Community discussions

MikroTik App
 
Chiara
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 72
Joined: Thu Jul 23, 2015 3:47 pm

S7 1200 siemens

Mon Oct 16, 2017 10:52 am

Dear Sirs,
I need to nat traffic from a Siemens S7/1200 PLC, I can ping the plc but cannot connect by siemens management software that should use port 102.
I've made a general nat rule no specified ports, as the ping works I believed other protocols either works, but it's not like this.
Is anyone with experience with this?

If the plc use PROFINET mikrotik can handle this traffic?

Thanks, BR
 
peci
just joined
Posts: 13
Joined: Sun Jun 03, 2007 3:00 pm

Re: S7 1200 siemens

Thu Jun 07, 2018 2:08 pm

hello, did you find solution for this problem, i have the same
i try to disable protocols in mikrotik but without success, i can ping but there is no communication between the plc



regards
 
Pablo85
just joined
Posts: 1
Joined: Tue May 11, 2021 4:22 am

Re: S7 1200 siemens

Tue May 11, 2021 5:05 am

Late to the party...

Some explanation as to clarify this if anyone stumbles with this issues.

PROFINET has two parts, a TCP/IP part for parametrization and configuration of PROFINET devices and a Real Time (RT) part for process control. The TCP/IP part use all the layers of the OSI model, it's used for non critical comunication. Even if it use TCP/IP for this, in my experiece it's best to be in the same network as the PROFINET devices. Some devices just won't appear or let you configure if the comunication is not at layer 2.

The other part of the PROFINET Protocol is the RT part, which is used for process control. RT discard all but layers 1, 2 and 7 as to reduce jitter and response time to minimums. PROFINET RT is NOT Routable since it doesn't use layer 3 at all. If you want PROFINET to be routable you gotta use PROFINET CBA, but the standard PROFINET is not routable.
Another important aspect of PROFINET is that it's vlan and priority tagged, it uses vlan 0 as the vlan tag. That means that your switch, AP, etc needs to be vlan aware, although there is no need to define any vlans since it's tagged with vlan 0. If a bridge is created in a AP or router, etc, vlan filtering needs to be enable on that bridge for PROFINET comunication to happen, else the packets will be discarded as they are vlan tagged.

Also if you plan to pass PROFINET through a wireless link you should increase the I/O scan time from the default 1ms, to at least 32ms or more depending on the link.

Im not an expert so if there are any mistakes plesae feel free to correct me.

Cheers!

Who is online

Users browsing this forum: No registered users and 18 guests