Background
The popular car brands have more than a hundred of dealer sites nationwide. All of the sites are connecting to the enterprise headquarter via MPLS network. The staff needs to access the enterprise network frequently to download marketing materials, check inventory information, and more. And the enterprise network has very strict security policies, only the registered IP address and MAC address are allowed to access. On the other hands, they also need to provide Internet services for both the staff and customers.
Challenges
- Only traffic to the enterprise network should send over MPLS. Regular browsing traffic should send to the Internet.
- Requires source IP unchanged when connecting to the enterprise network because the access is limited to registered IP and MAC addresses.
- Need Wi-Fi with access control for staff's devices only. The Access Control List (ACL) needs to be update in response to personnel change
- Need separated, password-protected Wi-Fi access for guests. The Wi-Fi password needs to be changed regularly.
Solutions and Benefits
- Dual-WAN Internet GatewayUse only one router as the Internet gateway. One WAN interface connects to the Internet. The other connects to the enterprise network via MPLS.
- Route PolicyOnly route the traffic destined to the enterprise LAN subnet to the MPLS network, force routing to keep their source IP. Other traffic is sent to the Internet, do NAT.
- Tag-Based VLANUse only one router but separate the local network, block the guests from accessing the staff network.
- Tag-based Multiple SSIDProvide Wi-Fi access for guests and staffs separately from one access point. Save spaces.
- SSID-Based White List ACLLimit the staff Wi-Fi access to the registered devices only, while the guest Wi-Fi is free for all devices.
Challenge: Central Management
The car brand has more than a hundred sites in Taiwan, and each site has several access points. All of them needs to provide password-protected Wi-Fi access and have Access Control List (ACL) set up for the staff SSID. The network administrator needs to:
- Change Wi-Fi password regularly for every access points across the country.
- Synchronize ACL for every access point at every site, so that staff's access is not limited to a single location.
Solutions and Benefits
DrayTek's remote configuration and centralized management system - VigorACS 2, provides the solutions to:
- Update configuration for thousands of devices in 15 minutes
- Reduce the need for an on-site technician, save time and
money
- Centralized view of all devices’ status