블로그 9월 11, 2025

Technical Guide: Why you may need a NAT device for your OT Network and how to configure the Allen Bradley 1783-NATR

By Jordan Cota
NAT mapping diagram

A NAT device is useful when you find that integrating Programmable Logic Controllers (PLCs) into broader enterprise networks presents challenges, particularly concerning IP address management and network security.

The Glassdome Production Monitoring system depends on communicating between different machines, so we see this problem a lot. Here’s our guide to solving it with a NAT device.

(Cover image source: Rockwell Automation)

Why you may need a NAT device for your OT Network

Network Address Translation (NAT) devices offer solutions to these challenges by:

Preserving Existing IP Address Schemes:

Manufacturers often standardize IP address configurations across multiple machines for consistency and ease of deployment. Without NAT, integrating these machines into a plant-wide network would require reassigning unique IP addresses to each device to prevent conflicts—a process that is both time-consuming and error-prone.

NAT devices translate private IP addresses within the machine network to unique public IP addresses on the plant network, allowing the original IP configurations to remain unchanged.​

Segregating OT from IT Networks:

Separating OT and IT networks is crucial for enhancing security and ensuring reliable operations. By using NAT devices, the OT network remains isolated, minimizing exposure to potential cyber threats from the IT environment. This separation not only fortifies security but also allows for tailored management of each network segment, accommodating their distinct operational requirements.​

In summary, utilizing NAT devices enables organizations to integrate PLC networks into larger infrastructures without the complexities of IP reconfiguration and supports the critical separation of OT and IT systems, thereby enhancing both operational efficiency and security.

How to configure the Allen-Bradley 1783-NATR (NAT)

Initial Configuration of 1783-NATR Module

Understanding the 1783-NATR:

Functionality: Performs Network Address Translation (NAT) to allow communication across different networks.

Features:
  • It can translate up to 32 addresses.
  • Supports 10 communication ports by default:
    • ICMP (ping)
    • HTTP (port 80)
    • HTTPS (port 443)
    • Port 222 (Allen-Bradley I/O traffic)
    • Port 44818 (Class 3 communication for Allen-Bradley devices).
  • Allows up to 5 additional custom ports.

Physical Setup:

Power Up:
  1. Plug the NATR module into a power source.
  2. Connect your PLC to a private port on the module.
  3. Connect your laptop to another private port on the module.

Verify DIP Switch Settings:
  1. Default DIP switch settings: OFF-ON-OFF.
  2. This assigns a temporary IP address to the NATR: 192.168.1.1.

Laptop Configuration:

Ensure your laptop is on the same network as the NATR:
  1. Open the Ethernet Adapter Properties on your laptop.
  2. Assign a static IP (e.g., 192.168.1.10) and subnet mask (255.255.255.0) in the same range.

Access the NATR Web Interface:

Open a web browser and enter http://192.168.1.1.

Default credentials:

Username: admin

Password: Serial number (found on the side of the device or web interface).

On the first login:
  1. Change the password to a new one.
  2. Save changes.

Public IP Configuration:

Navigate to Configuration > Public Network:
  1. Enter the desired public IP address (e.g., 10.10.10.2).
  2. Click Apply Changes.
  3. Acknowledge any warnings about disruptions.

Private IP Configuration:

Navigate to Configuration > Private Network:
  1. Change the private IP address, if necessary (e.g., 192.168.1.2).
  2. Click Apply Changes.
  3. Note: The gateway address of connected devices (e.g., PLC) must match the NATR private IP.

Network Address Translation Setup:

Verify that NAT Enable is turned on (default setting).

Add a translation rule:
  1. Go to Add New Rule:
    • Public IP: Enter the desired public-facing IP (e.g., 10.10.10.11).
    • Private IP: Enter the current IP of the device (e.g., 192.168.1.11).
    • Provide a description (e.g., “PLC”).
    • Ensure the Enabled checkbox is checked.
  2. Save the rule.

Verify Connections:

Restart the NATR module to apply configuration changes:
  • Power cycle the device.

Ensure the status indicators show the following:
  • Green OK status light.
  • Active link lights for all connected ports.

Validate the PLC’s gateway settings:
  • Update the PLC’s gateway to match the NATR private IP (e.g., 192.168.1.2).
  • Save and apply the changes.

Testing Communication:

Switch your PC to the public network:
  • Change your laptop’s IP to be in the public network range (e.g., 10.10.10.x).

Plug the laptop into the public port on the NATR.

Use a tool like FactoryTalk Linx to verify:
  • Public IP and private IP mappings are visible.
  • Confirm communication between the PLC and external devices.

Troubleshooting Tips:

If the password is forgotten, use the DIP switches to reset the NATR to factory defaults.

Ensure the correct gateway is assigned to all devices on the private network.

Use the ping command to verify connectivity at various stages.
Need to speak with a manufacturing expert who knows their stuff?

Talk to someone at Glassdome. We’re here to help.

Contact

관련 자료 확인

What is Kaizen? Unlocking Continuous Improvement on the Shop Floor
What is Kaizen? Unlocking Continuous Improvement on the Shop Floor
읽기
Cycle Time and Lead Time: Understanding the Key Metrics for Efficiency
Cycle Time and Lead Time: Understanding the Key Metrics for Efficiency
읽기
A Buyer’s Guide to Production Monitoring Software for Small-to-Medium Sized Manufacturers
A Buyer’s Guide to Production Monitoring Software for Small-to-Medium Sized Manufacturers
읽기

최신 정보 파악

지속 가능한 제조업에 대한 전문적인 인사이트를 가장 먼저 확인하세요.

 

"*" indicates required fields

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.