Rockwell Automation Ethernet Design Considerations Reference Manual User Manual

Page 43

Advertising
background image

Rockwell Automation Publication ENET-RM002C-EN-P - May 2013

43

Ethernet Infrastructure Features

Chapter 3

A security policy can call for limiting access of factory floor personnel, such as a
vendor or contractor, to certain areas of the production floor, such as a functional
area. Segmenting these areas into distinct VLANs greatly assists in the application
of these types of security considerations.

All level 0…2 devices that need to communicate multicast I/O between each
other must be in the same LAN. The smaller the VLAN, the easier it is to manage
and maintain real-time communication. Real-time communication is harder to
maintain as the number of switches, devices, and the amount of network traffic
increase in a LAN.

Typically control networks are segmented from business networks. You can also
segment networks based on function, logical layout, and traffic types. Choose
from the following options to segment control.

Table 7 - Segment Control Options

Segmentation Option

Description

Physical isolation

Physically isolate networks
Each network is a separate subnet creating clusters of control
No IT involvement

ControlLogix® gateway

A separate ControlLogix EtherNet/IP bridge module is dedicated to each subnet
The chassis backplane provides isolation of Ethernet traffic
Only CIP traffic can be shared between subnets
No IT involvement

VLANs

Ports on a managed switch are assigned to a specific VLAN
Data is forwarded to ports within only the same VLAN
Can require IT involvement

VLAN 10

VLAN 102

VLAN 42

Advertising
See also other documents in the category Rockwell Automation Equipment: