Presentation is loading. Please wait.

Presentation is loading. Please wait.

Networks and Security Great Demo

Published byMargaret Stokes Modified over 8 years ago

Similar presentations

Presentation on theme: "Networks and Security Great Demo"— Presentation transcript:

1 Networks and Security Great Demo
Stratix 5700

2 Demo 1 – Network Address Translation (NAT) in Layer 2 Architecture
?

3 NAT Implementation in a layer 2 vs. Layer 3 Device
Typically a software implementation NAT device acts as the default gateway (router) for the devices on the inside network NAT device will intercept traffic, perform translation, and route traffic Translations are handled by the NAT CPU Performance of translation directly tied to the loading of the NAT CPU Hardware based implementation NAT device does not act as a router and utilizes 2 translations tables – inside to outside & outside to inside Performance is at wire speed throughout switch loading Supports multiple VLANs through NAT boundary enhancing segmentation flexibility (Communication between VLANS requires a separate layer 3 device) *Layer 2 NAT is available only in the Stratix 5700

4 Demo 1 - Applying NAT using the Layer 2 Stratix 5700
4 – Specify the Public to Private address translation. 3 – Specify the Private (smaller “inside” network) to Public (larger “outside” network) address translation. 2 – Open the NAT tab and add a new instance 1 - Inside the Studio 5000 project open the AOP for the Stratix 5700

5 Demo 1 – NAT in action

6 Demo 2 – Network segmentation using VLANs
Every broadcasting device sends frames to every corner of the Network.

7 Demo 2 – Affected equipment
Red line is communications with PAC Blue line is broadcast traffic Circled spikes take traffic over 600 frames a second, causing failures in this particular case

8 Demo 2 – Solution, segment network with VLANs
A router or layer 3 switch breaks up broadcast domains, limiting the reach of broadcast frames

9 Demo 2 – Solution, segment network with VLANs
The effect of network broadcast are nearly negligible.

10 Demo 2 – Applying Network segmentation using Stratix 5700
5 – Enable routing in the device manager 4 – Assign VLANs to switch ports 2 – Select the Smartports and VLANs tab and click on New VLAN 1 – Inside the Studio 5000 project, open the AOP for the Stratix 5700 3 – Create VLAN10 and VLAN20

11 Demo 3 – Zone security In order for the production line to request delivery of steam or air, its controls need to communicate to the utilities supplier controls. The protocol they use to communicate is CIP. All other traffic going to or coming from this zone should be restricted. For situation where we want to restrict network traffic between certain areas (zones) of our plant. Like in the case, illustrated here, where company XYZ has its utilities like steam and compressed air managed by a third party vendor. The solution is implementing a Stratix 5900, which is a services router that can be used as a zone-based policy Firewall. CIP traffic like: Open steam valve Current steam pressure: 40PSI Any traffic not explicitly allowed

12 Demo 3 – Zone security result
Ping, blocked HTTP, forbidden RSLinx (CIP) allowed

13 Demo 3 – Applying Zone Security with the Stratix 5900
2 – Assign the VLANs to inside and outside zones 1 - Open the Stratix 5900 Configurator software and add 2 VLANs to differentiate between internal (inside) and external (outside) traffic.

14 Demo 3 – Applying Zone Security with the Stratix 5900
3 – Create two user defined Port to application mappings One for CIP Class 1, used for example for Logix Controller I/O and produced and consumed data transfers And one for CIP Class 3, used for example for RSLinx communications between Studio 5000 and the Logix Controller

15 Demo 3 – Applying Zone Security with the Stratix 5900
4 – Create a firewall policy that implements rules which enforce the user defined CIP port to application mappings we just setup

16 Demo 4 – Wireless communications
As a WGB, the Stratix 5100 operates in the WLAN as a single wireless client of an access point (root AP). The WGB learns MAC addresses of its wired clients on the Ethernet interface and reports them to the root AP In autonomous mode, the Stratix 5100 can function as: In Access Point mode, the Stratix 5100 is accepting connections from wireless client. Access Point (AP) Or Workgroup Bridge (WGB)

17 Demo 4 – Configuring the Stratix 5100 as a Wireless Access Point
1 – Log into the Stratix 5100 device manager and configure basic settings like AP IP address and Host name And SSID

18 Demo 4 – Configuring the Stratix 5100 as a Wireless Access Point
2 – Enable encryption … And apply WPA to the SSID

19 Demo 4 – Configuring the Stratix 5100 as a Wireless Access Point
3 – Enable the radio

20 Demo 4 – Configuring the Stratix 5100 as a Wireless Access Point

Download ppt "Networks and Security Great Demo"

Similar presentations

Ethernet Switch Features Important to EtherNet/IP

Ethernet Switch Features Important to EtherNet/IP
Hub A hub is a device that connects PCs together All hubs Contain multiple access ports the hub simply forwards the packets to all the other devices connected.

Hub A hub is a device that connects PCs together All hubs Contain multiple access ports the hub simply forwards the packets to all the other devices connected.
Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC 4550.020.

Computer Networking Components Chad DuBose ~ Assignment #3 ~ LTEC
LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
1 Inter-VLAN routing Chapter 6 CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino.

1 Inter-VLAN routing Chapter 6 CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino.
Security Awareness: Applying Practical Security in Your World

Security Awareness: Applying Practical Security in Your World
Wi-Fi Structures.

Wi-Fi Structures.
Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –

Networking DSC340 Mike Pangburn. Networking: Computers on the Internet  1969 – 4  1971 – 15  1984 – 1000  1987 – 10,000  1989 – 100,000  1992 –
Networking Components

Networking Components
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 8: Virtual LANs (VLANs)
Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.

Mr. Mark Welton.  Three-tiered Architecture  Collapsed core – no distribution  Collapsed core – no distribution or access.
Networking Components Chad Benedict – LTEC 4550 1.

Networking Components Chad Benedict – LTEC
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.

NETWORKING COMPONENTS Zach Avis. Hub A hub is a low cost way to connect two computers. A hub can also act as a repeater. When a signal comes from one.
Basic Networking Components

Basic Networking Components
Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.

Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.
Networking Components

Networking Components

Similar presentations

Ads by Google