Hi everyone,
I’m building a complicated piece of industrial automation equipment, and there are many components that communicate over ethernet. I have a portable test rig that I use for development, and now it’s time to drag it out into the factory and do some testing.
Right now, every component on my test rig is assigned a static IP address, and they are hooked up to a Mikrotik CRS 109-8G-1S-2HnD-IN. I would like to be able to connect it to the factory’s WiFi or Ethernet, and be able to monitor my test rig remotely. Basically, I want to somehow access my test rig LAN from the main network. Is there some network topology that would allow this to happen? I supposed a solution is to add an Ethernet port to the computer and separate the networks that way, but it’s one of those embedded single-board computers so it’s not straightforward.
The possibilities depend a bit on what the local IT will allow!
So you have already some “VPN” services that connect you to the factory network ?
You speak about connecting the CRS as a wireless-client onto the corporate network right ?
Perhaps you could ask localIT if they can provide you with a STATIC IP-address for the wireless-interfaces on the CRS .. Or have some (dynamic) DNS entry updated so you can always find the CRS back on the network.
Then just configured some NAT 1:1 towards eg. the “Computer” and use this as a jump-host ? You have some centralised logging/management/visualisation tool on the “Computer” ?
In order to access it from home, you would VPN into the factory and connect to the internal-IP / DNS that LocalIT provided to you. You would end up on the computer.
Many other scenario’s are possible, but a talk with LocalIT would be a good starting point!
Thanks, I’ll give it a try. I was wondering if it’s possible, if the factory network is 192.168.1.x, to have my sub-network to be 192.168.2.x, and still be able to get in from remote computers on the 192.168.1.x network? (Assuming the local IT will do anything for me, I know them well.)
I have logging software on the test rig’s embedded computer, but it’s also nice to be able to access the remote nodes directly for debugging purposes.
Sure, then make sure can arrange with LocalIT to get several factory IP’s and map them 1:1 like
192.168.1.50 = 192.168.2.50
192.168.1.51 = 192.168.2.51
…
and so on. By doing NAT 1:1 all ports & protocols will go through without too much thinkering or conflicts.
Off course many many solutions are possible. Even if you only get 1 factory IP you could still access your testing network on 192.168.1.x by configuring a good NAT-config based on ports.
You can make it so complex you want…I would start to check with LocalIT what you can obtain and work from there…
He’s asking me what I need, I’m not sure what to tell him, but I don’t think mapping a bunch of IPs 1:1 is the right way to go, since if I change my IP addresses it’ll break. So here’s what I’m thinking:
All the stuff on the test rig is 192.168.0.x, and the stuff on the LAN is 172.16.x.x. Can I ask for a single static IP, plug the Mikrotik WAN port into his network and use that static IP, then ask him to add a static route for 192.168.0.0/255.255.255.0, and then I set the Mikrotik’s gateway to the IP of his router? Does that sound right?
That’s even better, IF LocalIT is that flexible to allow you to ROUTE your test-rig IP-space right over the factory LAN then by all means go for that!
Sure, ask a static, put it on any interface of your Mikrotik (not nessecary “WAN”) and then put all other 192.168.0.x together on a “Bridge” interface. LocalIT will route your 192.168.0.x testrig-block straight to the static 172.16.x.y and you are good to go. But remember if you are coming in from an IP other then 192.168.0.x (eg. some VPN subnet) YOU will have to set a IP-route too on the Mikrotik. It currently knows only about the direct-connected networks 172.16.x.x and 192.168.0.x
The rest of the flows you can “control” using firewall-rules if you want that.
Thanks, I got it working on my own network by adding the IP route on my network router, so it should deploy just fine. I’m sure the local IT will accommodate, a case of beer goes a long way with these small companies.
