What is a Managed Switch?
A managed Switch is a network component that, in addition to forwarding network traffic, also offers management, configuration and security functions. Unlike an unmanaged Switch, a managed Switch can be configured for VLANs, QoS, redundancy, security and Monitoring.
In OT networks, managed switches are indispensable for reliable, secure and structured communication between PLCs, HMIs, SCADA and field devices.
🧠 Key functions of managed switches
| Function | Description |
|---|---|
| VLAN configuration | Segmenting virtual networks (e.g. separating IT/OT or production/engineering) |
| QoS (Quality of Service) | Prioritising time-critical traffic, such as real-time protocols (Profinet, EtherCAT) |
| Redundancy protocols | RSTP, MRP, DLR or PRP for network availability |
| Port-based configuration | MAC Binding, Port Security, 802.1X, manual speed/duplex settings |
| Monitoring | SNMP, port mirroring (TAP/SPAN), syslog and network monitoring |
| Security | Restrict access per port, detect Rogue Devices, block unwanted traffic |
| Logging & alerting | Detection of faults, loops or unauthorised devices |
🔧 Typical configurations in OT
| Application | Function of the managed switch |
|---|---|
| Network segregation | VLANs for SCADA, cameras, remote access, engineering |
| Protection of PLCs | Allowing only known MAC addresses via MAC Binding |
| Improving redundancy | Ring Redundancy using MRP or DLR |
| Diagnosing communication issues | Mirror ports for packet capture with Wireshark |
| NTP and time synchronisation | The switch acts as a time source for devices using PTP or SNTP |
✅ Benefits compared with unmanaged switches
| Managed switch | Unmanaged switch |
|---|---|
| Manageable and configurable | Plug & play, no settings |
| VLANs and segmentation | No support for network separation |
| Per-port security settings | Everyone has access |
| Monitoring and logging | No visibility of traffic or faults |
| Redundancy protocols | Not available |
Managed switches provide visibility, control and security, essential for maintenance and Security Monitoring in OT networks.
🛡️ Security options
| Security feature | Application in OT |
|---|---|
| Port Security | Limit the maximum number of MAC addresses per port |
| MAC Binding | Allow only specific devices per port |
| DHCP Snooping | Prevent rogue DHCP servers |
| IP Source Guard | Verify IP traffic against established bindings |
| 802.1X | Authentication before granting network access |
| ACLs (Access Control Lists) | Filter traffic by port, IP or protocol |
🔁 Integration with OT architectures
| Component | Relationship to the managed switch |
|---|---|
| Purdue Model | Switches form the backbone at every level of the OT hierarchy |
| Historian | Reliable transfer of process data to higher-level systems |
| Remote Access | Segmentation and filtering of external traffic via VLAN or ACL |
| Anomaly detection | Mirror ports forward traffic to an IDS or SIEM |
| Asset Inventory | Visibility of connected equipment via SNMP and MAC tables |
📌 In summary
Managed switches form the backbone of a secure, stable and manageable OT network. They support segmentation, Monitoring, redundancy and security – all essential for industrial networks.