I work for a company that never had any structured IT. I've been hired on to handle this now, and step one, they need a new network... 10 years ago. Seriously, they have about 100 client devices, servers, VoIP phones, etc, all on one, flat, single network; interconnected with an unmanaged 10/100 switch.
I'm a jack of all trades, without specialization (and hey! They're willing to pay for training, certs, etc., and let me learn), so I'm just looking to see if what I'm planning is sane and looking for any advice/gear changes I should consider. Thus, an early revision of my network plans.
Oh. And the internet is a Frontier SDWAN that connects via aggregated copper pairs pushing Metro Ethernet. I also need to really look over their SLA, because my gods. Despite having "Premier" managed services, they never return calls (it's been 9 days since they were "supposed" to have gotten in contact), have total control of the SDWAN, and after two weeks, we're still waiting for them to give us a VoIP phone number for my new office..... I'm not impressed. Anyone with suggestions for dealing with Frontier (I know there are some of you out there stuck with them too!), I'd love to hear it.
Key questions:
- Why do we have the RAD, it was part of the old 5MB connection, and takes a fiber line from the ML648, and outputs Cat5 to the SDWAN device, but the ML648 already has four unused ethernet ports on it. A Frontier thing? Something that just came for the ride? Or is this common for something like M-Ethernet?
- I don't know why they have an SDWAN, we have no external buildings. Despite the network map showing a "Satellite Office", this is just for obfuscation, it's just a cat5 cable running in conduit to a building next door. I figure this is for Frontier to handle the phones, but they have everything locked down, so no one but they can make changes. I'd rather be rid of it, unless there is a good business case for it. I can't even turn off the DHCP server. We have an actual IP address (static). Again, looking for any advice about how Frontier handles this stuff.
- It's a family owned company, and the buildings, as well as their houses, are all on a massive plot of land, like, hundreds of acres. So they ran fiber from the business to the three houses on the land for residential internet. I'm going to VLAN these, and each house on a separate subnet. What I'm unsure of, it is a better practice to use a /30 subnet, and put a gateway there (Unifi USG is planned); or let the Edgerouter just handle it all and just put a UniFi switch and wider /24 subnet for each house? Double NAT is a concern here, I would believe?
I really appreciate an input and sanity checks here.
Next... setting up something like Jamf to handle these unmanaged Mac all over the place...
No comments:
Post a Comment