Efficient Network Security with LAN Segmentation
With the latest RSP firmware 2.17.0, our mbNET and mbNET.rokey devices have been enhanced with a powerful new feature: LAN segmentation. This upgrade enables machine network operators and service providers to structure and secure their network infrastructure more effectively.
LAN Segmentation: Security and Cost Savings in One
A high-performance network doesn’t have to be expensive. Thanks to the new LAN segmentation feature, you can – depending on your application – eliminate the need for a managed switch while still achieving clear zone separation and effective traffic control. Segmentation is handled directly by the remote access router, which acts as the central zone transition point. This not only reduces costs but also simplifies the complexity of your infrastructure setup.
What is LAN Segmentation?
LAN segmentation, or port-based VLANs, allows the division of a local network into up to four separate segments directly on the remote access router. Each of these segments receives its own IP address range and is fully isolated by default. Communication between segments can be specifically configured via Layer 3 routing rules when desired. This ensures that unwanted data traffic is prevented while simultaneously enhancing network security and performance.
Key Benefits at a Glance
Separating network areas minimizes the risk of unauthorized access.
Optimized Performance
ARP requests and broadcasts remain within a segment, reducing unnecessary network load.
Granular Access Control
Individual LAN segments allow specific machines or areas to be selectively included or excluded.
A dedicated LAN port can be set up for system maintenance, granting technicians controlled on-site access.
Advanced User Management
Beyond assigning access rights at the component level, access to entire network segments can now be managed.
Cost Savings
Integrated LAN segmentation often eliminates the need for a managed switch, reducing investment costs and simplifying infrastructure.
Cybersecurity at a New Level
With LAN segmentation, the remote access router can serve as a central security node. Separating machine segments allows for targeted maintenance while protecting the network from unwanted access – both externally and within the facility. Utilizing mbNET with LAN segmentation supports compliance with IEC 62443 standards, paving the way for a future-proof OT security strategy.
Wake-on-LAN – Additional Flexibility
Another highlight is the combination with Wake-on-LAN. Individual network devices can be activated as needed or on a schedule to create targeted maintenance windows, ensuring they are not permanently active and visible on the network.
Our Security Approach with mbNETFIX
For those requiring even more control, our mbNETFIX allows for physical network separation. This enables communication paths to be further restricted and security policies to be enforced at the highest level.
Conclusion: LAN segmentation expands your options for secure and flexible network configuration. Use this function to optimally protect your machine network and operate it efficiently at the same time – without additional hardware such as a managed switch.
