Hi, and thanks for reading. I hope I've come to the right place, if not, kindly point me to the right place.
I need a bit of advice in best setting up my network at my church building. I recently became responsible for the technology in the facility and that includes the computers and network. I’m an audio sales engineer by profession and have a recently upgraded sound system head end installed (more on that later).
To this date, every network device in the building as been on one subnet (192.168.0.0/24). Here’s what we’re working with.
- 5 PC’s
- 1 networkable copier/printer/scanner machine
- Networked Video Recorder, for our security camera system
- Audio System
o I have several devices that use Dante (digital audio over IP) to move audio around the building; 2 of the PC’s need
to communicate with these Dante devices
o A few of the devices (digital signal processor, power amplifier, control panels) have network connections for
control and configuration, and live on the network. 1 of the PC’s (1 of the 2 that also needs Dante access) needs to
be able to communicate to these devices
- 2 wireless access points
o These are Cloudtrax cloud managed wireless mesh access points that seem to be highly capable, with the ability
to assign VLAN tags, and utilize multiple SSID’s; one of the guys who was running things before I took over
recommended them to me
o The general congregants of the church will use the WiFi during bible class and sermons to send/receive emails,
access electronic bibles, and such using SSID 1
o SSID 2 is for “office” staff, and
o SSID 3 is for building equipment (WiFi thermostats, mainly)
- General network gear is the following, starting from the outside working in
o Cable modem for broadband internet service, which delivers a public IP
o Ubiquiti EdgeRouter Lite router with 3 interfaces
o 2 Cisco SG300 series managed gigabit switches; a 10-port and a 28-port model, both the PoE+ version
§ One of these lives beside the modem in the room where the service entry is, there are a few devices connected
to it: one of the WAP’s, the fire alarm panel, the door access control panel.
§ The last port of the first switch connects to the second (larger) switch, in the sound booth, where the rest of the
devices previously mentioned are connected
My goals are to segment the network so not all devices are not on the same broadcast domain. I’m not sure if I need VLANS, different subnets, or both, nor am I entirely sure on how to set them up in the router. I have decent network knowledge, but mostly from the client side, and this is my first foray into a “network admin” type of role. I just don’t want to screw it up.
I’ve done a ton of reading on the subject so what I think I want to do is group the devices as such:
- General WiFi (SSID1)
- PC’s and printer
- Dante audio devices
- Non-Dante audio devices
- Office WiFi (SSID2)
- Building Equipment (WiFi SSID3, fire alarm panel, access control panel, etc.)
I’m open to suggestions if this grouping makes sense. If you do offer suggestions, a brief explanation of why would be helpful, so I can learn from this experience for the next time I need to do this.
My concern is making sure that devices in different groupings can still “talk” to the devices that they need to. For instance, there will be times when I will use my iPhone to control the audio system wirelessly, even though I’ll be on the Office WiFi, I will need to get to the non-Dante audio devices subnet.
My other concern is addressing, DHCP and such. I think I can set up multiple DHCP servers on my router, and then have it dish out the addresses to the different VLANS/groups. My question is, do I need to set up a different DHCP server for each subnet?
Regarding the VLAN’s, I just need to make sure the port setup is correct between switches and routers and WAPs. Which are trunk? Which are access?
Again, thanks for reading, any and all help is appreciated!
No comments:
Post a Comment