Please be gentle with me, I am an industrial electrician by trade.
I have always worked with PLC's,however recently taken on a role as a control engineer in my factory
My factory has expanded rapidily over the last year. the vast majority of the plc's should all be theoretically in a pre-defined static ip range there are some exceptions currently not networked
but for the purpose of the thread
1.2.1.?? plant 1
or
1.2.2.?? plant 2
or
1.2.3.?? plant 3
I have approx 30 new discrete units and 3 new network switches i wish to add to the existing plc network.
I have sourced a couple of HP Procurve switches 2650-J4899B & a 2610 J9088A.
these have been configured by a 3rd party who ran some fibre in for me with static IP Addresses in the plc range.
I have also Ewon remote access units from the main IT firewall not in my factory domain for OEM's
My problem is any oem who then remote's into the factory domain plc network has visibilty over all my networked device.
As i now have the opportunity to reconnect / reallocate devices to particular ports on these new switches is there a way to effectively block what an oem ewon can see in my internal plc network by some kind of port management / firewall setting on the procurve switches.
I am new to this so any help to increase my understanding is appreciated.
