I know, I know – It’s a topic that’s been kicked around for years. However machine builders, OEM’s, and even end users continue to put unmanaged switches in applications where a managed switch is clearly a better choice. Helping guarantee your machine performs its best, has maximum uptime, and doesn’t pose a security risk to your customers justifies using a managed switch.

For many Machine Builders and OEMs, cost is the primary driver for their machine designs and component selection. As a result, many of these suppliers still use cheap, unmanaged switches on their equipment.

Using unmanaged switches to handle IACS (Industrial Automation Control System) traffic has a number of disadvantages and risks:

Disadvantage #1 – Open ports on unmanaged switches are a security risk

Imagine a contractor from another vendor or an unknowing employee connecting their PC to open ports on an unmanaged switch, spreading a virus, and wreaking havoc on the IACS and the network. Managed switches have port security with the ability to disable ports and prevent unauthorized access. How can you argue against this simple and effective security precaution?


Disadvantage #2 – No resiliency = higher downtime

Another important feature of a managed switch is redundancy. Redundancy provides the ability to safeguard a network in case a connection or cable fails by providing an alternate data path for traffic. Standard protocols prevent loops and establish the redundant links as a backup to keep integrated systems available. This can ultimately prevent expensive downtime, which any user can appreciate.

Disadvantage #3 – Unmanaged switches cannot prioritize traffic

Managed switches give you the ability to prioritize Local Area Network (LAN) traffic to ensure that the most important information gets through, while an unmanaged switch simply allows Ethernet devices to communicate with one another, such as a PC or network printer. One function of a managed switch called “Quality of Service” allows you to prioritize your network traffic by assigning a higher priority to critical traffic. This helps ensure consistent network performance for critical control functions on your machines.

In short, this can prevent other network traffic from making your machine malfunction – which can cause downtime for users, a service call to your service department, and a bad user perception of your machine performance.


Disadvantage #4 – Unmanaged switches cannot segment network traffic

A Virtual Local Area Network or VLAN is a domain that is partitioned and isolated in a computer network. VLANs allow a switch to logically group devices together to isolate traffic between these groups even when other traffic is passing over the same physical switch.

The segmentation and isolation of network traffic helps reduce unnecessary traffic in key areas. For example, you can segment traffic between machine groups so that critical control information can flow without delay from machine to machine and not get bogged down by other traffic. This allows better network performance and in many cases provides an additional level of security.

Disadvantage #5 – Unmanaged switches have limited or no tools for monitoring network activity or performance

Managed switches use protocols such as the Simple Network Management Protocol, or SNMP for monitoring the devices on the network. SNMP queries can determine the health of the network or the status of a particular device. By displaying this data in an easily understood format, users can monitor the performance of the network and quickly detect and repair network problems, even doing so remotely.

Managed switches also allow port mirroring. This copies the switch network traffic and forwards it to a single port on the same switch for analysis. You can then use a network analyzer on a monitor port to troubleshoot network problems by examining traffic on other ports or segments. This allows you to troubleshoot problems without taking your machines out of service which maximizes uptime for your users.

The Bottom Line

For end users, having some network visibility and control can be highly valued in their plants and they are willing to pay for it. Managed switch functionality can allow Machine Builders to differentiate their machines from competitors, command a higher premium, and ultimately lower their users total cost of ownership.

Ask yourself this, “If I could avoid just one downtime incident for my users or speed the troubleshooting of a down machine, what would that be worth in dollars?”

I’d argue that the incremental cost difference of a managed switch would be far less than even a single downtime incident!

If the cost of a fully managed switch is still considered prohibitive, a “Lightly Managed” switch like the Cisco IE1000 may be a good choice. Lightly managed switches can offer a subset of fully managed switch functionality at a reasonable price. If you don’t have IT support in your organization or are not familiar with IT tools like command line interface, lightly managed switches are also easily configured and commissioned. As a result, integrating a lightly managed switch in your machine architectures can be easily accomplished.

Put managed switches on your machines… It’s a “manageable” incremental cost!

Ready to Learn More?



Scot Wlodarczak

No Longer with Cisco