I've been tasked to design our VLAN setup, which currently is non-existing, for our customers.
During a brainstorming session, we came up with 9 VLAN's based on devices / services:
- Server VLAN - VM servers
- Network VLAN - switches, routers, hubs, AP's, ...
- VoIP VLAN
- Security VLAN - Camera's, Alarms, garage ports, ...
- Guest VLAN - Guest Wifi
- User VLAN
- Printer VLAN
- Other VLAN - All which not fall under one of the other categories
- Management VLAN - Physical Servers, Management Ports on switches, routers,
Looking at some other information about setting up VLAN's there are a lot of different opinions. Some are based on Floor, other on departments, rooms, faculties, ....
We deduced 2 fundamental requirements for this setup so it can be used for all of our customers:
- Scalability
- Security
For ease, all VLAN's are a 10.0.xx.0/24. Our customers are not big enough to really worry about complicated IP segmentation. Should we get a customer with different sites, than it will be 10.x.xx.0/24
Our operation manager does not want to overdo it and this is what I believe is the bare minimum, looking at scalability and security as the 2 fundamental requirements.
Asking your 2 cents to see if we should merge some VLAN's or even extend it.
No comments:
Post a Comment