27 www.drivesncontrols.com October 2024 INDUSTRIAL NETWORKING n to 4,095) in the VLAN tag. Ports can be either access ports or trunk ports. Host devices are connected through access ports, which are part of a single VLAN, as is the case in this example. Trunk ports are those that can be assigned to many VLANs. To transport traffic for many VLANs over a single physical connection using network equipment such as switches or routers, we usually create a VLAN trunk, which is a link or connection that can carry multiple VLANs simultaneously. Known as inter-VLAN routing, this involves creating sub-interfaces for each VLAN on a router and assigning IP addresses to them. As a company expands, new segments can be added easily to the same network, or old ones reconfigured without needing to disrupt the entire network or to invest in additional hardware. VLANs enable a network to scale swiftly and cost-effectively. VLANS in ICS In industrial control systems (ICSs), it is not uncommon to have hundreds of connected I/O devices, such as RTUs, PLCs, sensors, HMIs, relays, and servers for applications, engineering, front-end and archiving. As the number of devices connected to an ICS increase, the volume of broadcast messages soars to the point at which it starts to consume more of the processing bandwidth of the devices, causing congestion and impeding network performance. In a challenging environment of this sort, VLANs emerge as a key tool in your network arsenal, meeting the dual needs of network administrators for traffic management and security: n ICS traffic management ICS responsiveness and operational productivity are directly impacted by the efficiency of network traffic management. By segmenting a network, VLANs reduce unnecessary broadcast traffic, which can be especially disruptive in ICS environments. As a result, vital applications can run more smoothly on the network and experience less congestion. Real-time control systems depend on the prompt transmission of control commands and real-time data, which is made possible by the ability to prioritise traffic for vital systems via VLANs. n ICS cybersecurity By dividing a physical network into many isolated virtual networks, VLANs help to enforce cybersecurity policies, regulate access and restrict the spread of malicious activities to a limited area by establishing virtual boundaries. An ICS typically has a multitude of different systems and devices, all with varying levels of sensitivity and security requirements. An administrator can tailor security measures to the differing needs of each segment, improving security without compromising the network’s operational efficiency. Additionally, VLANs can be set up to limit access according to user roles and responsibilities, which lowers the possibility of insider threats or unintentional disruption of vital systems. Getting started For all their advantages, VLANs require more configuration and management than the subnetting or routing techniques that you may be more familiar with. A complete understanding of the network infrastructure and operating requirements of an ICS is necessary before implementing VLANs on it. Your first step is to assess the network, which includes identifying critical assets and figuring out the best approach to segment them using VLANs. Identifying network traffic patterns will show which devices need to communicate with each other. To prevent inter-VLAN routing delays, devices requiring real-time communications must be connected to the same VLAN. Remember, because VLANs are not limited by proximity or physical location, devices belonging to the same VLAN can be distributed throughout the ICS physical network and still function as though they are linked to the same local network switch. Striking a balance between satisfying every requirement and avoiding complexity could be your toughest task. VLAN configurations that are too complicated may be hard to manage and monitor, which could result in security flaws. Once in place, it is important to update and examine a VLAN configuration regularly. Changes in the ICS environment, such as the addition of new devices or the repurposing of existing ones, will require the VLAN setup to be adjusted. n VLANs are isolated virtual networks in a physical network infrastructure that act independently as self-contained networks with their own set of rules, security policies, network resources and broadcast domains VLAN-enabled managed Ethernet switches can help to partition networks of any size into logical isolated segments, without the hassle or cost of deploying new networking devices, relocating network nodes, or rewiring.
RkJQdWJsaXNoZXIy MjQ0NzM=