How to choose the right switch for your industrial network?

In industry, a switch isn't a "best effort" solution like in an office LAN: it ensures production continuity, real-time routing of PLC commands, security video surveillance, IoT (sensors, LoRaWAN gateways), and access to SCADA/MES systems. This highly detailed guide helps you define relevant specifications, understand the technical trade-offs, and select the switch best suited to your environmental, availability, security, and performance requirements.

1) Network profile and use cases

1.1 Typical domains

• Automation (PLC, robots, drives, HMI) — low latency and determinism requirements.
• IP video (quality, retention, NVR) — requires bandwidth and stable QoS.
• Industrial IoT (LoRaWAN gateways, sensors) — burst traffic, PoE power supply for gateways possible.
• Energy/utilities (substations) — severe EMC, PTP, IEC 61850-3 requirements.
• Transport/rail — vibration/temperature constraints, EN 50155, M12, extended power supply.

1.2 Essential Input Parameters

• Number of copper/fiber ports, SFP/SFP+ density, need for 10G or 25G uplinks.
• Traffic profile (sustained throughput, bursts, jumbo frames, industrial multicast).
• Availability requirements (internal SLA, MTBF, ring/dual-homing redundancy).
• Environmental constraints (temperature, dust, vibrations, IP rating).
• Security (802.1X, segmentation, hardening, SNMPv3/Syslog monitoring).

2) Types of switches (L2/L3, TSN, etc.)

Category	Strengths	Boundaries	When to choose
Not manageable (basic L2)	Plug & play, low cost	No VLAN/QoS/monitoring, difficult diagnosis	Small, non-critical areas, temporary lab/testing facilities
L2 manageable	VLAN, QoS, STP/RSTP/MSTP, ERPS/MRP, SNMP	Limited routing (basic IVR)	The majority of industrial aggregation networks
L3 industrial	Inter-VLAN routing, static OSPF/RIP, advanced ACLs	Complexity, higher cost	Backbone/aggregation, multi-zone segmentation
TSN (Time-Sensitive Networking)	Hard determinism (802.1Qbv, Qbu, AS), low jitter	More demanding interop/engineering	Real-time motion control, precision robotics

3) Robustness, power supply and standards

3.1 Environment

• Temperature: -40 °C to +75 °C (industrial class) or extended depending on site.
• EMI/EMS: IEC 61000-6-2/4 compliance, overvoltages, ESD, EFT.
• IP rating: IP30 to IP54 (without/with advanced protection), pressure/dust.
• Vibrations/shocks: rail/transport compliance if required (EN 50155, EN 50121-4).

3.2 Power Supply

• Redundant DC (e.g. 12–48 V) and/or AC inputs, screw terminal block, alarm relay.
• Self-consumption (excluding PoE) and dissipation (heat release).
• Protections: reverse polarity, overvoltage, short circuit.

3.3 Key Standards

• IEC 61850-3 (energy), IEEE 1613 (utility substation).
• EN 50155 / EN 50121-4 (railway, railway EMC).
• IEC 62443 (safety of industrial automation systems).

4) Performance, latency, and buffers

• Switching capacity (backplane) and transfer rate (pps).
• Buffers (per-port/shared buffer) to absorb bursts (video, PLC bursts).
• Transfer mode : store-and-forward (reliable) vs cut-through (minimum latency).
• Jumbo frames (e.g., 9K) for video/backup streams (pay attention to the end-to-end MTU).
• IGMP multicast snooping/querier for camera/PLC multicast streams.

5) Redundancy and high availability

• STP/RSTP/MSTP : simplicity, switchover typically < 1–3 s (RSTP) depending on design.
• ERPS (G.8032) : Ethernet ring, failover < 50 ms with a single blocking point.
• MRP (IEC 62439-2) : Profinet industrial rings, fast switching (order of 50–200 ms).
• Dual-homing to core (LACP/MC-LAG/Stack) to eliminate aggregation SPOF.
• Redundant power supply + alarm relay to signal faults.

6) PoE/PoE+/PoE++ and budget calculations

6.1 PoE Classes

Standard	PD Class	Power at the PSE (port)	Power at the PD (device)	Examples
802.3af (PoE)	0–3	15.4 W	≈ 12.95 W	Sensors, lightweight AP
802.3at (PoE+)	4	30 W	≈ 25.5 W	Dome cameras, IoT gateways
802.3bt (PoE++)	5–8	60–90 W	≈ 51–71 W	PTZ, heavy terminals

6.2 PoE Budget Formula

 Budget_PoE_min = Somme(PD_i) × (1 + marge) + pertes_câble
 Avec : pertes_câble ≈ I² × R_câble (ou ~5–10% conservatif)
 Marge typique : 20–30% (variations, pics d'appel, tolérances)

6.3 Numerical Example

An 8×PoE+ switch (total budget 120 W) powers 4 cameras (25.5 W PD) and 1 gateway (15 W PD):

• Load PD = (4 × 25.5) + 15 = 117 W
• Add 10% losses + 20% margin ≈ 117 × 1.3 = 152.1 W
• The 120W budget is insufficient → require 180W or reduce the PD

7) OT Cybersecurity and Segmentation

7.1 Essential Measures

• 802.1X access control (MAB as backup), port security (MAC limit).
• DHCP Snooping , IP Source Guard , Dynamic ARP Inspection .
• Management plan: SSHv2 , SNMPv3 , ban Telnet/SNMPv1/2c if possible.
• L2/L3/L4 ACL for inter-VLAN filtering, service whitelisting.
• Logs/telemetry: Syslog, NTP/PTP, SNMP trap, change logging.
• Reference IEC 62443 (zones/conduits, defence in depth).

7.2 Example of VLAN segmentation

 VLAN 10 : Automates/PLC (critique)
 VLAN 20 : Vidéo sûreté
 VLAN 30 : IoT/Passerelles (LoRaWAN, etc.)
 VLAN 40 : Administration/Ingénierie
 VLAN 99 : Quarantaine (802.1X échec/MAB)

7.3 Example of inter-VLAN ACL (principle)

 Autoriser : VLAN10 --> SCADA (TCP 102/502/44818 selon protocole)
 Autoriser : VLAN20 --> NVR (TCP/UDP 554/RTSP, 9200, etc.)
 Bloquer : Tout le reste par défaut (deny any)

8) Time synchronization (PTP/NTP/TSN)

• NTP : millisecond precision. Sufficient for standard journals and IT.
• PTP IEEE 1588 : μs accuracy with Boundary/Transparent Clock.
• Sector-specific PTP profiles (energy/telecom/AVB) — check compatibility.
• Error budget : sum of contributions (source clock, transit, network load).

8.1 PTP Good Practices

• Limit the number of jumps without TC/BC.
• Avoid congestion and variable latency on PTP traffic.
• Also synchronize the SCADA/NVR servers for accurate correlation.

9) QoS, determinism and critical traffic

• Classification : CoS 802.1p / DSCP, end-to-end consistent mapping.
• Scheduling : Strict Priority file for control, WRR for rest.
• Policing/Shaping : smooth video stream to avoid bursting.
• TSN (802.1Qbv/Qbu/Frame Preemption) for deterministic windows.

10) Sizing and formulas

10.1 Video Throughput

 Débit_total ≈ Σ (bitrate_cam_i × (1 + overhead))
 Overhead Ethernet+IP+RTP ≈ 15–20% (ordre de grandeur)

10.2 Uplink Capacity

 Uplink_min ≥ Débit_total_agrégé × facteur_marge (ex. 1,3)
 Si Uplink_min > 1G —> prévoir 10G (SFP+)

10.3 Ring Resilience

Temps_bascule ≈ temps_protocole + détection_defaut + convergence
 Objectif industriel : < 50 ms (ERPS/MRP) si processus critique

11) Examples of reference architectures

11.1 10G Access Ring + Aggregation

• L2 access manageable in an ERPS/MRP ring.
• 10G (SFP+) uplinks to two redundant L3 cores.
• PTP enabled on critical path, strict QoS on control path.

11.2 Remote IoT Site + Video

• PoE switch at the edge powering sensors, Wi-Fi AP, cameras.
• Minimal local routing, secure tunnel to center (IPsec/SD-WAN firewall side).
• SNMPv3 and Syslog monitoring to central NMS.

12) Qualification, FAT/SAT tests and checklist

12.1 FAT (Factory Acceptance Test)

• Validation of functions (VLAN, QoS, ERPS/MRP, PTP, PoE budget).
• Load/burst test, link loss, reboot, power outage.
• Security: 802.1X, ACL, SSHv2, SNMPv3, disabling legacy services.

12.2 SAT (Site Acceptance Test)

• Check actual topology, cable lengths, fiber budget.
• Test ring switch, core cut-off, power supply loss.
• End-to-end latency measurement on critical data flow, PTP timestamping.

12.3 Decision Checklist

1. Type (L2/L3/TSN) as required.
2. Sufficient ports, uplinks, fibers and PoE + margin.
3. Site-appropriate temperature/EMI/IP/certs.
4. Redundancy (ring/dual-homing) tested < 50 ms if required.
5. OT security (802.1X, ACL, hardening) validated.
6. PTP/NTP and QoS configured and measured.
7. Operational monitoring (SNMPv3/Syslog).

13) Model requirements for a call for tenders

• Number of copper/fiber ports, SFP/SFP+, 10G/25G uplinks.
• Total PoE budget and per port (af/at/bt), supported classes.
• Minimum/maximum temperature, EMC, vibrations, IP rating, industry certifications.
• L2/L3, ERPS/MRP, STP/RSTP/MSTP, IGMP snooping functions.
• PTP (BC/TC), required profiles, target accuracy.
• Security (802.1X, MAB, DHCP Snooping, DAI, SNMPv3, SSHv2).
• MTBF, warranty, spare parts, software lifecycle, firmware roadmap.
• Services: FAT/SAT, training, documentation, 24/7 support if critical.

14) FAQ

Q: Should I choose L2 or L3?
A: L2 is sufficient for many cells. L3 becomes relevant for segmenting multiple areas, controlling paths, or integrating dynamic routing to other sites.

Q: Which ring protocol should I choose?
A: ERPS (G.8032) is common and efficient. MRP is preferred in Profinet environments. RSTP is suitable if the switchover time constraint is not < 50 ms.

Q: How do I size the PoE?
A: Add the PD power, add 20–30% margin and 5–10% cable losses. Check the PoE class of each device.

Q: Is PTP necessary?
A: Yes, if you have requirements for fine timestamping (μs) or real-time control. Otherwise, NTP (ms) may be sufficient for logs.

15) Glossary

• BC/TC : Boundary/Transparent Clock (PTP).
• ERPS : Ethernet Ring Protection Switching (G.8032).
• MRP : Media Redundancy Protocol (IEC 62439-2).
• PTP : Precision Time Protocol (IEEE 1588).
• TSN : Time-Sensitive Networking (802.1 family).

Conclusion

The "right" industrial switch isn't just about ports. It's a balance between environmental robustness, redundancy < 50 ms, OT security, time synchronization, and sustained capacity (PoE, 10G uplinks). DistrIoT can help you transform this guide into a workable specification, then into a FAT/SAT-validated architecture, for a smooth deployment.

Contact DistrIoT: describe your constraints (ports, PoE, 10G, temperature, standards), we will provide you with a technical shortlist, a test plan and a deployment estimate.