Sunday, May 2, 2021

Vlan Segmentation Design (Windows domain network)

Hi to all, i need some tip/advice in designing a small business lan with 3/4 vlans

vlan10: management (accessible only via a jump box with 2 nic)

vlan20: guests (access only to internet, no private lans)

vlan30: servers (access to internet + clients vlan)

vlan40: clients (access to internet + servers vlan)

less than 20 clients (win10pro domain joined)

less than 5 servers win2019std (domain controller, erp/crm, file server, backups/service machine)

Premises:

- i don't want to use Cisco and Ubiquity hardware (preferred HPE-Aruba and Zyxel)

- the management + guest part is clear, but i accept advices...

Here are my questions:

What i can use for routing between clients an servers vlans? an hardware firewall? a layer 3 switch? other?

I want to create firewall rules (and maybe acl) from clients to servers allowing only the bare minimun traffic: dns udp/53 + smb tcp/445 + sql 1433/tcp + what is needed for client servers handshake/comunication.

I want to have no bandwith bottlenecks between clients and servers (3/4 ports lacp trunks? 10gbe ports? what else?)

Clients dhcp server: what is the best between these options?

a) a standalone DHCP server (firewall? server? ) on the client vlan (only the dns will be on the server vlan, or i need also a dns relay agent to the domain controller?)

b) a dchp relay agent on the server vlan, and use a windows domain server as dhcp server?

c) other ?

thank you



No comments:

Post a Comment