I'm a network admin in a small manufacturing plant, and as part of my responsibilities, I oversee all the Ethernet in the plant. During a recent network issue (a loop caused by a maintenance tech plugging both ends of a patch cable into the same switch), it was discovered that our Ethernet-enabled PLCs were connected to the same physical network infrastructure as our IT-Ethernet network and given a separate, non-routeable IP address space.
I don't know when this occurred, but it was done years before I was hired and I suspect that it was done the way it was to keep costs down. However, I do need to clean this up as I clean up the rest of the facility's network.
Do PLCs and any terminals that communicate with them need to be on a separate physical network (not plugged into my switches), and are there any good sources/best practices that I can read up on how to implement an industrial network? Are there any products available that would allow me to restrict access to the network based on their login credentials?