About Us SupportDistribution SiteMapHome
Hubs

Switches

Media
Converters

UL 1604

Industrial
Ethernet U

Wednesday, May 14, 2008

Securing Ethernet Communication



Sometimes an issue arises regarding the security of Industrial Ethernet communications. For example, security could be a major concern when Industrial Ethernet messages travel over the same network infrastructure accessible by BAS (Building Automation Systems), office personnel or IT staff. A simple way to provide the needed security is to use a VLAN (Virtual Local Area Network).

A VLAN restricts communication to stations that are VLAN members — non members are not privy to VLAN conversations. There are two basic types of VLANs: Port VLAN and Tagged VLAN (IEEE 802.1Q). Port VLAN, available on some configurable or smart switches, is simple to implement but has limited utility because its area of control is the set of devices attached to a specific switch port. Tagged VLAN, a feature of almost all managed switches, can extend VLAN membership through many switches to stations separated by considerable distances. Therefore, Tagged VLAN is almost always the best choice for Industrial Ethernet security.

Tagged VLAN works by embedding a code segment (the tag) within each Ethernet message. Membership information in the tag allows the message to be sent to only those stations that belong to the VLAN. For this scheme to work, each VLAN member station must attach to an appropriately configured managed switch that has VLAN functionality enabled. But the total communication path could contain unmanaged switches at points where VLAN decision-making would be unneeded.

Typically, a managed switch can accommodate several VLANs, each with its own set of members grouped according to whatever criteria are relevant in the Industrial Ethernet strategy. Thus, configuration of VLANs can generally be as simple or as complex as the situation demands.

Beyond security, other issues arise from mixing Industrial Ethernet with BAS or office networks. BAS traffic can consume a significant portion of available bandwidth. The same can be true of Internet data transfers. VLANs also help in managing the levels of such traffic — segregating bandwidth hogs (Internet downloads and security camera video) from other traffic.

For more information about VLANs, see this document:

posted by Bill Greer @ 3:57 PM   0 comments

0 Comments:

Post a Comment

<< Home

Comments Contact Us   ©2001-2006 Contemporary Control Systems, Inc. All rights reserved.