www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
August 22, 2013
NAT configurations for Moxa’s EDR series
What is a NAT?
Not to be confused with those pesky flying insects, GNATs. NAT or Network Address
Translation is a routing process where IP address information is translated to another IP
address. Both addresses are typically of different subnetworks or segments in which
Layer 3 devices such as the EDR-G902, EDR-G903 and EDR-810 series readily
support.
Types of NATs typically use
N:1 NAT
This is a very popular NAT process that is encountered all the time,
especially if your network utilizes the Internet connection.
N:1 NAT is when one (1) IP address translates to multiple (N) IP
addresses, very much how the Internet connection at home and small
office is set-up to do.
Port Forwarding
When you are in a N:1 NAT, you sometimes need to access services that
is located in the LAN side of the network (or the “N” part of the NAT)
which is hidden from the WAN or Internet.
Port Forwarding will associate a specific port or a range of ports from the
LAN and map it to another set of ports which can be different to the WAN.
This is usually used to forward ports in order to access Websites or FTP
servers from the LAN to WAN.
Port Forwarding can be too restrictive especially if you have multiple
similar services you would like to forward, such as HMI web interfaces
and FTP servers.
P a g e | 2
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
.
1:1 NAT
The 1:1 NAT is a way to map one WAN IP Address to one LAN IP
Address.
This is very useful when you want to standardize the IP Address scheme
of your production line while still providing connectivity.
Application Scenario
Overview
Ten production lines independent from each other.
The Customer requests to access the Web Interface from 2 of the 3 HMIs
to look at production status for each line.
The customer requests to have a set of specific data to be logged from
each line to their existing SCADA server in the office network for
production analysis.
The Production Line and Office Network have different IP address
schemes.
Goal
Minimize communication changes of PLC’s and other Network devices in
the production lines
Keep all the production lines separated from each other.
Provide the network connection to the SCADA server
Provide the Web Interface service to the customer’s Office Network
Solution
Add an EDR router in each Production Line
P a g e | 3
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
Set the EDR series for 1:1 NATing
Add the LAN IP address as the Gateway Address of the requested PLC
and HMI
Map the PLC and HMIs IP address to a set of IP addresses that will be
part of the customer’s office Network.
What will happen with the solution
The Production Line network does not have to change; a gateway
address is added so that requests/responses from the customer office’s
network will go to the EDR first.
Each production line will not see each other; therefore, minimizes
possible IP conflicts from the Production Line.
The Office Network has full access only to the requested PLC and HMI.
Additional security feature such as the EDR’s built in Firewall can
be implemented if desired to increase system security.
How to Set-Up an EDR series for 1:1 NAT
This section will cover set-by-step on how to set-up the EDR-G903 for 1:1 NATing.
Keep in mind the set-up is very similar for the EDR-G902 and EDR-810 series as well.
Overview
Set the EDR-G903 for 1:1 NAT to route a P3K PAC and a C-More HMI to
another network.
Setting before adding the EDR-G903
o P3K PAC
IP Address: 192.168.7.20
Subnet: 255.255.255.0
Gateway: None
o C-More HMI
IP Address: 192.168.7.21
Subnet: 255.255.255.0
Gateway: None
Setting after adding the EDR-G903
o P3K PAC
IP Address: 192.168.7.20
Subnet: 255.255.255.0
Gateway: 192.168.7.250
o C-More HMI
IP Address: 192.168.7.21
Subnet: 255.255.255.0
Gateway: 192.168.7.250
o EDR-G903
LAN Port
IP Address: 192.168.7.250
Subnet: 255.255.255.0
Gateway: Not Applicable
WAN1 Port
P a g e | 4
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
IP Address: 10.10.10.2
Subnet: 255.255.255.0
Gateway: None
1:1 Mapping
192.168.7.20 to 10.10.10.200
192.168.7.21 to 10.10.10.210
Firewall
Fully Open
Set-Up Instructions
Connect to the LAN port of the EDR-G903
Login to the EDR-G903
Default IP address: 192.168.127.254
Username: Admin
Password: No Password
For testing purposes, go to the Firewall settings and make sure all ports
are open.
Click on Firewall Policy
Click on Policy Overview
P a g e | 5
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
Change the LAN IP address of the EDR-G903
Click Network
Interface
LAN
o IP Address: 192.168.7.250
o Subnet Mask: 255.255.255.0
Click Activate
Click Confirm
Don’t forget to change the PC’s IP computer to be part of the new LAN
network
P a g e | 6
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
Change the WAN IP address of the EDR-G903
Click Network
Interface
WAN1
This can be DHCP; however, it has to be part of the same network
the 1:1 NAT is mapped to. In this case 10.10.10.x Network
o Connect Mode: Enable
o Connect Type: Static IP
o IP Address: 10.10.10.2
o In this set-up, the DNS and PPTP are not needed.
Click Activate
Click Confirm
Configure the NAT for 1:1
Click on NAT
P a g e | 7
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
Click on New/Insert
A popup will appear
Click OK
C-More HMI Configuration
o NAT Mode: 1-1
o Interface: WAN1
o LAN/DMZ IP 192.168.7.21
o WAN IP 10.10.10.210
Make sure Enable is Checked
Click Modify
P a g e | 8
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
Do the same for the P3K
o NAT Mode: 1-1
o Interface: WAN1
o LAN/DMZ IP 192.168.7.20
o WAN IP 10.10.10.200
Click Activate
Click Confirm
Test Instructions
Disconnect the computer to the LAN port of the EDR-G903
Connect the PLC/HMI Network to the LAN port
Connect the PC to the WAN1 port of the EDR-G903
Change the IP address of the PC to be part of the 10.10.10.x
network
o PC IP Address: 10.10.10.40
o Subnet Mask: 255.255.255.0
o Gateway: Blank
o DNS Servers: Blank
P a g e | 9
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
Ping the mapped P3K PAC
Ping the mapped C-More
Access the FTP Server of the C-More
Access the Remote web console of the C-More
Access the P3K PLC for programming for the NATed network
Congratulations! The system has been set-up for 1:1 NATing
P a g e | 10
www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803
About Us
Quantum Automation is a networking and controls distributor comprised of talented Electrical and
Mechanical Engineers dedicated to understanding and delivering exactly what you need. Founded in
1991, Quantum Automation is the largest of four Value Added Resellers for AutomationDirect in
America. We are also the largest distributor of Moxa networking products in America. Our other major
product lines are: Advantech for industrial computers, IDEC for control products, and eWON for Remote
Access Routers. Recognized for outstanding customer service, quality products, hands-on training,
competitive prices, and over 30,000 part numbers to choose from, it’s no wonder thousands of OEMs,
Systems Integrators, and End Users choose Quantum Automation as their #1 Value Added Reseller!
Can the LAN and WAN networks have the same IP
address scheme and route properly?
KNOW THE ANSWER TO THE QUESTION?
ANSWER THE QUESTION FOR A CHANCE TO WIN A $100 AMAZON
GIFT CARD!
» Click Here
http://www.quantumautomation.com/techcorner-questionnaire.html