VLAN IP Addressing

[taonga]

Hello.

We've asked someone to help us reconfigure our network.Currently we have a a 192.168.0.0 255.255.255.0 and gateway 192.168.0.1 LAN/Wifi network (about 50 users). We also do not have voip but the new setup will have voip. We now want to setup VLANs.

Im thinking of the following VLANS

1. Voice Vlan
2. LAN/Office Wifi Vlan
3. Public wifi vlan
4. Biometrics Vlan (only four devices).

The guy doing the setup has asked for the following information

1. How Many Vlans do you need? - (I would say 4)
2. 2 ip addresses for the switches - (192.168.0.10,192.168.0.11)
3.Default gateway for the switches - (192.168.0.1)
4. subnetmask - (255.255.255.0)
5. DHCP server - (192.168.0.180 - 192.168.0.220)

Access Points

1. How Many ssid's - (2 - Offie wifi and Guest wifi) - 192.168.1.0 255.255.255.0
2. 2 ip for access points - (192.168.1.10 and 192.168.1.11_
3. default gateway - (192.168.1.1)
4.subet mask - (255.255.255.0)
5. DHCP - 192.168.1.101 - 192.168.0.150)

he didnt ask about the voip but this what im thinking
Voip
1. ip Address - 192.168.2.0 255.255.255
2 default gateway -192.168.21

Never worked with VLANs before please advise what would be the best setup

 

[R4ziel]

That seems fine to me, I can't see why that couldn't work. He will just have to allow the Vlan's on all the switches, but if he is setting it up I assume he knows that.

 

[irBosOtter]

Add a Management VLAN for the switches and whatever else has a management port so that you do not use up IP's in the lan

VLAN 5 Mng Vlan 192.168.5.1/24

So your switch IP's are 192.168.5.2 and .3 or whatever you want to use in that range, then switch GW will be 192.168.5.1

If your AP's are vlan capable you can add them to this vlan as well to connect to the management IP's, if not leave them on 2

 

[irBosOtter]

Oh and if you guys allow user devices (personal phones etc) to connect to wifi then create another vlan for that as well, if AP's support VLANs

Busy moving a branch over from one range to multiple vlans

As per this screenshot, everything currently in on Internal1 on the 192 range.

Created 7 vlans on that internal4
BYOD - Personal Wifi devices
CiscoMNG - Cisco switch management network
Datavlan2 - for desktops
Guest Wifi - guests
Voice - Voice
Wifi15 - For company wifi equipment
WifiMng - Management of Wifi AP's

 

[RoganDawes]

You also need to setup rules to control routing between the VLAN's (otherwise there is not too much point!)

Generally, this may be done by a firewall with a trunked port, which will also handle routing to the internet. The firewall will be configured with VLAN interfaces, and will allow e.g. traffic from Public Wifi VLAN to the internet only (perhaps with restrictions such as bandwidth management, or captive portal, etc), traffic from certain workstations on the office VLAN to the management VLAN (i.e. your workstation), traffic from the management VLAN to e.g. your Wifi controller, traffic from the office VLAN to the PABX on the voice VLAN (or not, if the phones are all connected to a VOIP gateway on the internet), etc

 

[McGuywer]

View attachment 477484

"Invalid Attachment specified. If you followed a valid link, please notify the administrator"

 

[irBosOtter]

"Invalid Attachment specified. If you followed a valid link, please notify the administrator"

F knows what happened there lol thanks