As the use of industrial Ethernet devices increases, network security, segment isolation, and packet priority control become increasingly difficult when using unmanaged switches. This is where a STRIDE managed switch becomes especially beneficial in an industrial network application. Supported features such as SNMP, IGMP, VLAN, QOS and network redundancy, allow networks to be configured and managed in a way that assures the highest performance levels for your applications.
|Stride Managed 5-Port Switch - Technical Manual|
Stride Managed 5-Port Switch - Data Sheet/a>
Stride Managed 8-Port Switch - Data Sheet/a>
|Enhanced traffic filtering:|
An unmanaged switch will filter out many packets from an end device that a hub would not but there are still many types of packets that an unmanaged switch cannot determine what to do with and must forward on to all ports. Whenever a device receives a packet that is not specifically targeted to that device, there is a certain amount of processing time that takes away from other important tasks that the device may really need to be spending time on.
These unintentional packets also get in the way of the packets that are intended for that device. This hurts the determinism of a process. A managed switch can help with this in several different ways:
Multicast Filtering (IGMP):
It is common in a control system to see a large amount of Multicast packets. These packets cannot be filtered out by an unmanaged switch. The Stride managed switch can intelligently learn whether certain Multicast packets should be sent to the devices on its ports and will filter them or not filter them appropriately.
A VLAN is a logical way to separate networks in ways that used to require physical separation. Because of existing network infrastructure or for ease of wiring (and reduced cost), it may be difficult to physically separate networks that need separation due to the type of packets that are on them. Setting up VLANs can simplify the setup for these situations.
Traffic Priority (QoS/CoS):
Some traffic may be more important to a specific device than other traffic. Using the Quality of Service feature, the Stride switch can apply tags to a packet coming into the switch to give that packet a higher priority going to another switch. The last switch will then remove the tag before sending the packet to the device. It can also use the tags applied to the packets by the devices themselves if they support this.
As Ethernet messaging becomes more of the standard for communications between devices in a control system, it may become more necessary to gain visibility to these types of communications. With hubs, it was possible to see the messages between devices because hubs broadcast every packet to all ports. Unmanaged switches took away this capability as they filter unicast packets to only the intended physical ports. Managed switches can help with this by utilizing the Port Mirroring feature. The Stride managed switch can also give you visibility in to the type of packets that are being sent across the switch by viewing the Network Statistics page in the configuration.
With the Port Mirroring feature you simply specify which ports data you want to view and where to send that data. Plug your PC into that port and use Ethernet sniffing software (such as Wireshark) and you can now see the data being sent back and forth.
By looking at what kind of packets that are coming in and out of the switch, you can determine what action needs to be taken to make your network work better. If you see a lot of Multicast traffic, utilize the Multicast Filtering feature. If there are lots of broken packets, troubleshoot the wiring to determine where the problem lies.
The downside of any Ethernet switch is the simple fact that it is another electronic component in the system that could be subject to failure. There is also the risk that as a network grows and more switches are added to it, a ring may accidentally be created causing the network to go down. Utilizing the Spanning Tree and/or Real-Time Ring feature of the Stride managed switch can reduce these risks.
The Spanning Tree protocol simply allows you to purposely create a ring that allows for multiple, redundant paths on the network but intelligently decides one path when the network comes up and assigns alternate paths if some part of the original path goes down.
The Rapid Spanning Tree Protocol is the preferred method in the industry today as the manner in which it decides the original paths and the time in which it changes over to alternate paths is much, much faster than the original Spanning Tree Protocol. It is really only useful to enable the older STP if your legacy network requires this protocol. The RSTP feature is enabled by default.
Real Time Ring:
In many Control Systems, the time it takes for the RSTP algorithm to change paths upon some network event is too slow. The Real-Time Ring is proprietary to the Stride managed switches but it has the advantage of changing paths very, very quickly.
Network security has become a great concern for facilities these days. And while the network devices themselves are only one part of a network security strategy, the Stride managed switches have several security features:
In the Port Settings setup, you can disable ports that are not being used. This can limit unauthorized access.
There are several different methods of enabling security in the switch. There are security methods to prevent access to the switch (Remote Access Security), you can determine which devices can connect to the switch (Port Security MAC Entries) and you can enable encryption for data going between switches (IPsec).
Remote Access Security:
You can disable access to the switch or implement secure pass-wording in order to access the switch.
There are many different methods that can be employed to encrypt the data going to or from the switch. The particular method (encryption protocol/algorithm) will most likely be determined by your network administrator.
Better Network Awareness:
The ability of the process to know when something is wrong with the network and what is wrong with the network is a great feature of the Stride managed switches. Your PLC or controlling device can make smarter decisions as to what alarms or fallback behavior to trigger based upon the different diagnostic data that is supplied by the switch.
Modbus Stats: If you have a controlling device on the network that has Modbus TCP or UDP client capability, there are several diagnostic tags that can be read from the switch to indicate the health of the network.
SNMP: SNMP stands for Simple Network Management Protocol and is used for just that. There are many software tools out there that can query or receive traps sent by the Stride managed switch to ascertain events or health of the switch.
Port and Power Status (Alarm Output): The Stride managed switch has two power inputs that can be used for redundancy. If one of the power inputs fails, there is a relay contact that can be configured to report this failure.
Spanning Tree Status: The switch can be configured to report when something in the Spanning Tree has changed.
Real-Time Ring Status: The Real-Time Ring status can be ascertained from other devices as well.
MAC Table: The switch keeps a table of the MAC IDs of devices that are communicating on it
|Industrial Ethernet PC Network Card & Cables|