INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

hide IP address from network

hide IP address from network

(OP)
Hi all, not sure if this is the best spot for this post, please let me know! The solution does not need to be a Cisco product.

I'm a Controls Engineer for an industrial machinery OEM which has a machine that uses 2 IP addresses (PLC and HMI) to communicate. These come into an unmanaged switch which also connects these devices to the plant network. The customer wants to see only one IP on their network though.

Initially we thought a managed switch would do the trick, but it looks like even if communication is prevented the blocked IP will still be visible to the network. Speaking with a technical expert from one of our vendors pointed us to a Hirschmann EAGLE One, which will work, but has a lot of features we will not utilize, and is pretty expensive.

Are there any other options out there to hide an IP address from one device (the network) while allowing communication with another device? A router with IP filtering or DMZ was mentioned in another forum (Eng-Tips).

An industrial, DIN-rail mountable solution is preferred, but I'm open to all suggestions.

Thanks!

RE: hide IP address from network

I don't understand your requirement - if the interface isn't needed, just shut it down.
If the interface *is* needed, then "hiding" the IP address will break whichever system uses it.

Maybe if you explain the desired traffic flows for each of the IP addresses as well as the undesired traffic flows, I might be able to get my tiny brain around what is required...

RE: hide IP address from network

(OP)
Vince,

The goal is to have the two machine nodes visible to each other but only one visible to the plant network. So the first machine node should have uninhibited communication with both the second machine node and the plant network, while the second node should only be able to communicate with the first machine node.

RE: hide IP address from network

if i understand this correctly ..

machine A:
A1 --> allowed to talk to all .
A2 --> Only allowed to talk to B1

Machine B:

B1 --> Only allowed to talk to A2


if these assumptions are correct then :


private vlan A2 and B1 on the same Pvlan , with A2 being in promiscuous mode.

A1 --> on your regular network as is.

http://www.cisco.com/c/en/us/tech/lan-switching/pr...


if assumptions are incorrect then fix them and im sure either vince or someone or I will come up with a solution for ya. ..

maybe :p

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

RE: hide IP address from network

OK, I think it's simpler than what imbadatthis is saying:

Desired outcome:
A1 <--> A2
A1 <--> other LAN hosts
A2 x--x other LAN hosts

I see two ways of doing this:
1/ get on your "core" switch or router. Create a MAC-address access list and block A2's MAC address. Your existing hardware may or may not be able to do this.
2/ Simpler: Can A1 have a secondary IP address configured? Retain A1 IP address. Delete A2 IP address. Configure new IP addresses in a different as-yet-unused subnet on both devices (so A1 has a 2nd IP address). They will then see each other via the existing unmanaged switch, but A2's IP address will not be visible or reachable from the rest of the network due to the rest of the network's subnet mask configurations.

RE: hide IP address from network

If I'm reading this correctly,,,

Machine A talks to Machine B via two NIC's

But only NIC 1 on either machine should be seen on the network.

If Machines A & B on NIC 2 don't need to talk to any other Machines on the network, (1) install a cross over cable between them. (2) Otherwise replace the switch with a managed switch and set up a VLAN with two ports one for each machine for NIC 2, this VLAN will not be seen by the other computers.

Hope this helps

RE: hide IP address from network

Where do you see 4 NICs in this story?
I see only 2 IP addresses, which are probably each on their own NIC, so 2 NICs total.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close