VLAN DESIGN WITH CISCO SG300's, DELL 5524's and a Sonicwall NSA3600
Working on a VLAN design, we currently do not have any VLANs deployed. Setup a couple VLANs in a test environment in Layer 2 mode and created a trunk to the Sonicwall, creating the zones and subinterfaces on the Sonicwall. Got that working fine, but moving forward have several questions.
Here is a glimpse of our environment:
2 - Dell 5524 switches
2 - Cisco SG300 switches
1 - Sonicwall NSA3600
1 - Sonicwall Pro 3060 (test environment right now)
2 - Hyper-V servers running 4 Virtual machines each.
- Domain Controllers
- Exchange
- WEB Server
- Public Reservation system which Staff has to access
- Adding 20 IP cameras so, will need VM to run management and recording software
Want to seperate the Public LAN from the Staff Lan and am torn between running two seperate AD domains or just seperating by VLANs. Problem is the management and that they share some resources such as printers so, that is the first question. Here are my questions for now anyway:
1. Should I put the Staff and Public LANs on their own AD domains or just seperate with VLANs?
2. Once I setup VLANs can I still use dumb switches in the config (eventually want to eliminate but need for now)? In other words, can I mix and match or is it VLANs or not?
3. How should I address the shared printers or other resources, maybe through the Sonicwall with access policies?
4. Do I leave the switches in Layer 2 mode and let the Sonicwall do all the routing?
5. Does it make sense to incorporate the our backup Sonicwall into the configuration at all?
6. VLANs by their very nature block all broadcast traffic - correct assumptions even if there is interVLAN routing between subnets?
Would appreciate any input!
Thanks Experts
Here is a glimpse of our environment:
2 - Dell 5524 switches
2 - Cisco SG300 switches
1 - Sonicwall NSA3600
1 - Sonicwall Pro 3060 (test environment right now)
2 - Hyper-V servers running 4 Virtual machines each.
- Domain Controllers
- Exchange
- WEB Server
- Public Reservation system which Staff has to access
- Adding 20 IP cameras so, will need VM to run management and recording software
Want to seperate the Public LAN from the Staff Lan and am torn between running two seperate AD domains or just seperating by VLANs. Problem is the management and that they share some resources such as printers so, that is the first question. Here are my questions for now anyway:
1. Should I put the Staff and Public LANs on their own AD domains or just seperate with VLANs?
2. Once I setup VLANs can I still use dumb switches in the config (eventually want to eliminate but need for now)? In other words, can I mix and match or is it VLANs or not?
3. How should I address the shared printers or other resources, maybe through the Sonicwall with access policies?
4. Do I leave the switches in Layer 2 mode and let the Sonicwall do all the routing?
5. Does it make sense to incorporate the our backup Sonicwall into the configuration at all?
6. VLANs by their very nature block all broadcast traffic - correct assumptions even if there is interVLAN routing between subnets?
Would appreciate any input!
Thanks Experts
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Glad to help!
ASKER
Very informative and precise.
ASKER
We are an educational environment so the Public can come in and use designated computers and peripherals. We have reservation software to control usage that the staff must access. That is all WEB based software so I can easily share that between the two groups. Just a couple printers I will have to plan for. The staff only uses the color printers and very infrequently, but still need to have access.
I agree about setting up a seperate AD domain for Public, now that we have the hardware I'm going to make that a priority.
Thanks again and if you don't have anything else to add I will close out with high marks.