Connecting a Cozy with machine network and WAN the same

Ewon Support
#1

Hi Support,

I have a customer who is going to be using an eWON at their facility that is being built around their machine. Their machine has several hardware components and most of them have ssh availability so that their lead software engineer can connect remotely through their network. The PLC that my software runs on cannot handle this SSH connection as it uses a proprietary communication to talk to PCs. Therefore, as with many other machines I have worked on, we are using an eWON.

The problem is that with the setup, the PLC and all other components of their network have to be on the building network so that they can all talk to each other and the software engineer can remote in. The Cozy seems to not allow the WAN and LAN ports to be connected to the same network as is found when attempting to establish internet connection with the Cozy when the IP address of the WAN is being set in the same subnet as the IP address of the LAN.

Is there a way around this?

Thanks,
Chad

#2

Unfortunately the WAN/LAN will need to be in different subnets. With the eWON units, you have to remember that they are at their hearts routers. Inherently, routers cannot have both interfaces in the same network or there is nowhere to route.

Typically, if a user wants the LAN devices available on their WAN network then they use our NAT 1:1 feature to map the LAN IP to the WAN. Another option is adding another router before the Ewon’s WAN.

Option 1 - NAT 1:1

This will NOT resolve an IP conflict but allows for your device to be accessible on the WAN when the eWON’s LAN & WAN are not in the same subnet (required).

1-mceclip0
1-mceclip0723×419 132 KB

How to enable NAT 1:1 on Ewon Cosy

The parameter is accessible from

SETUP > SYSTEM > COMMUNICATION> NETWORKING> ROUTING> ENABLING> SET IP> UPDATE

2-mceclip2
2-mceclip21189×674 92.9 KB

:warning: WARNING
Check with the IT department what IP addresses are available and can be used for the NAT 1:1 feature. As these IP addresses are not assigned by the DHCP server, it might come in conflict with other devices on the site’s LAN.

How to adapt the network security settings of the Ewon Cosy

To allow the Nat 1:1 feature on the Ewon, the security settings must be adapted as shown below:

SETUP > SYSTEM > STORAGE> TABULAR EDITION> EDIT COM CFG>
Set the WANItfProt to 2 (Allow all)
Set The FwrdToWAN to 1 (WAN IP forwarding allowed)

SAVE
Reboot the Ewon

3-mceclip3
3-mceclip31189×674 75.2 KB

:warning: WARNING
Keep in mind, the security setting are considering once the Ewon is restarted.

How to enable NAT 1:1 on Ewon Flexy

The parameter is accessible from

SETUP > SYSTEM > COMMUNICATION> NETWORKING> ROUTING> ENABLING> SET IP> UPDATE

4-mceclip4
4-mceclip41920×1057 183 KB

:warning: WARNING
Check with the IT department what IP addresses are available and can be used for the NAT 1:1 feature. As these IP addresses are not assigned by the DHCP server, it might come in conflict with other devices on the site’s LAN.

How to adapt the network security settings of the Ewon Flexy

To allow the Nat 1:1 feature on the Ewon, the security settings must be adapted as shown below:

SETUP > SYSTEM > STORAGE> TABULAR EDITION> EDIT COM CFG>
Set the WANItfProt
Set The FwrdToWAN

SAVE
Reboot the Ewon

5-mceclip5
5-mceclip51920×1057 134 KB

:warning: WARNING
Keep in mind, the security setting are considering once the Ewon is restarted.

Option 2 - Additional Router

If you are unable to change your WAN connection and your eWON LAN IP then you can install an inexpensive router before your eWON WAN. This would allow you to keep the same site subnet and eWON LAN subnet but would add a new subnet between the two for routing purposes. I’d suggest getting your IT department’s permission/support before installing the router as it may cause other conflicts if setup incorrectly. Since the eWON itself is a router, you could use a second eWON as described here: