Posted 4 Aug 2021 Scenario: You show up on site and the only knowns are Omron PLC and EtherNet/IP network. You have a laptop loaded with CX-One, an ethernet cable, and the ethernet port that is connected to a known EtherNet/IP Omron network (you can not see the PLC). I have previously worked with Siemens systems and used Primary Setup Tool and Proneta with wonderful results. Do similar tools exist for an Omron environment? Question: How to (relatively quickly) scan an EtherNet/IP network for connected devices without knowing their ip addresses? Share this post Link to post Share on other sites
Posted 4 Aug 2021 In CX-Programmer go to PLC -> Auto Online -> EthernetIP Node Online Select Ethernet IP Connection and then click Browse. Choose the Ethernet interface and click OK. This will browse the network for Ethernet devices Share this post Link to post Share on other sites
Posted 4 Aug 2021 20 minutes ago, photovoltaic said: In CX-Programmer go to PLC -> Auto Online -> EthernetIP Node Online Select Ethernet IP Connection and then click Browse. Choose the Ethernet interface and click OK. This will browse the network for Ethernet devices This requires the laptop's ip address to be within the subnet of the PLC, right? This works in a scenario where you at least know that subnet. My question is how do you figure out this information when nothing other than communication protocol and brand of PLC is given. Share this post Link to post Share on other sites
Posted 4 Aug 2021 Yes this is subnet-dependant. If you have a CJ2 EIP CPU it will flash it's IP address upon startup. What PLC(s) are in the panel? Share this post Link to post Share on other sites
Posted 5 Aug 2021 (edited) In this specific case it was a CJ2 EIP CPU, and this is exactly what I did. Power cycle to see ip address, change my laptop ip address to be within the subnet of the PLC, found the PLC ping suspicious ip addresses until I found the HMI. In my opinion this is not a very streamlined/efficient way to map the network and has a major issue. -You can't find the PLC address in a live production environment because you can't power cycle. My question is how do you figure out the ip address of the PLC/ HMI when nothing other than communication protocol and brand of PLC is given. (other than pinging every possible address using a program like Angry IP Scanner) Edited 5 Aug 2021 by crustyneon Share this post Link to post Share on other sites
Posted 5 Aug 2021 Assuming the HMI is an NS, you can touch two corners of the screen to bring up the system menu. From here you can navigate to the communications settings to get the HMI address and the HOST (PLC) address. I do the same for other manufacturers when it's possible. Share this post Link to post Share on other sites
Posted 5 Aug 2021 (edited) HMI tends to be Keyence or Weintek but nothing is a guaranteed. The networks on these systems tend to be pretty small so I came up with a solution that I should have thought of before posting the question. Solution: Use Wireshark to look through exchanged packets on the network and look for ARP Announcement. In the attached photos you can see the packet for the HMI shows the Source as Keyence, and the info contains the IP address. Likewise, the packet for the PLC shows the Source as Omron, and the info contains the IP address. As you can see the IP address of the laptop is in a different subnet. In conclusion, if you don't know who is there, listen to what they are saying. Edited 5 Aug 2021 by crustyneon Share this post Link to post Share on other sites
Posted 9 Aug 2021 Plug to PLC USB port, autoconnect, and read its IP address in the port setup (CJ units) or D1200,1201 (CP1 communication board). 2 people like this Share this post Link to post Share on other sites
