Hi, I apologize if this has been asked and answered before - I tried searching the forums but couldn’t find it.
I would like to use a Microtik Hex in an industrial application where a ‘Main PLC’ needs to talk Modbus TCP to multiple ‘Packing Machine’ PLC’s. The main PLC controls some processes and conveys product to the packing machines. The Packing Machines are purchased from another supplier and come with default IP Addresses which we want to keep. It is ‘possible’ to change the IP addresses in their equipment but this has a few issues: 1. If the IP addresses are changed in the wrong order - devices can be lost. 2. If software updates are required then the IP addresses need to be changed back to default, software flashed, then the IP address changed again. 3. All the network traffic from the Packing Machines ends up on the network that the ‘Main PLC’ uses.
So I played around with a hap lite for a proof of concept test and quickly worked out how to add IP addresses to Ether1 (192.168.2.101) and
Add chain=dstnat dst-address=192.168.2.101 protocol=tcp dst-port=502 action=dst-nat to-addresses=192.168.0.11 to-ports=502
Which works great as a solution if we put a Mikrotik into each packing machine. However their isn’t much room inside the machines and it means we have to modify the suppliers machine.
What I would really like to achieve is comms to multiple packing machines on the one Mikrotik router:
Main PLC 192.168.2.10, connected to Ether1 on Mikrotik
/IP Address
Add 192.168.2.101/24 interface=Ether1
Add 192.168.2.102/24 interface=Ether1
Add 192.168.2.103/24 interface=Ether1
Connect Packing Machine 1 to Port 3 without changing it’s IP Addresses.
Connect Packing Machine 2 to Port 4 without changing it’s IP Addresses.
Connect Packing Machine 3 to Port 5 without changing it’s IP Addresses.
Have traffic from the PLC (192.168.2.10):
Talk TCP port 502 to 192.168.2.101 and have that pop out on Port 3 with 192.168.0.10 as the destination IP address.
Talk TCP port 502 to 192.168.2.102 and have that pop out on Port 4 with 192.168.0.10 as the destination IP address.
Talk TCP port 502 to 192.168.2.103 and have that pop out on Port 5 with 192.168.0.10 as the destination IP address.
Obviously return traffic from the Packing Machines needs to find the PLC.
All other packets to be dropped (well maybe with the exception of winbox and ICMP).
I have looked at the Port Isolation and VLANs but I am not sure that is what it needed or how to do the forwarding afterwards.
Do I need different hardware?
VLAN Hybrid ports which can forward both tagged and untagged traffic are supported only by some Gigabit switch chips (QCA8337, AR8327)
CRS3xx series is required to do Bridge VLAN Filtering (what ever that is).
I drew up an approximate network if helps.
