Small Office Networking


This is a continuation of the question titled 'small office networking architecture' at

I am trying to design an architecture for my new office. My objectives are:
- supporting employees totalling not more than 24 at the moment.
- segregating each department to have control over who can reach who
- having an WiFi access point to the meeting room for public access via laptop. This probably mean another VLAN which will not see the other departments at all.
- having a WiFi wireless network with encryption and password authentication.

My current proposal is:

broadband connection
     layer2 managed switch
     |               |              |
  n dept       n dept      WiFi Access pt/router

1) I would be using a layer2 managed switch such as Linksys SRW224G4 and D-link 3526 where VLAN is implemented by port grouping. When this is done,
          a) will the VLANs be able to see one another implementing these layer2 VLANs?
          b) ACLs are avail but only seems applicable for specific addresses within each VLAN, not a ACL between VLANs.  
              Anyway to implement ACL VLANs via these L2 managed switches?

2) For the WiFi, i stated either AP/router. Logically speaking AP is used but i would like to know if i can use those broadband routers as the access point instead such as Linksys WRT54G? If yes then wad is the point of using access points when these routers have more features yet cheaper?

Who is Participating?
Lee W, MVPTechnology and Business Process AdvisorCommented:
I would say you are overthinking this.  A network of 24 people is NOT going to be stressful on bandwidth.  And managing it using VLANs doesn't make much sense.  EXCEPT for a VLAN for wireless, I wouldn't bother with anything else.  What you WANT to do is use appropriate security groups on your server.
I go with leew: most companies don't even think about vlanning with 150 users.

I am not sure about the wireless concept, as in I don't see it being used much in your setup.  Users want all or nothing, and if you deliver only basic internet access but your users still need to go through the burden of using passwords, I foresee nobody will bother with it.  If you have alot of visitors which you want to offer internet access, you are better off with a decent hotspot-like access point.  Wireless routers have no interesting functions that AP's don't have in your setup.

It seems very obvious both VLAN's will be able to connect to each other.  Which other use would you have otherwise of VLANs and such a switch?  Wheither you can use ACL's on the layer 2 VLAN's is not clear to me, but that's because mostly such systems are set-up on layer 3 with policies.
pajiaoAuthor Commented:
Hi guys sorry for my stupidity the questions arent answered directly
1 a) probably, what else is the use?
b) Usually done in l3
2) routers are routers, AP's are ap's.  Adding a wireless router will mean you need to do routing configuration to get the thing going.  An AP is mostly plug and play; disable the internal dhcp server and you're done because an AP is in effect just a switch.
Generally, routing between VLANs (and the ACLs that apply) are done at the router, not within the VLANs on the switch.

You're going to need a router that supports multiple internal subnets, preferably over an 802.1q trunk.  (Note that the typical SOHO "4 LAN ports" routers have them all on a single VLA/subnet....)  And if the router and the switch don't do trunking, you'll need a router uplink port for each VLAN, so a 24-port switch isn't going to be enough for 24 users....

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.