My company sublets a number of offices to other companies. Thus I am looking for a way to separate individual offices in an office suite so that each office is unable to locate the devices (PC, Printers, etc) in adjoining offices for obvious security purposes. We also have a public wireless network that I need to separate from all of this, as we and clients regularly have outside vendors in for meetings.
Current switches HP Procurve 2600 series layer 2 POE switches. Our firewall is providing DNS / DHCP with a tunnel created for corporate use to our datacenter at a collocation site. I am testing my concepts / design here prior to attempting to implement for obvious reasons of saving time and headaches if my thoughts / design will not work properly.
I can use VLAN's to accomplish this task. VLAN 1 (10.0.x/24 subnet) all other VLANS utilize 192.168.1.x/24 subnet. IP phones are all internet based so no need for a voice VLAN.
Ports 49 & 50 on all switches (3 in all) creating a tagged trunk linking all together and to the firewall for client access.
Switch 1 (first 32 ports VLAN 1 - untagged port 1 links back to firewall for firewall access)
Switch 1 (ports 33 through 38 VLAN 2 Public Wireless - untagged - port 49 / 50 tagged)
Switch 1 (ports 39 & 40 VLAN 3 Printing available to all VLANS except VLAN 1 - tagged all VLANS except VLAN 1 set to NO)
After this each set of 4 ports on a switch coorespond to an office. e.g.,
Switch 1 ports 41-44 office 10 VLAN 10 untagged - tagged ports 49, 50 - NO all other ports
Switch 1 ports 45-48 office 11 VLAN 11 untagged - tagged ports 49, 50 - NO all other ports
Switches 2 & 3 to follow same pattern so that all 26 of our client offices are separated.
Question 1 - am I on the right track?
Question 2 - is there a better, easier, more simple way of accomplishing this?
I am also hoping to procure layer 3 switches within a few months. Should I wait for that or proceed?