Guard Ethernet Control Networks

May 1, 2006
Three new features—rate limiting, port locking and overlapping VLANs—have been added to the vendor’s EISX_M, EICP_M and EISB_M managed switches in order to prevent risks to control networks when interconnecting office and factory Ethernet networks.

Rate limiting lets users select a maximum traffic level (from 64kB to 100Mbps) so normal communications will operate properly, even allowing the control network to function in the event that the office network has a catastrophic problem. Port locking, another method of controlling traffic that comes through the office network, limits what devices can communicate through a specific port of the switch. Overlapping VLANs enable a few devices to be shared between the office and control network. With this feature, office traffic is eliminated from the portion of the control network that does not need to communicate with the office network. If only a SCADA system needs to communicate with both the office network and the control network, for example, an overlapping VLAN can be used to keep office traffic from all control devices except for the SCADA system.