VLAN DESIGN WITH CISCO SG300's, DELL 5524's and a Sonicwall NSA3600
Posted on 2014-01-27
Working on a VLAN design, we currently do not have any VLANs deployed. Setup a couple VLANs in a test environment in Layer 2 mode and created a trunk to the Sonicwall, creating the zones and subinterfaces on the Sonicwall. Got that working fine, but moving forward have several questions.
Here is a glimpse of our environment:
2 - Dell 5524 switches
2 - Cisco SG300 switches
1 - Sonicwall NSA3600
1 - Sonicwall Pro 3060 (test environment right now)
2 - Hyper-V servers running 4 Virtual machines each.
- Domain Controllers
- WEB Server
- Public Reservation system which Staff has to access
- Adding 20 IP cameras so, will need VM to run management and recording software
Want to seperate the Public LAN from the Staff Lan and am torn between running two seperate AD domains or just seperating by VLANs. Problem is the management and that they share some resources such as printers so, that is the first question. Here are my questions for now anyway:
1. Should I put the Staff and Public LANs on their own AD domains or just seperate with VLANs?
2. Once I setup VLANs can I still use dumb switches in the config (eventually want to eliminate but need for now)? In other words, can I mix and match or is it VLANs or not?
3. How should I address the shared printers or other resources, maybe through the Sonicwall with access policies?
4. Do I leave the switches in Layer 2 mode and let the Sonicwall do all the routing?
5. Does it make sense to incorporate the our backup Sonicwall into the configuration at all?
6. VLANs by their very nature block all broadcast traffic - correct assumptions even if there is interVLAN routing between subnets?
Would appreciate any input!