Industrial Ethernet Routers from Weidmüller
In the field of Industrial Ethernet networks, the topic of data transfer and data integrity is currently very much on peoples’ minds. It is only recently that user companies have begun to chew over safety strategies and draw up initial concepts. Industrial Ethernet is designed to be an open system, but that also means open to uninvited guests and data. Weidmüller offers Security Routers as gateways between the Ethernet worlds. They protect independent systems in the Industrial Ethernet field against unnecessary traffic and use by the unauthorised.
Industrial access routers facilitate simple and safe connections between office networks or the Internet and production networks. Routers specifically separate different networks. Access to production networks behind the routers is granted to authorized users only. Thus, it is possible to conceal connected plant behind a single IP address. That considerably minimises time and effort for installation work. Thanks to the integrated modem (analogue or ISDN) the routers can be accessed via the telephone network from anywhere in the world for configuration, administration and monitoring purposes. A Virtual Private Network (VPN) can be created between two routers through the local Internet provider. Authorised applications only are permissible. An external modem can optionally be connected to Weidmüller’s routers, for instance a GSM modem for wireless links.
Routers stand for two typical fields of applications: in addition to providing access to the Internet, they separate Ethernet networks for reasons of data integrity or for simpler configuration purposes.
Separating Ethernet networks in the factory
It is true that networks operating in industrial production facilities, in industrial machinery or in offices use the same Ethernet standard – they are different nevertheless. Office networks process greater amounts of data in relatively inert networks – an acceptable condition. Lethargic response times in industrial networks result in standstill and errors – conditions that are not acceptable under any circumstances. Although it is not practical to fully isolate the two networks, the chance has arisen for the first time to exploit one network for all processes. That increases transparency and equally reduces administrative and technical outlay. In addition, data exchange is made simpler and it becomes clearly more efficient. There are different options available to isolate and prioritise network data, for example VLAN or QoS for layer 2 level. Routers filter data on the IP level (layer 3). Such routers are extremely effective at reliably separating networks thanks to features such as firewall, network address translation (NAT), port address translation (PAT) and remote access via modem. Authorised users only can gain access to the protected network from outside and only enabled devices transmit data from within the protected network to the outside. The NAT/PAT feature conceals a machine with a single IP subnetwork and several network stations behind a single IP address. External attempts to access these IP addresses are automatically routed to a predetermined IP address in the network behind the router. Thus, external access to the device remains possible.
This approach of concealing a machine behind an IP address reduces installation and administration work for the machine manufacturer. Furthermore, it is possible to dial up the router via an external modem. That makes it possible to access the router and the machine behind it – without compromising the company’s network. Access is made via PPP and PAP protocols or via call-back channelled through a Virtual Private Network (VPN).
Connection to the Internet
Both Industrial Access routers IE-AR-10T and IE-AR-10T ISDN connect Industrial Ethernet networks safely and simply to the Internet. This is achieved by means of the integrated analogue or ISDN modem that provide global application options. External modems (ISDN, GSM, analogue) are simply connected to the RS232 interface. The systems are reliably protected by an integrated firewall. The browser, text console or SSH is used for programming / configuration. Laptops or handhelds can be used for user-friendly convenience. They do not require separate configuration software as this is already implemented in the device. The software is upgraded by means of remote access – during teleservicing procedures. Functions such as VPN, DynDNS and call-back are included as standard.
Amongst others, Weidmüller’s routers offer the following features:
- Sturdy aluminium housing that snaps onto TS 35 mounting rails, mounts onto the wall, IP 20
- Dimensions: 156 x 44 x 140 mm (HxWxD)
- Redundant power supply
- Approvals: CE, UL508
- Configurable via integrated web browser, Telnet or console
- Functions such as dial-on-demand, call-back, VPN, DNS etc.
- Ethernet RJ45 10 BaseT, max. segment lengths: 100 m
- LEDs to indicate analogue modem active, Ethernet active, power active, power malfunction
- Power 8 – 24 V AC / 10 – 36 V DC redundant,
- Ports: RS232, external ISDN, GSM or analogue modem, serial interface
- Protocols: TCP/IP, UDP, ICMP, PPP and VPN
- VPN tunnelled via TCP or UDP; 128-bit Blowfish encryption, freely selectable ports, automatic key exchange.
- The functions dial-on-demand, call-back, DNS incl. reverse DNS / DynDNS, VPN, system logging
- Safety: integrated firewall, IP masquerading, port forwarding, port and address filter
- Integrated modem V.34 / 56 Kbps
- Operating temperature: 0 to 60° Celsius.
This product information
is expired!
Use our search-function for current products ...
is expired!
Use our search-function for current products ...
