Benefits of Industrial VLANs

Isolation – VLANs isolate network traffic to accommodate differences in operational needs.

Simplicity – As networks grow, they can turn into difficult to manage monsters. By segmenting networks, VLANs make them easy to understand, change, and troubleshoot.

Speed and Performance – VLANs reduce delays, also called latency, by reducing the size of the collision domain. Broadcast traffic is reduced, since it doesn’t go past its own VLAN.

Scalability – A VLAN may be as small as a single port on one switch, or span any size organization.

Flexibility – Additions and changes are simple. Moving a user to a different VLAN is just a matter of reconfiguring the port. And different operating systems can coexist on a single network, as long as each is on its own VLAN.

Cost – Subdividing networks using VLANs saves money over buying separate physical networks.

Security – Securing data is a great reason for using VLANs. Also, as priorities change, they can be adapted to the situation. For example, an IT department’s security protocols may differ from the manufacturing department, where reliability is often more important than security. While they don’t guarantee security, data from one VLAN can’t accidentally leak to another, regardless of shared cables, networks, routers or switches.

Special Applications – VLANs may be required wherever bandwidth or operational concerns create conflicts with other areas.

Port Or Tag VLAN?

Port based VLANs are suitable for smaller settings. As the name implies, ports are assigned to VLANs, and all users on a single port are members of the same VLAN. This allows the separation of office computers from industrial electronic devices.

IEEE 802.1Q Tag VLANs are so called because a “tag” or header is added to data packets to identify which VLAN they belong to. The 802.1Q standard specifies how VLANs manage data flow across multiple switches.

Figure 2. IEEE 802.1Q Tag VLAN Header

VLAN Trunking – When more than one switch is involved, one port on each switch (a trunk port) communicates VLAN information to the other switches involved. The links between switches (trunk links) not only communicate where each link of a VLAN is located, they also transmit the actual data between switches, which is then delivered to the appropriate port and
device.

Trunking, when used regarding VLANs, refers to the combined connections and software that make switches and VLANs interconnect smoothly. GARP VLAN Registration Protocol (GVRP) is the standards based system used by many manufacturers. VLAN Trunking Protocol (VTP) is a proprietary system used when only Cisco switches are involved. Both accomplish the same thing.

Applications

User types, departments or operations may all be reasons to segment the network into VLANs. For example, a factory automation network has greatly differing needs from the building automation, office, IT or human resource network. Even within the industrial side of things, there may be no need for the operator interface, vision, motion or other systems to be on the same VLAN.

Here are some other advantages of segregation:

* A VLAN can isolate office and other network traffic from the factory automation network, eliminating the chance that outside traffic can flood and interfere with time critical control communications.
* Inventory control with Radio Frequency Identification (RFI) creates huge data streams. A VLAN limits this data to where it is needed. Video surveillance and other systems may also use lots of bandwidth and require a separate VLAN.
* Security is often the top priority for the IT department, while reliability is for manufacturing. Since these concerns may conflict, it just makes sense to be on separate VLANs.
* Functional differences may warrant separate VLANs, such as network management and monitoring.
* Groups of users in three separate buildings can all be part of the same VLAN, and at the same time, be completely isolated from all unnecessary traffic. Taken further, VLANs can be securely scaled beyond a single location, over a Wide Area Network (WAN) link if necessary.