Control Network Newsletter

Newsletter Archives

Isolating Traffic Through the Use of VLANs

EISK8MAugust 2012 - As more and more automation networks are embracing IP-networks, system integrators are faced dealing with IT departments. An IT professional's worst nightmare is a security breach so if the intent is for the automation network to share the main information network there are going to be many questions from the IT department. Automation networks tend to generate more broadcast and multicast messages while requiring fixed IP address assignments. These are attributes not usually welcomed by IT departments. Perhaps it is better to run a separate network and not mix the information and automation networks. Certainly, this can be done but at greater expense. Another alternate is to use the Virtual Local Area Network (VLAN) approach where multiple networks can share the same physical IP network but are logically isolated from one another. It is an ideal approach when IP-based controllers, workstations and network servers need to attach to an existing structured wiring system with pre-wired Ethernet drops throughout the building or plant.

VLAN is a feature found in managed Ethernet switches but inexpensive managed switches such as the Skorpion EISK8M-100T provide VLAN support. With two or more logical networks contained in the same physical network, all traffic on an individual logical network – broadcast, multicast or directed – is constrained to that logical network. Therefore the unique needs of the automation network can be addressed without compromising the integrity of the information network or any other logical network.

Contemporary Controls authored an Extension article entitled Introduction to Virtual LANs several years ago and the information remains relevant. It discusses the concept of Port VLAN so that VLAN-unaware devices can attach to a VLAN as well as VLAN tagging that allow VLANs to traverse core switches.

For more information on the low-cost Skorpion EISK8M-100T managed switch, which can operate as either an edge switch or a core switch, visit the EISK8M-100T product page.

Previous Story

 

Next Story