the IT system’s network, additional routing must be added to the IT system’s router to route our traffic pointing at the field devices first to the PLC’s X2 port.
Conclusion
The IP forwarding feature of S7-1500 (and many other PLC manufactures, like B&R) allows a very flexible network configuration that can significantly increase our work efficiency simply by utilizing routing to reduce the time that we need to physically switch between networks during commissioning.
Though a good tool, it does impose the risk of allowing unauthorized access so it is not advised in the production environment.