Hi to all, i need some tip/advice in designing a small business lan with 3/4 vlans
vlan10: management (accessible only via a jump box with 2 nic)
vlan20: guests (access only to internet, no private lans)
vlan30: servers (access to internet + clients vlan)
vlan40: clients (access to internet + servers vlan)
less than 20 clients (win10pro domain joined)
less than 5 servers win2019std (domain controller, erp/crm, file server, backups/service machine)
Premises:
- i don't want to use Cisco and Ubiquity hardware (preferred HPE-Aruba and Zyxel)
- the management + guest part is clear, but i accept advices...
Here are my questions:
What i can use for routing between clients an servers vlans? an hardware firewall? a layer 3 switch? other?
I want to create firewall rules (and maybe acl) from clients to servers allowing only the bare minimun traffic: dns udp/53 + smb tcp/445 + sql 1433/tcp + what is needed for client servers handshake/comunication.
I want to have no bandwith bottlenecks between clients and servers (3/4 ports lacp trunks? 10gbe ports? what else?)
Clients dhcp server: what is the best between these options?
a) a standalone DHCP server (firewall? server? ) on the client vlan (only the dns will be on the server vlan, or i need also a dns relay agent to the domain controller?)
b) a dchp relay agent on the server vlan, and use a windows domain server as dhcp server?
c) other ?
thank you
No comments:
Post a Comment