We need help in designing our substation network and connecting it to our corporate LAN. The substation network consists of Ethernet radios connecting approximately 25 substations in a 30 mile radius. We have several different systems operating at each station such as SCADA and AMR. We need to segregate each of these networks and route them to different servers at headquarters. We would also like to have access to the corporate network for remote email and internet connections. At each substation the Ethernet radio will drop a TX connection to a hub, switch or router. We will connect the SCADA processor, AMR processor and maybe a computer to this device. Back at the office we bring the TX connection to either a layer3 switch or router to direct the traffic as needed. Our LAN is already protected via firewalls and such from the outside world so I don?t see a need in another firewall. My two major concerns are routing the traffic correctly and blocking users from plugging in a computer at a substation and accessing the LAN. Please give advice on what equipment is necessary to reach our goals and how to block any computer from plugging in at a station and having complete access (maybe we need to use a VPN or something)

Thanks in advance!