Hi there 1st post on reddit (woohoo) but a reader since ... well quit a bit of time for various reasons ^^
well i'll try to keep it short but probably won't manage to do so...
Oh and sorry for my english skill, not a native one ...
1st is : i'm a nertworking noob.
2nd is : i'm a networking noob, but i may be slightly less noob than my coworker on this topic. (hence i get to do it, which is kinda interesting must admit :) )
3rd is : i'm scared -_-'
well, we are a ~1300 ppl in ~35 branches.
Each branche connected to each other via "business" VPN
No networking configuration on thoose branches actually (default VLAN 1 and that's it)
Wifi is coming, (had to do so ... sorry) aruba solution with IAP is the winner. (RADIUS is in too obviously)
the goal is to secure a bit all of this throught VLAN, every branches would get something like :
- SSID guest + captive portal
- SSID "corporate" (PC)
- Wired enpoint (PC)
- Printer
- Server
- IT service
- IT "managing" (switches ... )
And... here i am.
I was planning to use "normal" VLAN and for each vlan his own subnet (kind of messy when you need to find somthing similar yet different for each branch..) and found out something like "private VLAN" existed, and now i'm wondering if that would not be better for what i intend to do.
I am wondering too if there is no other "better/simpler" possiblity and may be the most important thing is how to implement this "the right way"
i would not dare to ask of you to do my job obviously but i'd really appreciate help on this.
Forgot to tell but we do not own our router (ISP does) but we can ask for "changes" on it.
Wifi solution is aruba IAP + airwave + clearpass
Actual devices in the branches are Cisco Sx300 (layer 2 but can provide some layer 3 functionalities)
if by any chance someone need more intel to provide advices, please ask i'll answer to the best of my capabilities
thanks in advance reddit
No comments:
Post a Comment