Compare Trout & VLANs
VLANs require switch reconfiguration, recabling, and downtime. Overlay networking deploys on top of your existing network in hours. Same segmentation result, fraction of the effort.
Network segmentation is mandatory. Rewiring is not.
Regulations like IEC 62443, NIS2, and NERC CIP require network segmentation in OT environments. The traditional approach -- VLAN-based segmentation -- means weeks of planning, switch reconfiguration, physical recabling, and production downtime. For a large manufacturing plant, a VLAN migration can mean weeks of downtime and six figures in lost production.
Overlay networking: Software-defined segments
Trout overlay networking creates logical segments on top of your existing physical network. No switch reconfiguration, no cable changes, no downtime. Segments are defined by identity and policy rather than physical port assignments. Deploy across an entire facility in hours and manage all sites from a single console.
VLANs: Physical and logical reconfiguration
VLANs segment networks by configuring switches and routers to isolate traffic into separate broadcast domains. This requires planning the VLAN topology, reconfiguring every switch, recabling devices to the correct ports, and testing -- all while production is interrupted during cutover windows.
| Feature | Access Gate | VLANs |
|---|---|---|
| Network segmentation | ||
| Deployment time | Hours | Weeks to months |
| Requires recabling | ||
| Production downtime | During cutover | |
| Identity-based access | Port-based only | |
| OT protocol awareness | ||
| Scales across sites | Centralized policy | Complex per-site config |
| Change management overhead | Low | High -- network-wide impact |
| Works on flat networks | Requires network redesign | |
| Audit trail | Full session logging | Limited to ACL logs |
Zero downtime deployment
Overlay networking deploys on top of your existing network without any physical changes. There is no cutover window, no production stoppage, and no risk of miscabled connections.
Identity-based, not port-based
VLANs tie segmentation to physical switch ports. Move a device and you break its network assignment. Overlay segments are defined by device identity and policy, so segmentation follows the device regardless of where it connects on the physical network.
Cross-site consistency
Managing VLANs across multiple sites means duplicating configuration on every switch at every location. Overlay networking applies consistent segmentation policies across all sites from a single management console, reducing configuration drift and administrative overhead.
Access Gate vs VLANs FAQ
Not necessarily. Overlay networking can work alongside existing VLANs. If you already have some VLAN segmentation in place, the overlay adds finer-grained micro-segmentation and identity-based policies on top. For greenfield deployments or flat networks, the overlay can provide all segmentation without any VLAN configuration.
Yes. The overlay operates at a logical layer above your physical network. Existing VLANs continue to function normally. The overlay adds additional segmentation and access control without interfering with your current VLAN topology or switch configuration.
Yes. Overlay networking provides network segmentation that meets the requirements of IEC 62443 zones and conduits, NIS2 network security mandates, and NERC CIP network isolation standards. It meets the same compliance bar as VLANs, with identity-based enforcement and full audit trails on top.
A typical facility can be segmented in hours to days, depending on size and complexity. This compares to weeks or months for VLAN-based approaches. Because there is no recabling or switch reconfiguration, the deployment does not require maintenance windows or production shutdowns.