Device with fixed IP not seen in DHCP server manager Windows 2000
I always preface that I know it's wrong to still be running Win 2000 Server, but it's not my name on the building.
Welcome to budget based manufacturing.
Here's my problem. I haven't ever seen this in 16 years.
Usually, when a device gets plugged into the network with a valid MAC address, it shows up in the DHCP server. From there, I can acquire the information needed to give it a permanent reservation. We have a new PLC that does not play that way, not Windows based, and can only be configured on the client end with a fixed IP address. I gave the controller an IP, subnet, and gateway matching our network, and tried setting a reservation to match in the DHCP manager, but nothing seems to allow the reservation to be active.
The main problem is connectivity out of the building. The device has a pass through the firewall, but we are set up such that the domain controller is the also the DNS server that passes DNS requests to the gateway where DNS resolution happens for real. Never a problem until this device that does not have an option to obtain an IP address from a host. Near as I can tell, this device is not getting past the DHCP manager, with or without a reservation.
Their tech support says, "To access remotely you will need to set the panel to a public IP address and allow the RMC device to pass through the firewall or allow the RMC device to access your public IP then remote into your local area network. Hope this information helps."
I'm not too sure what that means. I have even tried putting a public IP DNS (8.8.8.8) in the controller's fixed address rather than the domain controller, but we still don't seem to be able to get past the domain controller to forward DNS requests to the gateway.
What am I missing here? Every other device, domain member or not, can be managed through DHCP, but not this one. It's almost like it isn't broadcasting. I really don't know for sure. There are no tools on the controller to troubleshoot network connectivity. All I can do is ping it from machines inside the network.
Two captures for you, one shows the firewall pass through, the other the inactive DHCP lease. The one capture shows "none" on lease type, but the reservation was made DHCP only. I'm at a loss on this one. If the device can't/won't be forwarded by the internal DNS server to the gateway, it's not going to be able to leave the building, right?
Welcome to budget based manufacturing.
Here's my problem. I haven't ever seen this in 16 years.
Usually, when a device gets plugged into the network with a valid MAC address, it shows up in the DHCP server. From there, I can acquire the information needed to give it a permanent reservation. We have a new PLC that does not play that way, not Windows based, and can only be configured on the client end with a fixed IP address. I gave the controller an IP, subnet, and gateway matching our network, and tried setting a reservation to match in the DHCP manager, but nothing seems to allow the reservation to be active.
The main problem is connectivity out of the building. The device has a pass through the firewall, but we are set up such that the domain controller is the also the DNS server that passes DNS requests to the gateway where DNS resolution happens for real. Never a problem until this device that does not have an option to obtain an IP address from a host. Near as I can tell, this device is not getting past the DHCP manager, with or without a reservation.
Their tech support says, "To access remotely you will need to set the panel to a public IP address and allow the RMC device to pass through the firewall or allow the RMC device to access your public IP then remote into your local area network. Hope this information helps."
I'm not too sure what that means. I have even tried putting a public IP DNS (8.8.8.8) in the controller's fixed address rather than the domain controller, but we still don't seem to be able to get past the domain controller to forward DNS requests to the gateway.
What am I missing here? Every other device, domain member or not, can be managed through DHCP, but not this one. It's almost like it isn't broadcasting. I really don't know for sure. There are no tools on the controller to troubleshoot network connectivity. All I can do is ping it from machines inside the network.
Two captures for you, one shows the firewall pass through, the other the inactive DHCP lease. The one capture shows "none" on lease type, but the reservation was made DHCP only. I'm at a loss on this one. If the device can't/won't be forwarded by the internal DNS server to the gateway, it's not going to be able to leave the building, right?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Putting in the public IP directly in the PLC unit won't help and 8.8.8.8 is Google dns server. That won't help anything in terms of what you're trying to achieve. The reason is because the PLC unit is internal, behind the firewall/router. If it's outside of the router/firewall then you may be able to reach it directly if the PLC unit is assigned a public static IP address. Note that if you're trying to reach the device by using IP address then you don't even need the DNS settings. You only need DNS if you're going to do machine name or URL to IP address translation or reverse lookup (reverse DNS).
"The goal is to gain connectivity out of the building such that it can send out service messages via DHCP and be managed remotely via a mobile device."
Then in this case the tech's statement is correct " "To access remotely you will need to set the panel to a public IP address and allow the RMC device to pass through the firewall or allow the RMC device to access your public IP then remote into your local area network. Hope this information helps.""
The mobile device must be pointed to your public IP address then you will need to set a port fowarding rule on your router/firewall to allow traffic to/from the PLC unit to respond to communication directed at this port in order to be able to reach it from outside the company.
When you said "it can send out service messages via DHCP " meaning are you trying to have the PLC unit send automated emails via your email server?
"The goal is to gain connectivity out of the building such that it can send out service messages via DHCP and be managed remotely via a mobile device."
Then in this case the tech's statement is correct " "To access remotely you will need to set the panel to a public IP address and allow the RMC device to pass through the firewall or allow the RMC device to access your public IP then remote into your local area network. Hope this information helps.""
The mobile device must be pointed to your public IP address then you will need to set a port fowarding rule on your router/firewall to allow traffic to/from the PLC unit to respond to communication directed at this port in order to be able to reach it from outside the company.
When you said "it can send out service messages via DHCP " meaning are you trying to have the PLC unit send automated emails via your email server?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I'm sorry that I misspoke on that. I meant to say "it can send out service messages via SMTP."
Below are the rules I am currently using to forward the ports, currently any, and if that works, then I can narrow it down to the port needed. Right now, I'm just trying to gain connectivity.
There really is any good help with this and the app side. The full instructions are "Enter IP and Port #."
That's it.
So I assume that means, as you said, the public IP is what they connect to, and the software finds the controller once "inside."
Below are the rules I am currently using to forward the ports, currently any, and if that works, then I can narrow it down to the port needed. Right now, I'm just trying to gain connectivity.
There really is any good help with this and the app side. The full instructions are "Enter IP and Port #."
That's it.
So I assume that means, as you said, the public IP is what they connect to, and the software finds the controller once "inside."
ASKER
Forgot the file...
If the app side only require IP address and port then you won't have to worry about DNS settings. You just need to open up a port on your router/firewall to point to static IP address for the PLC unit. You should then be able to reach the PLC unit from outside by using the Public IP address and port number assigned.
As for the SMTP, there should be setting on the PLC for SMTP and you just need to type in the SMTP email server IP address as long as the email server allow relaying from internal devices (you may need to specify the IP address of the PLC unit in your email server to allow relaying). I only allow certain machines to allow sending out messages for security reasons.
The public IP is what they connect to, and the software finds the controller once "inside." - the software won't need to find the PLC because the port forwarding rule is a static reference (point to the static IP address you have given the PLC).
As for the SMTP, there should be setting on the PLC for SMTP and you just need to type in the SMTP email server IP address as long as the email server allow relaying from internal devices (you may need to specify the IP address of the PLC unit in your email server to allow relaying). I only allow certain machines to allow sending out messages for security reasons.
The public IP is what they connect to, and the software finds the controller once "inside." - the software won't need to find the PLC because the port forwarding rule is a static reference (point to the static IP address you have given the PLC).
ASKER
So talking with the guy working with this, the problem with the app on the phones assumes direct connectivity such as a VPN. The UTM does have VPN software for mobile devices, but I'm not comfortable having that ability on a private device. We do not have corporate mobile phones, just a reimbursement for those who use it for work. That also calls for a VPN connection to be "always on" to be able to send alerts.
But as it turns out, what we get now from the vendor, is this problem is easily addressed in the following manner. I guess they just assumed a manufacturing plant didn't have the "fancy" stuff, and made a base sale, just not the right sale.
"DHCP assignable IP addresses can only be done on the EZ Panels listed below.
EZCE Series
EZWindows Series
EZTouchPlus Series"
Yep. We got the wrong one...
Points awards to follow.
Thanks to all.
But as it turns out, what we get now from the vendor, is this problem is easily addressed in the following manner. I guess they just assumed a manufacturing plant didn't have the "fancy" stuff, and made a base sale, just not the right sale.
"DHCP assignable IP addresses can only be done on the EZ Panels listed below.
EZCE Series
EZWindows Series
EZTouchPlus Series"
Yep. We got the wrong one...
Points awards to follow.
Thanks to all.
Great, glad you got it solved. Cheers!
ASKER
The goal is to gain connectivity out of the building such that it can send out service messages via DHCP and be managed remotely via a mobile device.
The device allows you to set IP/Subnet/Gateway/DNS/NTP.
I'm going to try putting the public IP of the ISP as the Gateway and 8.8.8.8 as the DNS server.
Thank you. I'll keep you posted.