What is a Switch?
A switch is a network component that connects devices within a local area network (LAN) and intelligently forwards data traffic based on MAC addresses. In OT environments, industrial switches are crucial for a reliable, robust, and fast network structure.
Switches form the heart of both IT and OT networks and provide efficient communication between devices such as PLCs, HMIs, Drives, SCADA systems, and IO modules.
🧠 How does a switch work?
- Each port on a switch learns which MAC address is connected to it by analysing inbound traffic
- When a packet arrives, the switch examines the destination MAC address
- The packet is forwarded only to the correct port (unicast), not to all ports (as with a hub)
- Switches operate at layer 2 of the OSI model; some advanced models also at layer 3 (routing)
Industrial switches often offer additional features such as VLAN support, SNMP monitoring, QoS, and redundancy protocols.
🏭 Application of switches in industrial networks
- Connecting PLCs, HMIs, and sensors via Industrial Ethernet
- Setting up Ring Redundancy with protocols such as MRP, RSTP, or PRP
- Use of VLANs for network segmentation in line with the Purdue Model
- Monitoring via SNMP and integration with SIEM or SCADA
- Use of ACL or Port Security for access control and security
Industrial switches are often designed for harsh conditions: vibration, heat, moisture, and EMC interference.
🔍 Managed vs. Unmanaged Switch
| Aspect | Managed Switch | Unmanaged Switch |
|---|---|---|
| Manageable | Yes – via web, CLI, SNMP, or Web Server | No – plug & play |
| VLAN support | Yes | No |
| Monitoring | Yes – status, faults, traffic | No |
| Redundancy protocols | Yes | No |
| Application | OT core networks, SCADA, segmentation | Small installations, edge devices |
🔐 Security aspects
- Use Port Security to allow only known MAC addresses
- Configure ACLs on L3 switches to filter traffic
- Disable unused ports or seal them physically
- Separate traffic with VLANs and manage access with RBAC
- Restrict and monitor access to management interfaces (via HTTPS, SSH, or SNMPv3)
- Log switch activity to Syslog or SIEM for auditing
Managed switches can also send alerts on unusual behaviour or connectivity issues.
📌 In summary
A switch is an intelligent network component that connects devices efficiently, essential for both IT and OT networks. In industrial environments, managed, robust switches are indispensable for reliability, segmentation, and security.