Industrial Automation
Industrial Automation | Europe

myKnowledge

Main > Product Type > Automation Systems > Remote IO
Minimize Text   Default    Enlarge Text
 

Print
E-mail

Using PROFINET Network Scan With Firewalls


Introduction
More and more people have a firewall installed on their PC. This closes the door for attacks. But they also disable functionality of network configuration tools. In this case the network scan and name setting for PROFINET networks.
Content
The first action that needs to be done to get a PROFINET network up and running is setting the names in the PROFINET IO Devices the PROFINET IO Controller is going to communicate with. If there is not a correct name in the PROFINET IO Device then there is no communication possible.
 
In the configuration tool for the PROFINET IO Controller the first screen that appears is the PROFINET Identification and Network Scan tool. You must scan the network and set the names of the PROFINET IO Devices.
 
But when a firewall is installed that has very tight rules it often happens that a scan doesn't show any devices. This is caused by the firewall blocking PROFINET Ethernet type messages.
Now these messages are not of the normal IP-type of messages. They are of the PROFINET type or 802.11Q Virtual LAN type.
 
The firewall should be set up to pass these types of Ethernet frames. Depending on the brand and version of firewall the settings are in different sections but in general it all comes down to the same.
 
The setting that needs to be nade is opening the communication in both direction for Ethernet type 0x8892 for PROFINET and 0x8100 for the 802.11Q Virtual LAN type.
 
Valuable tools to check what goes on the network is a network analyser that is called Wireshark. With this analyser data exchange and types of frames can be displayed so you can see if you still have other ports to open.
Summary
For the PROFINET Network Scan and IO Device naming Ethernet Frame Types 0x8892 and 0x8100 must be open in the firewall on the PC.
References
You can download Wireshark from www.wireshark.org

 




Comments (View All Comments / Add Comment)

Related Articles
No related articles found.
Created 2011-05-24
Modified 2011-05-25
Views 6961

 

You are not logged in.