EtherNet/IP to OPC UA gateway

In today’s rapidly evolving industrial landscape, data interoperability has become a cornerstone of digital transformation. With the proliferation of smart factories, IIoT (Industrial Internet of Things), and edge computing, businesses need systems to seamlessly connect shop-floor devices with enterprise IT and cloud systems.

Two dominant but distinct protocols shape this challenge:
• EtherNet/IP: Developed by Rockwell Automation, it’s widely used for real-time control in discrete manufacturing. Built on standard Ethernet and the Common Industrial Protocol (CIP), it’s optimized for performance, device profiles, and deterministic communications.
• OPC UA: The modern, secure, platform-independent standard for data modeling, interoperability, and integration between OT and IT layers, enabling scalable architectures and rich information models.

While EtherNet/IP excels at controller-level communication (PLCs, drives, sensors), OPC UA provides the semantically rich, secure interface needed to link control systems with MES, SCADA, cloud analytics, and digital twins.

EtherNet/IP–OPC UA gateways bridge these two worlds by enabling data from Rockwell PLCs (e.g., ControlLogix, CompactLogix) to flow securely and contextually into OPC UA ecosystems.

Why Bridge EtherNet/IP and OPC UA?

Unlock Data Silos

Manufacturing environments often rely on EtherNet/IP-connected devices. Without a gateway, data is locked within Rockwell’s ecosystem, requiring proprietary tools or middleware for access. Gateways free this data for SCADA, MES, and IIoT platforms via standard OPC UA interfaces.

Modernize Without Replacing

EtherNet/IP is deeply entrenched in discrete manufacturing, especially in automotive, packaging, and assembly lines. Gateways allow manufacturers to modernize data architectures without replacing existing PLCs or networks.

Enhance Security & Standardization

EtherNet/IP lacks end-to-end encryption, and older controllers rely on basic authentication. OPC UA provides robust, standards-based security—TLS encryption, X.509 certificates, and user roles—meeting modern cybersecurity requirements.

Enable Cloud and Edge Integration

OPC UA’s compatibility with MQTT, AMQP, and REST makes it the ideal gateway for cloud-ready applications, enabling integration with AWS IoT, Azure IoT, or Google Cloud

How an EtherNet/IP–OPC UA Gateway Works

A gateway performs three critical tasks:
*EtherNet/IP Client: Establishes CIP connections to PLCs, reads/writes tags, scans device profiles, and interprets control data.
*Data Modeling & Mapping: Transforms flat tag structures into hierarchical, semantically meaningful OPC UA Objects, Variables, and Events.
*OPC UA Server: Publishes mapped data to OPC UA clients, offering secure, contextualized access.

Data flow example:
• A ControlLogix PLC exposes a tag Motor1.Speed on EtherNet/IP.
• The gateway’s EtherNet/IP client reads this tag cyclically (e.g., 100 ms).
• The gateway maps it to an OPC UA variable node /Plant/Line1/Motor1/Speed.
• OPC UA clients subscribe to Speed, receiving secure, event-driven updates.

Gateways also support:
• Bi-directional communication (write tags to PLCs)
• Metadata conversion (data types, engineering units, ranges)
• Diagnostics for connection health, latency, and error codes

Hardware Gateways

DIN-rail devices designed for industrial environments, typically with:
• Dual Ethernet ports (segregate control and IT networks)
• Embedded EtherNet/IP and OPC UA stacks
• Industrial-grade certifications (CE, UL, IECEx)

Advantages:
• Robustness
• Simplified deployment
• Lower maintenance

Disadvantages:
• Fixed scalability
• Limited processing power for edge analytics

Software Gateways

Applications installed on industrial PCs, edge servers, or VMs.

Advantages:
• Flexible deployment (on-premise or cloud)
• Scalable for large tag counts or complex data transformations
• Easier integration with analytics tools

Disadvantages:
• Requires separate hardware
• Maintenance of OS and updates

Hybrid Edge Solutions

Modern gateways combine EtherNet/IP, OPC UA, and edge processing with container-based workloads or lightweight ML inference.

Example: Run a Python script on the gateway to detect anomalies, forward only relevant OPC UA events to cloud, reducing bandwidth.

Core Features of a Gateway

Features: Why it Matters
Tag Browsing
Automatically discover PLC tags for mapping to OPC UA
CIP Identity Support
Identifies connected devices by manufacturer & profile
Data Type Conversion
Ensures BOOL, DINT, REAL, STRING match OPC UA types
Hierarchical Modeling
Create structured OPC UA nodes (e.g., Plant/Line/Device)
User Access Control
Define read/write permissions per OPC UA user
Secure Communication
TLS encryption & certificate management
Event Alarms
Convert PLC faults into OPC UA Events
Historical Buffering
Local buffering of values during connectivity loss
Diagnostics Dashboard
Monitor CPU, memory, network traffic, PLC/gateway health
High Performance
Support thousands of tags with low latency updates
Multiple Client Support
Allow many OPC UA clients to subscribe concurrently
Edge Analytics
Local scripts or rule engines for pre-processing
Redundancy
Failover mechanisms for mission-critical systems

Configuring a Gateway: Practical Steps

Network Configuration
• Assign gateway Ethernet ports (e.g., 192.168.1.x for OT; 10.0.0.x for IT)
• Enable VLANs to separate control and business networks
• Configure firewall rules to limit exposure

EtherNet/IP Setup
• Set up gateway as EtherNet/IP client
• Provide PLC IP, slot number (ControlLogix/CompactLogix), and session parameters
• Define scan rate per tag group

OPC UA Server Configuration
• Set endpoint URL (e.g., opc.tcp://10.0.0.100:4840)
• Choose security policies (Basic256Sha256 recommended)
• Generate and manage certificates
• Create OPC UA user accounts with role-based permissions

Tag Mapping
• Browse PLC tags automatically or import tag list from RSLogix/Studio5000
• Group tags logically for OPC UA hierarchy
• Map metadata: units, ranges, descriptions

Validation & Testing
• Connect to the gateway with an OPC UA client (e.g., UaExpert, Prosys)
• Verify tag updates in real-time
• Perform write tests (if bi-directional control needed)
• Check event subscriptions if alarms are configured

Commissioning
• Lock configuration with admin password
• Set up monitoring (SNMP, OPC UA Events, Syslog)
• Document configuration for future maintenanc

Real-world Applications

Automotive Manufacturing

EtherNet/IP-based assembly lines integrate via gateways to a central OPC UA SCADA system, enabling unified visualization, downtime analysis, and OEE tracking across multiple production lines.

Food and Beverage

Rockwell PLCs manage mixers, conveyors, and bottling; gateways feed real-time data into MES and cloud-based predictive maintenance, reducing unexpected downtime.

Packaging Lines

EtherNet/IP drives and sensors report performance metrics to OPC UA dashboards, allowing instant adjustments for optimal throughput.

Pharmaceutical Manufacturing

Gateways enable OPC UA-based batch recording for regulatory compliance (FDA 21 CFR Part 11), linking EtherNet/IP-controlled processes to electronic batch records.

Energy and Utilities

EtherNet/IP-based MCCs (motor control centers) expose motor health data through OPC UA for integration with enterprise asset management systems, enhancing condition monitoring.

Challenges in Implementation

CIP Complexity

EtherNet/IP’s complex tag addressing and data types can make mapping challenging. Arrays, user-defined types, and nested structures require careful translation to OPC UA Objects.

Real-Time Performance

Fast control applications (<10 ms cycles) can be impacted by gateway polling latency. Gateways should support optimized polling or event-based updates.

Security Risks

Opening control networks to OPC UA increases attack surface. Secure deployments must include:
• Segmentation
• VPNs for remote access
• Certificate renewal policies
• Vulnerability management

Maintenance

Firmware updates are needed to patch security issues or bugs. Ensure gateways support OTA (over-the-air) updates or centralized management.

Legacy PLC Support

Older EtherNet/IP devices may have limited tag accessibility or use unsupported CIP profiles, requiring custom mapping or software workarounds.

Future Trends and Standards

OPC UA Pub/Sub

Pub/Sub enables event-driven, multicast updates with lower network load, supporting applications like motion control with tight timing requirements.

Time-Sensitive Networking (TSN)

EtherNet/IP and OPC UA are adopting TSN to achieve sub-millisecond deterministic communication on shared Ethernet networks, eliminating proprietary fieldbuses.

Companion Specifications

OPC UA’s domain-specific information models (e.g., PackML, Weihenstephan, Machinery) will allow gateways to auto-map EtherNet/IP data to standard OPC UA objects.

Edge Intelligence

AI/ML modules in future gateways will enable anomaly detection, predictive maintenance, and process optimization directly at the edge.

Vendor Solutions Comparison

Vendor
Type
Highlights
Softing uaGate SI
DIN-rail hardware
Easy tag mapping, secure OPC UA, rugged
HMS Anybus X-gateway EIP-UA
Hardware
Flexible EtherNet/IP scanner + OPC UA
Kepware KEPServerEX
Software
Rich EtherNet/IP driver + OPC UA server
Prosys OPC UA SDK
Software SDK
Custom gateways for Linux/Windows
Matrikon OPC UA Tunneller
Software
Connects EtherNet/IP via OPC DA to OPC UA

EtherNet/IP–OPC UA gateways are essential tools for modernizing industrial automation, enabling secure, standardized, and semantically rich data exchange between Rockwell-centric control systems and modern IT/cloud platforms. They extend the life of existing investments, enhance security, improve visibility, and prepare plants for digital transformation.

Selecting the right gateway—hardware or software—requires balancing factors like scalability, security, performance, and integration needs. As standards evolve and technologies like OPC UA Pub/Sub and TSN mature, these gateways will continue to be vital in converging OT and IT, unlocking new levels of efficiency, safety, and competitiveness.

ANC-300e: Ethernet/IP & Modbus TCP to Serial Modbus RTU, DF1 Converter
The ANC-300e has the combined performance as an Ethernet and RS-485 serial converter. The gateway behaves like a protocol converter/translator that allows difficult data interchanges and connections between incompatible networks. Protocols include:

RS485 serial Protocols:
Modbus RTU, Modbus Sniffer, A.O. Smith AIN, A.O. Smith PDNP, BACnet MS/TP Client, BACnet MS/TP Server, TCS Basys Master, MSA Chillgard Monitor, DMX 512-Master, DMX-512 Slave, M-Bus Master, Metasys N2 Master, Metasys N2 Slave, Siemens FLN Master, Siemens FLN Slave, Sullair Master, Toshiba ASD Master, Toshiba PLC Master, DF1.

Ethernet Protocols:
Ethernet/IP Client/Server, AB CSP Ethernet Client/Server, Modbus TCP/IP, Profinet IO, BACnet/IP BBMD, BACnet/IP Client, BACnet/IP Server, Baumer VeriSens Client, CC-Link IE SLMP Client, MELSEC Client/Server, Generic Socket Client/Server & GreenFumeHood Client, Modbus TCP.

ANC-300e is an easily configurable Ethernet / RS-485 converter gateway, that provides integrated communication between all the above common industrial and commercial communication networks. As part of the ANC Gateway Converter Series, the ANC-300e provides a common platform which is convenient and easy to setup in all products.

The Automation Network ANC-300e Ethernet & Fieldbus Gateway Converter allows data to be seamlessly transferred between Ethernet to Ethernet and Ethernet to RS-485 networks with simple configuration.

Coming Soon: Need to get data from your EtherNet/IP or Modbus TCP/IP-based devices to your OPC UA clients? This ANC-300e additional functionality is coming shortly.