A Leap in Network Technology

New security switch

  • A Leap in Network Technology
    A Leap in Network Technology

With its Hirschmann brand of network devices, Belden has played a pioneering role in industry-grade Ethernet switches. 2002 saw the market launch of the Modular Industrial Communication Equipment (MICE) family, featuring a modular switch designed for mounting on a top-hat rail. This switch could be equipped with different media modules, permitting customers to individually configure functions as well as Ethernet ports. Engineers are currently working on what will now be the third switch generation. Scheduled for market launch at the end of 2012, the MICE Security Switch (MSS) will ring in a new era in modular top-hat rail devices.

Available with either 12, 20 or 28 ports, the MSS is the successor model to the PowerMICE switch. Furthermore, as the new switch also comes with four Gigabit ports, it can easily be used as a direct replacement for the older device. One of the new features of this switch is a click-in mechanism for media modules, permitting fast and easy installation without the need for a screwdriver or any other tool. Modules can subsequently be removed by simply using a screwdriver to lift up a tab attached to the switch. For applications that require a high level of vibration resistance, modules can also be fastened using screws.

PoE Plus support is another highlight of the new MSS. Depending on the power supply configuration, up to 120 watts can be supplied via the backplane of the switch. This eliminates the need for any additional cabling or power supply units, saving space as well as costs.

To make migration from the PowerMICE switch to MSS as easy as possible, the same terminal block and identical pinning have been used. Furthermore, two digital inputs are available to initiate network actions at the touch of a button.

All-round network protection
In addition to the above features, the MSS also offers crucial advantages when it comes to network security. The switch has a wide range of security functions that regulate access to the network and protect it against attacks. It features 802.1x access control, for example. In combination with a RADIUS server, this permits access to the network only after the device or user has been successfully authenticated. The MSS does more than make a switch port available though. It can authenticate and grant access to up to 16 clients per port independently of each other (multi-client authentication). Via a RADIUS server, each client can be assigned a specific VLAN, ACL (Access Control List) or bandwidth policy. In this case, switch configuration is carried out automatically. In addition, functions such as Guest VLAN, Unauthenticated VLAN and MAC Authentication Bypass (MAB) permit the integration of non-authorized clients or peripheral devices that are not compatible with 802.1x.

The access control lists mentioned above also serve to optimize network security, and the MSS supports both ingress and egress ACLs. This means that both incoming and outgoing data traffic can be controlled using these lists. The ACLs can be connected to either a physical port or a VLAN. The MSS also provides support for MAC and IPv4 ACLs (this will be extended to include IPv6 ACLs in a subsequent release). Because the ACLs are processed in the hardware, there are no detrimental effects on switching performance.

Features such as DHCP Snooping, Dynamic ARP Inspection, IP Source Guard, Port Security, Storm Control and Denial-of-Service protection complete this comprehensive range of security functions.
The MSS is configured using secure protocols and a multi-level, role-based access system. An audit trail permits full tracking of all configuration activities.

Uninterrupted data transmissions
New hardware redundancy mechanisms also play an important role. After all, optimum network security cannot be guaranteed without high network availability. Switches belonging to the Hirschmann™ brand have played a trailblazing role with regard to fast ring redundancy. The predecessor to the HIPER ring, based on hub technology, was developed at the beginning of the 1990s, and this redundancy method has been continuously optimized since that time. Because the HIPER ring is a proprietary protocol, it was subsumed into the open IEC62439-2008 and IEC62439-2010 standards at the beginning of 2009. The resulting standardized Media Redundancy Protocol (MRP) or Fast Media Redundancy Protocol (Fast MRP) represents the future of ring redundancy. As an open standard, it is accessible to everyone. Furthermore, from the users' perspective, they are not tying themselves to a particular manufacturer. This is why all new generations of Hirschmann switches will support MRP. Due to the fact that this redundancy protocol is already available in all current software platforms from version 4.2 upwards, smooth integration is guaranteed.

Over and above this, using a media module acting as a so-called RedBox, hardware redundancy methods such as Parallel Redundancy Protocol (PRP) and High Availability Seamless Redundancy Protocol (HSR) can also be used. Unlike previous redundancy methods, PRP and HSR have 0 second down time, thus ensuring absolutely interruption-free data transmission. When PRP is used, this is achieved by transmitting data packets on two ports and via two parallel networks. At their destination, the first packet is received and the second discarded. If the first packet fails to arrive due to an error, the second is already available to take its place. The HSR protocol also operates redundantly, but over a single network rather than two. A classic ring structure is set up, but unlike all other methods, it is a physically closed one. This means that all ring participants must support HSR. With PRP on the other hand, the appropriate functionality is only required at the switches and the connected terminal devices.
The data packets are transmitted in both directions within the ring and are evaluated by the receiving device. If there is an interruption in one direction, the packet from the other direction is processed.

Summary
Network security requires more than just a firewall. It is achieved as the result of interaction between redundancy methods, filters, authentication, authorization and data control. And this is exactly why MSS has been developed. "IPv6 ready" and packed with innovative technology, this switch brings maximum flexibility and the certainty of having made a future-proof investment.

Graduated in political sciences and international relations in Paris, Anis joined the team in early 2019. Editor for IEN Europe and the new digital magazine AI IEN, he is a new tech enthusiast. Also passionate about sports, music, cultures and languages. 

More articles Contact