Hi Everyone,
I want to redesign our network setup to be more secure. Currently we have 3 VLANS which we can call 2, 20, and 29. Our WiFi network has 3 SSIDs, MH, User, and Guest.
VLANs:
- 2 is for servers, and WiFi devices also land on this VLAN when connecting to the MH network.
- 20 is for user computers and devices like evil printers.
- 29 is for the mechanical/electrical dept so they can put their stuff on that side.
WiFi:
- MH is for internal devices that need to communicate with a few servers. These land on VLAN 2.
- User is for employees to connect to the WiFi. Aruba system assigns 172 addresses to these so they don't have VLAN IPs, but they can communicate with servers.
- Guest is for anyone external to come in and connect. The guest network assigns 172 IPs, but has no access to anything internal. Just internet access.
Some ideas I had:
- WiFi devices should hit VLAN 20, and should be connected only by approval as they can access servers.
- Employees should connect to the user network but should only have access to specific servers that I allow.
- I was considering segregating VLAN 29 so they cannot access VLAN 2. They wont need access to servers.
- Upgrade WiFi encryption method.
What is the best way is to limit access to some servers across VLANs but leave some servers available for access? Would I just give them an IP on the server network and the user network? What is the recommended WiFi encryption method these days? Any advice and informative references like YouTube videos or other documentation would be greatly appreciated. I would love to hear about your network setup if you feel it is applicable here.
No comments:
Post a Comment