I work at a small business. We use a Cisco RV260 router. We have just under a dozen servers, and maybe a dozen workstations and then people's cell phones, tablets, etc, on the network.
Right now, everything is on one VLAN - one subnet. This means anyone on the network, from the sales team to the tablets, to a guest at the office, could theoretically have network access to our core business infrastructure - the servers.
I want to change this. Obviously. I've been trying to read up on this before making a proposal to my boss on Tuesday, but sometimes the terminology gets dense and I have trouble understanding how to actually implement separating different devices into their own subnets.
For example, I'd like to get the sales team on one subnet, the support team on another, and the servers on their own, etc.
Ideally, I'd like to be able to create these subnets with the infrastructure that we already have. From what I can tell, I can create a VLAN (on the RV260) for each subnet that I would like to have and thereby isolate the servers from the salespeople from the support team, and so on.
If I'm right so far, what would I need to change on the actual servers/PCs/etc to get them operational on this new network configuration (eg do I need to change the default gateway on them?)? Is there anything special I would need to do when setting up the VLANs?
Do I need to have a separate router for each subnet that I want to create? Or is having a VLAN sufficient to create new subnets?
Then, to take things a step further - how might I go about getting two subnets to communicate if I need to? For example, allowing the support team to share files with the servers, should I need to? Would it be possible to restrict which parts of the subnets can communicate to each other?
No comments:
Post a Comment