Standards for Technology in Automotive Retail
A Virtual Local Area Network (VLAN) (IEEE 802.1Q Virtual LANs) should be considered in environments where users are required to access applications and data from dissimilar networks, such as a dealership LAN, DMS LAN, OEM 1 LAN, OEM 2 LAN, etc. Deploying a VLAN often requires additional costs up front. However, long term costs may be reduced because of the flexibility and ease of management. A VLAN combines switches and routers to logically connect or isolate network segments according to some predefined criteria, such as job function. Some of the tasks of a VLAN are accomplished using switches alone (one big LAN). Without routers, containing broadcasts and adding security becomes difficult, if not impossible. A VLAN also overcomes the difficulty and inflexibility of managing hard-wired connections. When moving a device on the network, such as a PC or printer, no rewiring is required in most cases.
OEMs recommend integrating multiple LANs that require different IP addressing using a router and an Ethernet switch that fully supports IEEE 802.1Q VLANs. This provides the flexibility to integrate additional LANs later without purchasing extra Ethernet interfaces for the router. The equipment has the ability to support multiple VLANs on a single router interface from a single switch port and maintain separation of Ethernet collision domains while routing the IP packets among VLANs. These capabilities may be combined into one device called a layer 3 switch. A layer 3 switch can replace both a router and a layer 2 switch, but is usually more expensive.
VLAN capabilities can be incorporated in the Internet (main dealership) router. Adding isolation routers between LANs and the dealership's network switch are unnecessary for security when the proper Internet firewall guidelines are followed. Additional hardware adds complexity, cost and may reduce performance.
It is extremely important to document both the physical and logical layouts of the dealership's network environment. This greatly reduces the time needed to troubleshoot problems and make changes or additions to the network. Clear, concise documentation is best kept in a centralized location. The documentation includes:
Support contact information for each LAN.
Support contact information for the Internet Service Provider (ISP).
Copies of all support contracts.
All IP address information (Address pools, Domain Name Server (DNS) addresses, and default gateways for each LAN and the ISP).
Demarcation points for each support organization.
Keeping the documentation up to date is important.
In addition to the layouts and support information, the Ethernet switch ports should be clearly labeled with IP address information as well as VLAN membership information. Verify that the LAN provider provides and maintains a copy of this documentation.
The following sections include a description of the information needed to implement the multiple LAN environments. Gathering the items in the section on Network Design Framerwork routers and Required ISP Information is required regardless of whether the network design is done in-house or by an outside provider.
For each LAN in the dealership, use the site survey forms in the Appendix A, Dealership Needs Assessment to collect and document the following information:
Support contact information.
IP subnet address and subnet mask.
Existing default gateway IP address for client PC's.
Existing Client DNS requirements.
Identify the connection point on the LAN (router interface or switch/hub port).
IP address on the LAN for the dealership's network router interface. (Obtain from ISP)
Dynamic Host Configuration Protocol (DHCP) information.
|Reserve IP address for DHCP server on the LAN (could be the router)|
|Reserve IP addresses for File Servers|
|Reserve IP addresses for Printers|
|Reserve IP addresses for other servers or devices|
The Internet Service Provider must supply the following information:
Support contact information.
IP subnet address and subnet mask.
IP addresses for Demilitarized Zone (DMZ) if needed. (Public Internet IP addresses space).
Public DNS server addresses (two minimal).
Login information if needed for the router/firewall to establish connectivity.
Identify the demarcation point and the connection type (modem, router, bridge, etc.) With DSL, Satellite, Wireless, and Cable Modem, it may be an Ethernet port. With T1 or Frame Relay, it may be a V.35 interface on a Channel Service Unit /Data Service Unit (CSU/DSU) or it could be an Ethernet port on an ISP supplied router.
When designing and installing VLAN environments, the following items deserve special consideration:
Review the design information gathered earlier. Review for possible IP address conflicts.
Again AD will have issues with not being your networks DNS. This setting will be in the DHCP server.
Document and label Ethernet switch ports as to which VLAN they are a member of and include IP address information as well.
Identify and order Cat5E cable drops needed to connect each LAN with the Ethernet switch. Be aware that crossover Cat5E patch cables may be needed when connecting from switch to switch or hub to switch.
Configure the router interface for the Internet transport.
NAT (Network Address Translation) or PAT (Port address Translation. Wikipedia provides a good introduction to NAT, PAT and allied concepts. See also: http://computer.hhowstuffworks.com/nat3.htm
Security (recommend firewall on this interface).
Configure the router interface for the dealership DMZ if needed.
Public Internet IP address space will be needed.
Security (Firewall rules for the DMZ will need to be implemented).
Configure the interface for the Ethernet switch.
Primary IP address and subnet mask.
Secondary IP address and subnet mask for each VLAN.
VLAN configuration and naming for each VLAN.
NAT for each LAN going to the Internet.
DHCP network and DHCP helpers for each VLAN.
Configure VLANs on the Ethernet Switch.
Define VLANs by IP address.
Assign ports to VLANs.
Ensure that the port connecting to the router is a member of all the VLANs.
Label and document everything.
Configure static IP routes.
Default route to the Internet (transport/ISP interface).
Other routes as needed.
Test for proper, configuration and functionality.