gateway icon  PRODUCT SELECTOR:

Connect Your:

To:

RTA's Blog

What Control Engineers Need to Understand about VLANS

Posted on by John S Rinaldi
controls engineers and VLANs
14
Jul

This is another in my series of blogs and videos for factory floor engineers. In this article, we’ll look at VLANs – a concept that many in manufacturing find it difficult to understand even though it isn’t as complex as it seems at first glance. A previous article in this series described the prime reasons why we use VLANs on the factory floor:

Performance – VLANs constrain the size of broadcast domains resulting in less traffic in each VLAN and better, more deterministic network performance. In large work cells, it is not uncommon to have hundreds of I/O devices. With the advent of more and more EtherNet/IP devices and some of the IoT devices being added to the control network, the size of these manufacturing cells is continuing to grow. Broadcast traffic – messages to every device on the network – consume a significant portion of the network bandwidth and processor resources for simple devices with limited resources.

Security – VLANs improve the security of manufacturing systems by making it more difficult (but not impossible) for someone gaining access to a network to discover and access prohibited devices. Should an intruder access an open port assigned to a VLAN, the intruder would be restricted to devices in that VLAN and may not as easily access other, more important, devices in other VLANs.

Network Management – A VLAN can be used to restrict manufacturing network traffic to the control system and not leak it into the Enterprise network.

Device Management – VLANs make it possible to group devices that are part of the same machine component together: a welding system, a PLC, and all its I/O, all your switches, or any other group of devices that make sense to tie together in your control system.

What is a VLAN? A VLAN is a group of devices selected to form its own Broadcast Domain. In an earlier article, we learned that a broadcast domain is simply the set of devices that receive broadcast messages such as the messages generated by the Address Resolution Protocol (ARP). Without VLANs, broadcast messages propagate to all the switches and devices connected to a port on a router as broadcast messages are never passed by a router, as shown in the following figure.

control engineers vlans

Figure 1 – With no VLANs, the router forms two broadcast domains

When VLANs are defined, broadcast messages can be constrained to a limited number of devices. In the following figure, broadcast messages are limited to the devices in the domains of the four VLANs.[1]

vlans for control engineers

Figure 2 – Four VLANs constrain traffic to those domains

What’s interesting, and a very important point about VLANs is that the devices in a VLAN have no awareness of being in the VLAN. A PROFINET IO device, a Modbus to EtherNet/IP gateway, or any other device operates exactly the same whether it is in a gateway or not. As we will see in the next article on this topic, VLANs are defined by the switches (managed switches), and devices are completely unaware if they are in a VLAN or not.

[1] These drawings are simplified for the novice reader.

Avatar photo
John S Rinaldi

John Rinaldi is Chief Strategist, Business Development Manager and CEO of Real Time Automation (RTA). After escaping from Marquette University with a degree in Electrical Engineering, John worked in various jobs in the Automation Industry before once again fleeing back into the comfortable halls of academia. At the University of Connecticut, he once again talked his way into a degree, this time in Computer Science (MS CS). John is a recognized expert in industrial networks and the author of six books: Modbus: The Everyman’s Guide to Modbus, OPC UA – Unified Architecture: The Everyman’s Guide to OPC UA, EtherNet/IP: The Everyman’s Guide to EtherNet/IP, The Smart Product Manager’s Guide to Industrial Automation Connectivity, The Smart Product Manager’s Guide to Connectivity in the Packaging Industry, and his latest, The Everyman’s Guide to Properly Architecting Ethernet/IP Networks.