VLAN for BHS

Dear,

what do you think about using VLAN for the Baggage Handling system network vs having a dedicated LAN. In case of VLAN, The BHS network will be part of the building converged network and it will have its own VLAN.
I appreciate if i can get any feedback from VLAN for BHS already implemented in a certain airport.

thank you!

charbel

I don't have any specific experience with baggage handling systems.

In theory, it would probably work fine. The VLAN would allow you to isolate the automation system from the rest of the network.

In practice, it isn't always quite as simple. You often need more expensive switches to handle VLAN's, unless they are already in place. Depending on the configuration, VLAN's may require you to plug specific ethernet cables into specific ports, which can cause maintenance issues. Upper level systems often need access to the controllers on the network, which can make the VLAN setup more complicated; you must know what needs access to what. It also means you are at the mercy of the local IT department whenever you want to make changes or whenever THEY want to make changes.

I've seen some systems where VLAN's were an excellent tool. I've also seen systems where they were added to try to cover up poor system design, and it made things needlessly complex.

A VLAN won't protect you if IT makes a mistake on a config or pushes a new firmware to the switch and has issues etc.

Your network should follow this design http://www.cisco.com/web/strategy/d...mendations_plantwide_ethernet_deployments.pdf
as laid out on page 2.

The exception is the physical layer. You can acomplish what they have on page 2 with 1 physical network or 2.

IMHO any system that needs to control other components over a network such as a BHS should have it's own physical network meaning cabling patching and switch and firewall controlled by MFG.

If you just had a bunch of stand alone production cells and just wanted to do historian, Data colletion, recipes, tec. then it would be ok to use the converged physical method but when you need network control a seperate network is best. Myself I try to do a seperate network either way because things always chnage and you never know what the future holds and what you may need down the road.

This way any mistakes on the corporate side switch don't bother the BHS as that's not a system you ever want to go down in an umplanned manner.

The 2 physical seperate networks should only pass the limited info they need to pass within the DMZ.

I have over 200 network designs under my belt at this point and IMHO this is the best way to do it. Not the cheapest mind you but the most reliable.