Internet Access
- Two internet connections from two separate ISP’s are recommended for failover & business continuity, when possible.
- The Primary internet connection should have a block of 5 static Public IP’s assigned, for network segmentation.
- The Primary internet connection should have at least a 100x10mbps bandwidth speed, or higher if you are implementing a guest network.
- A secondary internet connection can be dynamically assigned with a lower bandwidth connection. No lower than 5mbps upload speed is recommended.
- If two ISP’s are unavailable in your building we do suggest a firewall capable of USB WWAN failover.
- ISP modem/router should be bridged or put in pass-through mode; turning off any firewall settings (especially SIP alg & H.225 when using VoIP phones), turning off NAT, turning off DHCP & turning off any WiFi networks that are being broadcasted. If your ISP is Verizon, you should connect directly to the ONT removing the wireless router provided unless your property is using cable TVs from FiOS then you will need to keep the modem connected and supply it one of your static IPs.
Physical Infrastructure
- There should be a designated area, free from obstruction, for all the network equipment. A network rack is recommended.
- All Ethernet runs should be qualified (at 1gbps) and clearly labeled on both ends. Recommend using Cat6 cabling & keystones whenever possible. (long runs over 175ft should use Cat6A)
- Patch Panels, Switches, and all other network equipment should be clearly labeled, especially to identify segmented networks.
- All network equipment should be rated for at least a gigabit connection speed.
- We recommend using managed switches to segment the POS, Office, and Guest networks. A VLAN capable Firewall, Switch and Access Point are recommended.
- We recommend using a PoE firewall or Switch to power the Wireless Access Points
Wireless Access Points
- Wireless Access Points should be mounted according to the type of antenna. We recommend a WAP with an omnidirectional antenna, ideally mounted to the ceiling.
- For best performance, WAPs should be placed near POS locations and have a direct line of sight to the terminals and printers.
- WAP’s should be capable of broadcasting both the 2.4Ghz and the 5Ghz bands on the same SSID and should be capable of band steering. Both bands are required for the SALIDO install.
Network Setup
- All networks should be completely segmented. (Office, POS, Guest, etc.) We recommend segmenting all internal networks on a single firewall using VLAN’s and necessary firewall rules.
- Throttling the Guest network or using QOS to reserve POS bandwidth is recommended.
- If you are using two separate firewalls to segment your networks we recommend making sure the POS network is not double NAT’d and is completely segmented from all other networks (both LAN & WLAN)
- We recommend using a Class C Private IP subnet for your Native/Office network. E.g.192.168.2.0/24
- We recommend using a Class B Private IP subnet for the SALIDO network. E.g.172.16.0.0/24 (preferably keeping the POS network off of VLAN ID 1)
- We recommend using a Class A Private IP subnet for the Guest network. E.g.10.0.0.0/16
- Fixed or reserved IP’s should be used on the native network to prevent IP conflicts with statically assigned devices.
The POS network MUST be PCI compliant and should be scanned/tested for compliance.
- Please check PCI compliance regulations and implement any necessary network changes needed.
- Please secure and completely segment the POS network. All internal networks should not be able to communicate with each other (unless specifically designed). No network traffic should ever be allowed to cross on to the POS Local Area Network (LAN) or WLAN.
- Please hide the POS SSID.
- Please use complicated passwords to get on to or manage the network. Especially on the POS network. (8+ characters, containing at least 3 character types: UC, lc, #, sym)
- Please turn off DHCP on the POS network and only connect SALIDO devices to said network.
A network audit by independent networking partner Macadept is available upon request and is recommended prior to the SALIDO installation.