In-Depth Analysis of VLAN Routing Configuration for Industrial Ethernet Switches: From Theory to Practice

In the wave of Industry 4.0 and intelligent manufacturing, industrial Ethernet switches have become the core equipment for building efficient and reliable industrial networks. They achieve logical isolation through VLAN (Virtual Local Area Network) technology and break down isolation barriers through VLAN routing, constructing a network architecture that "divides to govern and unifies as one." This article will systematically analyze the VLAN routing configuration methods for industrial Ethernet switches from four dimensions: the basic principles of VLANs, three implementation methods for VLAN routing, detailed configuration steps, and practical case studies in industrial scenarios.

1. VLAN Technology: The "Logical Isolation Technique" for Industrial Networks
1.1 Core Value of VLANs
The essence of VLANs is to divide a physical network into multiple logically independent broadcast domains. For example, in an automobile manufacturing plant, VLANs can isolate equipment in the stamping, welding, and painting workshops to prevent broadcast storms from spreading across regions, while enabling cross-workshop data interaction through VLAN routing. Their core advantages include:
Security isolation: Devices in different VLANs cannot communicate directly, preventing sensitive data leakage.
Broadcast control: Limiting the scope of broadcast domains reduces network congestion.
Flexible management: Network structures can be adjusted through software configuration without altering physical cabling.
1.2 VLAN Member Types and Port Modes
Industrial switches support four port modes corresponding to different VLAN member types:
Access Port: Belongs to only one VLAN and is used to connect end devices (e.g., PLCs, sensors). For example, configuring Port 1 of a USR-ISG005 switch in Access mode and adding it to VLAN 10 allows connection to a pressure sensor in the stamping workshop.
Trunk Port: Allows traffic from multiple VLANs to pass through and is used for inter-switch connectivity. For example, connecting two USR-ISG005 switches via a Trunk port enables cross-device transmission of VLAN 10 and VLAN 20 traffic.
Hybrid Port: Flexibly controls the addition/removal of VLAN tags and is suitable for complex scenarios.
Uplink Port: Typically an extension of Trunk mode, used for connecting to core switches.
2. Three Implementation Methods for VLAN Routing
The core of VLAN routing is to break Layer 2 isolation and enable cross-VLAN communication. Three commonly used methods in industrial scenarios are as follows:
2.1 Router-on-a-Stick: A Low-Cost Solution
Router-on-a-stick achieves routing for multiple VLANs through sub-interfaces on a single router. Its topology involves connecting a Trunk port of a Layer 2 switch (e.g., USR-ISG005) to a physical interface of the router, which then divides VLANs through sub-interfaces.
Configuration Example (using a Cisco router):

cisco

interface GigabitEthernet0/0.1 // Create a sub-interface

encapsulation dot1Q 10 // Bind to VLAN 10

ip address 192.168.10.1 255.255.255.0 // Configure the VLAN 10 gateway

arp broadcast enable // Enable ARP broadcasting

interface GigabitEthernet0/0.2

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

arp broadcast enable

Advantages: Low cost, suitable for small networks.
Limitations: The router interface becomes a performance bottleneck, and there is a higher risk of single-point failure.
2.2 Layer 3 Switch: A High-Performance Industrial Solution
Layer 3 switches (e.g., high-end models in the USR-ISG series) achieve VLAN routing through SVI (Switched Virtual Interface) interfaces. Each VLAN corresponds to an SVI interface, which serves as the default gateway for that VLAN.
Configuration Example (using a USR-ISG switch):

cisco

vlan batch 10 20 // Create VLANs 10 and 20

interface Vlanif10 // Configure the SVI interface for VLAN 10

ip address 192.168.10.1 255.255.255.0

interface Vlanif20

ip address 192.168.20.1 255.255.255.0

Advantages: Wire-speed routing with high performance; supports Spanning Tree Protocol (STP/RSTP/MSTP) to avoid loops.
Limitations: Requires purchasing a Layer 3 switch, which is more expensive than router-on-a-stick.
2.3 VLANIF Interface: A Simplified Layer 3 Routing Solution
Some industrial switches (e.g., firmware-upgraded versions of the USR-ISG005) support VLANIF interfaces, which function similarly to SVIs but offer simpler configuration. They essentially achieve routing through logical interfaces without requiring a full Layer 3 switching engine.
Configuration Example:

cisco

vlan 10

name Production

vlan 20

name Office

interface Vlanif10

ip address 192.168.10.1 24

interface Vlanif20

ip address 192.168.20.1 24

Advantages: Simple configuration, suitable for small to medium-sized industrial networks.
Limitations: Limited functionality compared to SVI interfaces and slightly weaker scalability.

1. Practical VLAN Routing Configuration in Industrial Scenarios
   Taking the production line monitoring system of an automobile parts factory as an example, this section provides a detailed analysis of the configuration steps for VLAN routing:
   3.1 Network Topology Design
   Equipment List: 2 USR-ISG005 switches (core switch, access switch), 1 industrial router (USR-R2000), 20 PLCs (Siemens S7-1200), and 10 cameras (Hikvision industrial-grade).
   VLAN Planning:
2. VLAN 10: Production line PLCs (192.168.10.0/24)
3. VLAN 20: Monitoring cameras (192.168.20.0/24)
4. VLAN 30: Office network (192.168.30.0/24)
   3.2 Detailed Configuration Steps
   Step 1: Basic Switch Configuration

5. cisco

   system-view // Enter system view

   sysname Core-Switch // Name the core switch

   vlan batch 10 20 30 // Create VLANs

   interface GigabitEthernet0/0/1 // Configure a Trunk port (connecting to the access switch)

   port link-type trunk

   port trunk allow-pass vlan 10 20 30

Step 2: Configure Access Ports (connecting to end devices)

cisco

interface GigabitEthernet0/0/2 // Port connecting to a PLC

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3 // Port connecting to a camera

port link-type access

port default vlan 20

Step 3: Configure VLAN Routing (Layer 3 switch solution)

cisco

interface Vlanif10 // SVI interface for VLAN 10

ip address 192.168.10.1 24

interface Vlanif20

ip address 192.168.20.1 24

interface Vlanif30

ip address 192.168.30.1 24

ip route-static 0.0.0.0 0 192.168.1.1 // Configure a default route (pointing to the router)

Step 4: Configure the Router (enabling internal and external network communication)

cisco

interface GigabitEthernet0/0/0 // Port connecting to the core switch

ip address 192.168.1.2 24

interface GigabitEthernet0/0/1 // Port connecting to the external network

ip address 203.0.113.1 24

ip route-static 192.168.0.0 16 192.168.1.1 // Configure a return route

Step 5: Configure NAT (enabling internal network access to the external network)

cisco

acl number 2000 // Define an ACL rule

rule 5 permit source 192.168.0.0 0.0.255.255

interface GigabitEthernet0/0/1 // External network interface

nat outbound 2000 // Apply the NAT policy

3.3 Verification and Testing

• Connectivity Test: Ping the IP address of a camera in VLAN 20 (e.g., 192.168.20.10) from a PLC in VLAN 10 to verify whether VLAN routing is functioning.
• NAT Test: Access an external network server (e.g., www.example.com) from an internal network PC and confirm the success of NAT conversion through router logs.
• Performance Test: Use the iPerf tool to test cross-VLAN bandwidth and ensure it meets the real-time requirements of production line monitoring (≥100 Mbps).

4. Recommendations for Industrial Switch Selection: Advantages of the USR-ISG Series
In industrial scenarios, the reliability, environmental adaptability, and functional completeness of switches are crucial. The USR-ISG series of industrial switches (e.g., USR-ISG005) offer the following advantages:

• Industrial-grade design: Supports wide temperature operation (-40°C to 85°C), IP40 protection rating, 6000V lightning protection, and adaptation to harsh environments.
• High reliability: Fanless cooling, dual power redundancy, and a mean time between failures (MTBF) of ≥300,000 hours.
• Flexible scalability: Supports protocols such as VLAN, QoS, STP/RSTP/MSTP, and ERPS ring networks to meet complex industrial network requirements.
• Easy manageability: Provides multiple management methods, including Web, CLI, and SNMP, and supports graphical configuration of VLAN routing.
  For example, in a smart grid project, the USR-ISG005 enabled isolation and communication between a substation monitoring system and a dispatching center through VLAN routing. Its -40°C cold start capability ensured stable operation in severely cold regions in the north.

VLAN routing configuration for industrial Ethernet switches is a key technology for building efficient and secure industrial networks. Through three solutions—router-on-a-stick, Layer 3 switches, or VLANIF interfaces—network requirements of different scales can be flexibly accommodated. In actual configurations, it is essential to select appropriate equipment and protocols based on the characteristics of industrial scenarios (e.g., high reliability, real-time performance, and environmental adaptability). In the future, with the integration of TSN (Time-Sensitive Networking) and 5G technologies, VLAN routing will evolve toward lower latency and higher bandwidth, providing stronger network support for intelligent manufacturing.