Managed vs Unmanaged Ethernet Switch in Industrial Networks
"Should I use a managed or unmanaged Ethernet switch?" is the most-asked networking question on PLCS.net and similar forums. The default IT-side answer used to be "use unmanaged unless you know you need managed" — that hasn't been true for a decade. Modern industrial networks almost always need at least some managed switches because of multicast traffic from PLC-to-PLC communication.
Quick decision rule
Use managed at any level where PLCs do producer/consumer (multicast) communication or where you have more than ~10 connected devices. Use unmanaged for tiny isolated machine-level segments (one PLC + a handful of devices). When in doubt, use managed — the cost premium is small (~$200-400 per switch) and the diagnostic capability is enormous.
What managed switches do that unmanaged don't
- IGMP snooping — managed switches learn which ports want which multicast streams and only forward to those ports. Without snooping, multicast floods every port (a single chatty PLC saturates the whole network).
- VLANs — segment one physical switch into multiple logical networks. Useful for separating control traffic from corporate traffic on shared infrastructure.
- QoS (Quality of Service) — prioritise PROFINET RT or EtherNet/IP CIP Sync traffic over best-effort TCP/IP. Critical for IRT and motion control.
- Redundancy (MRP, RSTP) — ring topologies that fail over in <200 ms vs RSTP's 1-30 second recovery on unmanaged switches.
- Port mirroring — copy traffic to a diagnostic port for Wireshark capture. Essential for troubleshooting weird intermittent network issues.
- Diagnostics — link status, port utilisation, error counters, broadcast storm detection, all available via SNMP or web UI.
- Security — port-based 802.1X authentication, MAC filtering, ACLs.
- PROFINET LLDP — automatic topology discovery within TIA Portal.
Where each belongs in a typical plant network
Following the Purdue Enterprise Reference Architecture (PERA):
| Layer | Recommendation | Why |
|---|---|---|
| L0/L1 (machine) | Unmanaged or basic managed | Single machine, low device count, isolated from rest of plant |
| L2 (cell/area control) | Managed (mandatory) | PLC-to-PLC multicast, motion synchronisation, redundancy |
| L3 (operations / SCADA) | Managed (mandatory) | VLANs separating SCADA, historian, MES traffic |
| L3.5 (IDMZ) | Managed enterprise-grade with firewall | Air-gap-equivalent OT/IT segmentation |
| L4/L5 (enterprise IT) | Standard IT managed | Out of scope for OT but interconnects via IDMZ |
When unmanaged is OK (and when it's a trap)
OK uses for unmanaged
- One PLC + 4-8 IO modules + an HMI in a small machine, isolated from the plant network
- Test bench / development stations not connected to production
- Simple Modbus TCP / EtherNet/IP unicast networks with no producer/consumer multicast
- Adding more I/O modules to an existing managed-switch backbone (the unmanaged switch sits behind the managed switch)
Where unmanaged becomes a trap
- Allen-Bradley ControlLogix produced/consumed tags between PLCs — multicast floods the unmanaged switch
- EtherNet/IP CIP I/O — the producer/consumer model multicasts
- PROFINET RT segments above ~10 devices
- Any motion control over Ethernet (CIP Sync, EtherCAT through-managed-switch)
- Networks where you need diagnostic visibility for troubleshooting
Symptoms of an unmanaged-switch-with-multicast-traffic problem: random packet loss, intermittent fault codes, "the PLC works on the bench but not in the panel", network utilisation pegged at 80-100% even when production is idle.
Major industrial switch vendors
- Allen-Bradley Stratix — Stratix 5400, 5700, 5800. Tight ControlLogix/Studio 5000 integration.
- Siemens Scalance — XB, XC, XR, XM ranges. PROFINET-native, TIA Portal integration.
- Hirschmann (Belden) — vendor-neutral, exceptional reliability. Common backbone in mixed-vendor plants.
- Phoenix Contact — FL Switch range, strong PROFINET support, good price/performance.
- Cisco Industrial Ethernet (IE) — IE 4000, 5000 series. Strong for plants with Cisco IT skills.
- Moxa — cost-effective, broad range, common in Asian markets and OEM applications.
- Schneider TCSESM / ConneXium — Modicon-aligned managed switches.
- Westermo — high reliability for harsh environments (rail, marine, mining).
Frequently asked questions
What is the difference between a managed and unmanaged Ethernet switch?
An unmanaged switch is plug-and-play — power it on, plug devices in, traffic flows. A managed switch adds VLANs, IGMP snooping (multicast filtering), QoS (traffic prioritisation), port mirroring, diagnostic visibility, redundancy protocols (MRP, RSTP), and remote management via SNMP or web UI. Managed switches cost $200-400 more per switch but are essential for any industrial network with multicast traffic or more than ~10 devices.
When do I need a managed switch in industrial networks?
Use managed at the cell/area control level (Level 2 of Purdue model) and above. Specifically: any network with PLC-to-PLC producer/consumer (multicast) communication, EtherNet/IP CIP I/O, PROFINET RT above 10 devices, motion control, or where you need diagnostic visibility. Use unmanaged only for isolated single-machine segments with simple unicast traffic.
What is IGMP snooping and why does it matter?
IGMP snooping is a managed-switch feature that learns which ports want which multicast streams and only forwards multicast packets to those ports. Without IGMP snooping, multicast floods every port — a single chatty PLC saturates the whole network. Critical for Allen-Bradley ControlLogix produced/consumed tags, EtherNet/IP CIP I/O, and PROFINET multicast traffic.
Can I mix managed and unmanaged switches?
Yes, and it's common. The typical pattern: managed switches as the backbone (cell/area level and above), unmanaged switches as port expanders behind the managed switches in machine-level segments. The managed switches handle the multicast filtering, VLANs and QoS; the unmanaged switches just add ports. Avoid using unmanaged at the backbone layer.
Which industrial switch vendor should I choose?
Match your existing PLC ecosystem. Allen-Bradley Stratix with ControlLogix; Siemens Scalance with S7-1500. For vendor-neutral plants, Hirschmann (Belden) or Phoenix Contact give excellent reliability and broad protocol support. Cisco Industrial Ethernet (IE) for plants with strong Cisco IT skills already in-house. Moxa for cost-effective OEM applications.