Isolate traffic and users – Rockwell Automation 1783-BMxxx Stratix 5700 Ethernet Managed Switches User Manual User Manual

Rockwell Automation Publication 1783-UM004E-EN-P - June 2014

91

Switch Software Features Chapter 3

Isolate Traffic and Users

By using VLANs, you can isolate different types of traffic, such as voice and data,
to preserve the quality of the transmission and to minimize excess traffic among
the logical segments. You can also use VLANs to isolate different types of users.
For example, you can restrict specific data broadcasts to specific logical
workgroups for security purposes, such as keeping information about employee
salaries only on devices in a VLAN created for payroll-related communication.

An added benefit to using VLANs is to reduce the amount of administrative
effort required to constantly examine requests to network resources.

VLANs isolate parts of your network. Therefore, devices that are attached to the
switch ports in the same VLAN (network users in the same VLAN) can
communicate only with each other and can share the same data.

Devices attached to switch ports in different VLANs cannot communicate with
each other through the switch, unless the switch is configured for routing. A
Stratix 5700 switch, a router, or a Layer 3 switch must be configured to enable
routing across VLANs (inter-VLAN routing), and additional security policies
must be set.

If your network is also using a DHCP server, make sure that the server is
accessible to the devices in all the VLANs.

The following figure is an example network that uses VLANs based on different
network traffic and network users. Organizing a network around these factors
helps to define the size and membership of the VLANs in the network.

Figure 1 - VLAN Example

WAN/Internet

Router with
Firewall

VLAN 3

Switch C

Switch A

Switch D

VLAN 5

PC

MAC

VLAN 7

VLAN 9

Network

Management

Access
Point

Servers

Printer

Printer

Switch B

Guest

Guest