Switches are a decisive element on a network: Core, distribution, and edge switches. Moreover, they are available as managed or unmanaged layer 2 and managed layer 3 switches. An overview follows.
For details, see Practical guide on IP networks in building automation and control (CM110668).
Core
These powerful switches form the backbone of a network. The servers and most important devices are connected to the core. Moreover, these switches can take over redundancy and routing tasks (layer 3) and are therefore managed.
Distribution switches
They are located in the riser zones, take over data from core switches and forward them to the various floors in the building.
They are optimally designed as managed layer 2 switches to setup VLANs.
Edge switches
The end devices are connected here. They are located at the end of the network in the control cabinets. They are typically unmanaged layer 2 switches; managed layer 2 switches when setting up VLANs.
Layer 2 and layer 3 switches
Layer 2 switches (Ethernet switches) only take the Ethernet MAC address into account when transmitting a data packet. No additional configuration required.
Layer 3 switches (IP router) use IP addresses to forward data packets. The routing function improves structuring of IP networks and results in lower load caused by broadcast communication.
Managed and unmanaged
Administration is another distinguishing feature of switches. Managed switches have an IP address and can be managed and configured using a web browser or Command Line Interface (CLI).
Unmanaged switches are take end devices online on the network. These switches have no additional functionality such as filters, redundancy, or alarm functions.
Managed layer 2 switches support intelligent network management functions, such as port trunking, MAC address-based VLANs and RSTP for ring topologies. Port mirroring for troubleshooting and diagnostics using network analysis tools is an important aspect for using managed layer 2 switches.
Also important, especially on BACnet networks, is support of IEEE802.1X, or more specifically, MAC Authentication (MAB) in general with an allow-list of permitted devices or a complete certificate-based client-server access control and authentication that prevents unauthorized devices from connecting to a network over public access ports. In principle, devices must first be authenticated on the switch before they can communicate with other network elements.
Managed layer 3 switches are multifunction devices that, in addition to layer 2 functions, connect IP subnetworks to one another, i.e. IP packets are transmitted to the correct subnetworks and broadcasts are blocked. Moreover, a layer 3 switch can route VLANs to each other, i.e. VLANs remain autonomous, but it supports a network transition or common interface.
VLANs
The era of setting up a separate physical network in building automation and control for each supplier and discipline has passed. Multi-service networks allow each to work undisturbed on VLANs.
Managed layer 2 switches make it possible.
Implement a VLAN to optimize security and communication, if:
- More than 250 devices from the same discipline are planned (concentration of risk).
- Different security zones are required to separate primary plants form secondary plants.
- A high degree of reliability is required.
Port-based VLANs
Port-based VLANs distribute a virtual managed switch to multiple switches. Each VLAN is identified by a VLAN-ID between 1 and 4094 with VLAN-ID 1 reserved as the default VLAN.
The switch's IP address is exclusively reachable via ports that are fixed on this VLAN. In the example above, ports 1 to 4 are assigned to VLAN 1001; ports 5 to 8 to VLAN 1002, in other words, communication can only take place between devices 1 to 4 on the same VLAN. This is referred to as port-based VLANs or often as untagged VLANs, since the Ethernet frames from the switch to the end device no longer have a tag.
Benefits:
- Port-based VLANs reduce the need, especially on smaller installations, for a physical switch on each network.
- The end devices do not need to support VLAN tagging per IEEE 802.1q, since the switch takes over this task.
Tagged VLANs
In contrast to untagged VLANs, tagged VLANs are frame-based rather than port-based. A port is assigned to multiple VLANs rather just a single one. Each frame receives a VLAN tag so that the switch knows to which VLAN an Ethernet frame belongs.
Benefits:
- A single cable suffices to connect both switches.
Disadvantages:
- Each switch (not end devices) must support tagging per IEEE 802.1q as the end device does not recognize the data packet and rejects it, i.e. no communication occurs.
Networking in a star topology
Benefits:
- Less expensive installation
- Low operating costs
- Improved overview
- Easy troubleshooting
- Managed and unmanaged switches can be used
- Very high speed and short latency
Disadvantages:
- High cabling expense
- Communication failure for a defective star point (no redundancy)
Networking in a daisy chain topology (Line topology)
Benefits:
- Inexpensive
- Low cost for cabling
- Fewer switch ports required
Disadvantages:
- The loss of a device interrupts all communications to downstream devices (note that MAC Authentication (MAB) is also a mechanism that could cause such interruptions of the chain)
- Difficult overview and difficult to troubleshoot
- The latency of data transmission increases linearly with the number of downstream connected components; the probably of failure exponentially.
Only suitable where price is decisive or on non-critical system, such as are located in normal office buildings.
Networking in a ring topology
Benefits:
- A stand-by line results in higher reliability than a single line daisy chain topology
- Suitable for all network sizes
- Easy troubleshooting
- High speed with average latency times
Disadvantages:
- High cabling and engineering costs and managed layer 2 switch with RSTP
- Alarming and network management recommended
- Comprehensive expert knowledge required for engineering
In the event of a fault, switching the communication paths on DXR2.E../PXC3.E.. can take between 10 and 30 seconds. IT should monitor switches to notify the superposed system of a failure.
It is not enough to plan and implement the proper network technology to guarantee reliability and availability.
Switches with two voltage inputs are commonly offered to increase availability. Alarm messages can also be sent over hardware relay contacts (for example, in the event a connection or power supply fails, etc.). The switch can also be monitored as an alternative on a suitable management platform such as Desigo CC via the SNMP protocol.
Moreover, provide a separate or redundant power supply on important infrastructure, key automation stations, sensors, or actuators.
Selecting the topology is not always easy. Plant or application requirements are always the decisive factor, however. Special attention should be directed at the network since it forms the backbone of automation communications.
DHCP or fix IP address
The question comes up repeatedly as to whether DHCP should be used on a Desigo project.
For the sake of understanding, the following arguments pro and contra DHCP are listed here.
The Dynamic Host Configuration Protocol (DHCP) is a communications protocol where a DHCP server automatically assigns the network configuration (e.g. IP address, subnet) to a network participant (client). The DHCP server operates as a network service in the background and waits for client queries. The clients can be automatically or dynamically addressed based on the information on the available address pool from its configuration file.
There are three types of address assignment:
- Under manual assignment (static DHCP), the IP addresses are assigned to specific MAC address for an undetermined time on the DHCP server.
- The automatic assignment defined a range of IP address on the DHCP server and automatically assigns new DHCP clients to the MAC address. A table sets the assignment and is permanent. Assignments are not deleted and have the benefit that a participant always receives the same IP address so that the address cannot be assigned to another participant.
- Dynamic assignment is comparable to automatic assignment. The DHCP server does however manage data in its configuration file on how long certain IP address may be assigned to a participant before it is required to register on the server and request an extension. The IP address becomes available if this does not occur and can be assigned to other participants.
The DHCP procedures do have some disadvantages on a Desigo system or BACnet network:
- Access to the automation station is only through the BACnet names.
- Devices covering BBMD functionality always require a fixed IP address.
- It is difficult for the user to access devices when addresses change since room automation stations have a web server on board and are operated by the web interface for servicing and diagnostics.
For these reasons, Desigo automation stations are assigned a fixed IP address. The advantages clear outweigh the DHCP process, since:
- Automation stations are permanently assigned to a network and always have the same IP address.
- Simple and unique address assignments are important in the Desigo Engineering tools for service, diagnostics, and exchange.
- It permits unique project documentation on all levels.
- The devices can be uniquely assigned for servicing and diagnostics and simplified operation via the web interface.
An IP segment can also be divided on a project-by-project bases into a part with static addresses, e.g. automation stations, etc., and a dynamic part (DHCP), e.g. for engineering laptops.
For detailed information, see Desigo Ethernet, TCP/IP, MS/TP and BACnet (CM110666), Practical guide on IP networks in building automation and control (CM110668), and Web Interface User Guide (A6V11938631).