Showing results for 
Search instead for 
Did you mean: 

Please I need some professional advise (CPwE)


I have a question about Industrial IT architecture, and you may be able to help me (even if you are not into industrial it).

Using the Converged Plantwide Ethernet guide of Cisco and Rockwell, the Architecture of a plant should be:


> Internet > Enterprise Firewall + DMZ > Enterprise Office network (L3 Redundant Star) > Manufacturing Firewall + DMZ > Manufacturing Network (L3 in Ring)

This architecture also contains Manufacturing VLANs, Manufacturing Qos, Manufacturing Routing and Manufacturing Firewall configuration (and more).

I am selling this approach to our IT department, that now has only this architecture.

> Internet > Enterprise Firewall + DMZ > Enterprise Office network (Redundant Star)

The point is, their redundant star also has L2 switches in the manufacturing plant in good cabinets, and say they can use these.

They say they can integrate the entire Converged Plantwide Ethernet on the current hardware infrastructure, just by using VLANs.

So our discussion is, why physically seperate and duplicate the whole thing, while using VLANs you also have the seperation and need no additional hardware.

The only argument we have for now is,

- New Industrial Switches with better environmental properties and backup/restore possibilities

- Certain Industrial protocols that run on these switches (REP, CIPSync, Ethernet IP)

- Recommendation by almost every instance that the best way is physically separating

But we seem not to be able to convince them to installing and entirely new network for that reasons.

Are there any better arguments? Is VLAN 100% secure? Or any other reasons that we can use?

Best Regards,


CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards