I run a small (20 user) office with a 2012r2 domain network, VOIP phones and a critical guest network (we have members in meetings all the time who need internet, not network).
Having recently moved to a new facility I'd like to reconfigure some things to improve the system. I would like to set up VLANs to segregate the domain and guest users, phones, and assorted printers/hardware, but I have never used VLANs and so I'm not sure if my plan makes sense.
My hardware: two ISP routers, one running through a Sonicwall TZ400 for data and one intended for phones-only; a TP-Link T1600 switch; a couple of TP-Link EAPs; Cisco SPA508G phones (pass-through connection to PCs); and various conference phones/TVs/etc.
My intent is: VLAN 10 for user data; VLAN 20 for phones; VLAN 30 for guest data; 40 for printers/devices that don't like 802.11q; and 100 for management.
To lay it out: 10 - All ports except guest AP, ISP router 2
20 - all ports with phones, phone system router, ISP router 2
30 - Guest AP and firewall ports
40 - as needed
100 - selected ports for admins (probably just me)
Am I thinking about this right? Will this send phones through ISP2 and everything else through the firewall and ISP1, while limiting the guest AP to go straight to the firewall? Finally, do any of these need to be tagged?
No comments:
Post a Comment