Subnets and VLANs are two concepts that go hand-in-hand.
Best networking practice is a one-to-one relationship between VLANs and subnets.
Here are the top 10 things you should know about these critical components of Converged Plantwide Ethernet (CPwE) Design and Implementation:
- A Layer-2 network also refers to a subnet, broadcast domain and a virtual LAN (VLAN). Best practice is a 1:1:1 relationship between subnets, broadcast domains and VLANs. The Layer-2 network infrastructure devices in the Cell/Area zone are predominantly access switches.
- Layer-3 switches or routers are used in manufacturing environments. Layer-3 switches or routers forward information between different VLANs or subnets. They use information in the IP header (Layer 3) to do so. Regardless of the specific layer being connected, switches provide Industrial Automation Control System (IACS) networks with many of the safeguards realized by the natural separation inherent in existing IACS-optimized networks. Some switches promoted as Layer 2 switches also support limited routing capabilities, like static routing.
- Devices and controllers configured for multicast delivery need to be located within the same Cell/Area IACS network because these packets cannot be routed, meaning that any router will drop the packet before forwarding it outside the subnet/VLAN. Devices and controllers configured for unicast delivery, Implicit I/O or explicit messaging do not need to be within the same Cell/Area zone because that communication is routable.
- Logical segmentation is the process of outlining which endpoints need to be in the same LAN. Segmentation is a key consideration for a Cell/Area IACS network. Segmentation is important to help manage the real-time communication properties of the network while supporting the requirements defined by the network traffic flows. Security is also an important consideration in making segmentation decisions. A security policy may call for limiting access of plant floor personnel (such as a vendor or contractor) to certain areas of the plant floor (such as a functional area). Segmenting these areas into distinct subnets and VLANs greatly assists in the application of these types of security considerations.
- Network developers should strive to design smaller LANs or VLANs, while recognizing that the traffic patterns of an IACS may make this difficult if routing is required.
- Use VLANs in addition to any physical segmentation, and connect all Cell/Area LANs to Layer-3 distribution switches to maintain connectivity.
- Trunks are also an important concept when deploying VLANs. The inter-switch connections in a Layer-2 network deploying VLANs are referred to and configured as trunks because they carry traffic for multiple VLANs. The relevant standard is IEEE 802.1Q, which specifies VLAN tagging to carry multiple VLANs on Ethernet links between switches. IEEE 802.1Q is the prevalent and most often used standard.
- Management VLANs are also an important consideration when establishing a VLAN concept. In the IT and enterprise network, management VLANs are commonly used to access the network and IT infrastructure, separate from the data VLANs. If IT is involved in managing the IACS network, they may want to establish management VLANs on which only the network infrastructure has IP addresses.
- Two important considerations in designing a VLAN network are the use of VLAN 1 and the native VLAN. The native VLAN is the VLAN to which a port returns when it is not trunking. VLAN 1 is the default native VLAN on trunk ports on Cisco-based switches and therefore may use by a number of network infrastructure protocols.
- Define IACS devices to use a specific VLAN other than the native VLAN and VLAN 1; do not use VLAN 1 for any purpose. Some security threats assume that VLAN 1 is the default VLAN for data and/or management traffic and may target VLAN 1 in their attacks.
Article Source from http://www.industrial-ip.org/en/industrial-ip/convergence/vlans-and-subnets-10-things-you-need-to-know
More Related VLAN and Subnet Topics:
The IEEE 802.3 Power over Ethernet (PoE) standard sets the maximum power that can be sourced by data terminal equipment (DTE) at 30W. This power is sourced over two pairs out of the four twisted pairs of conductors in a Class D, or better, cabling as specified in ISO/IEC 11801:1995.
Cisco Universal Power over Ethernet (UPOE) is a Cisco proprietary technology that extends the IEEE 802.3 PoE standard to provide the capability to source up to 60W of power over standard Ethernet cabling infrastructure (Class D or better).
Why Should I Care About Cisco UPOE?
Power over Ethernet has long been hailed as the single most critical innovation that has revolutionized and expedited the adoption of IP telephony in the enterprise market segment. The power rating for electronic products is trending down through advances in semiconductor technology, and the cost of power itself is trending up. UPOE extends the benefits offered by PoE technology to a much wider range of devices due to the higher power envelope.
Some of the key primary benefits of UPOE are:
•Cisco UPOE offers high availability for power and guarantees uninterrupted services; a requirement for critical applications (e911).
•Cisco UPOE lowers OpEx by providing network resiliency at lower cost by consolidating backup power into the wiring closet.
•Cisco UPOE enables faster deployment of new campus access networking infrastructures by eliminating the need for a power outlet for every endpoint.
•Cisco UPOE, in combination with Cisco EnergyWise, helps meet corporate sustainability mandates while lowering energy costs.
What Applications and End Devices Does Cisco UPOE Enable?
Cisco UPOE simplifies network infrastructures, extends high availability for power (PoE resiliency), and delivers lower total cost of ownership for connected environments such as virtual desktop infrastructure (VDI), financial trading floor, enterprise workspace, conference rooms, hospitality guest suites, and retail. Partnerships with industry leaders and in-house development together have resulted in a variety of end devices that are compatible with Cisco UPOE. A few notable end devices are:
•Samsung integrated display VDI zero clients
•LG Electronic Monitor using UPOE Power Splitter
•BT, IPC and SpeakerBus IP Turrets
•Cisco Catalyst compact switches
•Personal Cisco TelePresence systems
•Building management and physical security device
What Primary Verticals Does UPOE Address?
UPOE and the associated partner ecosystem (Cisco Developer Network) provide solutions for the following verticals:
•Financial trading floor
•Enterprise facilities management
What Is the Effect of Cisco UPOE on Heat Dissipated Within the Cabling Infrastructure?
Cisco UPOE is an efficient mechanism for power delivery since it uses all the four twisted pairs of conductors within the Ethernet cabling to deliver power (as opposed to two twisted pairs used by PoE+). This effectively reduces the channel losses by half for the same power delivered over UPOE vs. PoE+. Moreover, the recommendation published by cabling standards — ISO/IEC and TIA/TR-42 as part of formal liaison communiqué with IEEE 802.3 — indicate that UPOE can be supported over the same standard cabling infrastructures that conform to PoE+ requirements.
On Which Switching Platform Is Cisco UPOE Being Introduced?
Cisco UPOE is being introduced on the Cisco Catalyst 4500E Series Switches, the most widely deployed modular access switching platform in the industry. The platform has time and again demonstrated leadership in this space, specifically with PoE+, where the Cisco Catalyst 4500 was the first enterprise-class switch to deliver PoE+ compliant switches, two years to the introduction of the IEEE PoE+ standard. UPOE is being introduced on the Cisco Catalyst 4500E platform in the form a new E-Series line card, WS-X4748-UPOE+E, that is compatible with Supervisor Engine 8-E, 7-E, 7L-E and beyond. Cisco UPOE is backward compatible with both PoE (IEEE 802.3af) as well as PoE+ (IEEE 802.3at).
What Is the UPOE Scalability on a Cisco Catalyst 4500E System?
Each WS-X4748-UPOE+E line card has a total available power budget of 1440W that can be allocated to the 48 front panel ports with a maximum of 60W per port. This provides the capability to power a maximum of 24 ports simultaneously at 60W. With five such line cards on a single system, the maximum number of ports that can simultaneously source 60W is 116. Moreover, each port also supports LLDP-based dynamic power negotiation capability that permits the end device to communicate the exact power requirement to the switch, which in turn enables smart budgeting of power to maximize the total number of UPOE devices that can be powered on a single line card.
How Is Power Budgeted to Individual Ports?
In addition to extending the power envelope defined by the IEEE 802.3 standard, UPOE also extends the LLDP-PoE dynamic power negotiation protocol defined by IEEE 802.3 to facilitate mutual identification and dynamic budgeting of power to individual ports. Additionally, UPOE also provides the users the capability to statically configure port power budget to enable devices that do not support the LLDP-PoE extensions for UPOE support.
How Does UPOE Tie in with Cisco’s Overall Enterprise Campus Access Strategy?
With the introduction of the Supervisor Engine 8-E, 7-E and 7L-E, the Cisco Catalyst 4500E has become Cisco’s leading modular campus access platform. The platform not only offers unprecedented switching bandwidth with line-rate switching to all user access ports and 10G uplinks but also has been the first platform to deliver next-generation services such as sub second ISSU, Flexible Netflow, Cisco TrustSec security, Wireshark as a hosted application, and medianet innovations. High availability and lower TCO continue to be the underlying goals for the platform. Cisco UPOE extends high availability for power while minimizing both CapEx and OpEx involved with power delivery.
More Cisco Network Topics:
The Cisco Aironet 2600 Series is ideal for enterprise networks of any size that need high-performance, secure, and reliable Wi-Fi connectivity for consumer devices, high-performance laptops, and specialized industry equipment such as point-of-sale devices and wireless medical equipment.
This mission-critical access point delivers Cisco’s RF excellence features such as Cisco CleanAir and ClientLink 2.0 technology for any small, medium-sized, and large enterprise network.
•Delivers the most advanced features in its class, with great performance, functionality, and reliability at a great price
•Includes 802.11n-based 3 x 4 MIMO, with three spatial streams
•Includes Cisco CleanAir, ClientLink 2.0, and VideoStream technologies, to help ensure an interference-free, high-speed wireless application experience
•Standard 802.3af PoE
•The 2600i model has integrated antennas for typical office deployments
•The 2600e model is for RF challenging indoor environments and requires external dual-band antennas.
The main Part Numbers and Specification of Cisco Aironet 2600 Series:
The Cisco Aironet 2600i Access Point: Indoor environments with internal antennas
• AIR-CAP2602I-x-K9: Dual-band controller-based 802.11a/g/n
• AIR-CAP2602I-xK910: Eco-pack (dual-band 802.11a/g/n) 10 quantity access points
• AIR-SAP2602I-x-K9: Dual-band autonomous 802.11a/g/n
• AIR-SAP2602I-x-K95: Eco-pack (dual-band 802.11a/g/n) 5 quantity access points
The Cisco Aironet 2600e Access Point: Indoor, challenging environments with external antennas
• AIR-CAP2602E-x-K9: Dual-band controller-based 802.11a/g/n
• AIR-CAP2602E-xK910: Eco-pack (dual-band 802.11a/g/n) 10 quantity access points
• AIR-SAP2602E-x-K9: Dual-band autonomous 802.11a/g/n
• AIR-SAP2602E-x-K95: Eco-pack (dual-band 802.11a/g/n) 5 quantity access points
Regulatory Domains: (x=regulatory domain)
Customers are responsible for verifying approval for use in their individual countries. To verify approval and to identify the regulatory domain that corresponds to a particular country, visit: http://www.cisco.com/go/aironet/compliance.
Not all regulatory domains have been approved. As they are approved, the part numbers will be available on the Global Price List.
What did Aironet 2600 Series users say?
“The Aironet 2602E is designed for commercial use. This particular model requires separate controller to work. So be careful when you order it. It does not come with power supply; it's understandable, as it was designed for work with POE switch.”
Router-switch.com, a trusted and the world’s leading Cisco supplier, founded in 2002, provides full series of Cisco network equipment, including Cisco routers, Cisco switches, Cisco firewalls, Cisco IP Phones, Wireless Access Points, Cisco modules & cards, etc. It carries over $5 million in inventory of refurbished, used and original new Cisco network hardware that can meet SOHO, small, midsized and large businesses of all sizes.
More Related Cisco Access Point Topics:
The Cisco Catalyst 3750 v2 Series is a next-generation energy-efficient Layer 3 Fast Ethernet stackable switch. It supports Cisco EnergyWise technology, which helps you manage the power consumption of your network, thereby reducing energy costs and carbon footprint.
The Cisco 3750 v2 Switch consumes less power than its predecessors and is an ideal access layer for enterprise, retail, and branch environments. It helps increase productivity and protects your network investment by providing a unified network for data, voice, and video.
Cisco Catalyst 3750 v2 Switches (Front and Back)
Catalyst 3750 v2 Series Highlights
• Lower power consumption than its predecessors
• Backward compatible with Cisco Catalyst 3750 and 3750-E Series Switches
• EnergyWise support to monitor energy consumption of network infrastructure and implement energy saving programs to reduce energy costs
• Open shortest path First (OSPF) routing with IP Base feature set
• Compatible with Cisco Redundant Power System (RPS) 2300
• Uniform depth of 11.9 inches on all units for better cable management
• IPv6 routing included in the IP Services feature set
Cisco Switch Configurations
Cisco Catalyst 3750 V2 Software
The Cisco Catalyst 3750 v2 Series can be purchased with the IP Base or IP Services license preinstalled.
The IP Base license offers advanced quality of service (QoS), rate limiting, and access control lists (ACLs), and basic static and Routing Information Protocol (RIP) and OSPF routing functions.
The IP Services license provides a richer set of enterprise-class features, including advanced hardware-based IP unicast and IP multicast routing as well as policy-based routing (PBR). The Advanced IP Services license, which includes IPv6 routing and IPv6 ACL support, is now included in the IP Services license. Upgrade licenses are available to upgrade a switch from the IP Base license to the IP Services license.
Cisco Catalyst 3750 V2 Series-Cisco EnergyWise& Power over Ethernet
We mentioned that Cisco Catalyst 3750 v2 Series supports Cisco EnergyWise, which is a technology that enables monitoring, reporting, and management of energy consumption by end devices that are EnergyWise enabled. This technology enables companies to reduce their energy costs and carbon footprints. EnergyWise features enable you to:
• Discover all Cisco EnergyWise enabled devices on the network
• Monitor and report power consumption by these devices
• Implement business rules to control power to these end devices
Power over Ethernet: The Cisco Catalyst 3750 v2 Series can provide a lower total cost of ownership (TCO) for deployments that incorporate Cisco IP Phones, Cisco Aironetwireless LAN (WLAN) access points, or any IEEE 802.3af-compliant end device.
PoE eliminates the need for wall power outlets for each PoE-enabled device and significantly reduces the cost for additional electrical cabling that would otherwise be necessary in IP phone and WLAN deployments.
The Cisco Catalyst 3750 v2 24-port PoE switch can support Class 3 PoE or 15.4 watts (W) of PoE power on all 24 ports. Taking advantage of Cisco Catalyst Intelligent Power Management, the Cisco Catalyst 3750 v2 48-port PoE configurations can deliver the necessary power to support 24 ports at 15.4W, 48 ports at 7.7W, or any combination in between. Maximum power availability for a converged voice and data network is attainable when a Cisco Catalyst 3750 v2 Series Switch is combined with the Cisco RPS 2300 for protection against internal power supply failures and an uninterruptible power supply (UPS) system to safeguard against power outages.
More Cisco Catalyst 3750 v2 Series Switches data sheet: Primary Features and Benefits, Enhanced Security, High-Performance IP Routing, Integrated Cisco IOS Software Features for Bandwidth Optimization, Cisco Catalyst 3750 v2 Series Switch Hardware, etc. You can see:
As we known, Cisco 3750 V2 series is famous for allowing customers to build a unified, highly resilient switching system, one switch at a time, and improving LAN operating efficiency by combining industry-leading ease of use and high resiliency for stackable switches.
So Cisco 3750 version 2 series wins a number of fans among Cisco switch users. If you are willing to choose a Cisco 3750 V2 series, you can check some hot models of Cisco Catalyst 3750 V2 switch at router-switch.com: