26 n INDUSTRIAL NETWORKING October 2024 www.drivesncontrols.com Virtual LANs: a real advance for control systems? Since the late 1990s, the virtual local area network, or VLAN, has been a crucial component of modern network strategies. Before the development of the VLAN, network engineers had to create multiple networks and build physically separate LANs whenever an organisation needed to partition and isolate multicast network traffic. VLANs enabled engineers to group end-stations into segments at the data link layer, essentially portioning a single physical LAN into multiple logical or virtual LANs, each with their own broadcast domain. Consequently, broadcast messages could be constrained to a limited number of devices, facilitating granular access control over who could access what within the network. Today, VLANs are used widely in mid-tolarge commercial networks to ease traffic congestion, improve network security, and to simplify network configuration, administration and expansion. Like many networking techniques, VLANs have found their way to industrial facilities. In this article, I'll examine the many advantages VLANs can bring to industrial environments. What is VLAN? Put simply, VLANs are isolated, virtual networks within a physical network infrastructure. Each VLAN acts independently as a self-contained network with its own set of rules, security policies, network resources and broadcast domains. Devices are grouped into a VLAN based on factors such as department, function or security requirements. To illustrate the concept better, let's consider the example of a small manufacturing company. Assume that the company’s single physical LAN is segmented into three isolated VLAN networks: one each for production, sales and accounting. For simplicity’s sake, we are also going to assume that each of these three departments has two network devices that need to be connected to the company’s 12-port VLANenabled managed switch. VLANs can take various forms depending on operational needs. Port-based VLANs – the most popular type – group devices based on their physical connection to a network switch. A more flexible method is provided by MAC-address-based VLANs, which divide the network according to the MAC address of the device. Though less common, protocol-based VLANs offer network protocol-based segmentation, enabling more precise traffic control. For this example, we are using a portbased VLAN implementation. Here, the network administrator accesses the switch’s management interface to create new VLANs – for example, VLAN 10 for production, VLAN 20 for sales and VLAN 30 for accounting – and then assigns two relevant ports of the 12-port switch to one VLAN for each department. The administrator then plugs each device from the three departments into their assigned VLAN port and associates them with their corresponding VLAN ID. To mark messages as VLAN traffic, the switch inserts a VLAN tag into the frame of the IP layer header. Each VLAN has a unique VLAN ID, which is an embedded 12-bit value (from 1 Virtual local area networks are well-established in the IT sector, but do they offer potential benefits for the industrial control industry as well? Henry Martel, a field application engineer with Antaira Technologies, argues that they do.
RkJQdWJsaXNoZXIy MjQ0NzM=