I am in the middle of re doing the network and Firewall (I am a former cisco guy) but due to the difference in price I was unable to use Cisco.
procurveee 29XX and 1XXD Fortnet. having a difficult time making a decision and probably over thinking this but this is the first time I dont have a team to help plan things out. This would be much easier in a brand new environment
middle of a complete Network overhaul- Trying not to interrupt normal production at the same time but I know there will some.
I already re wired the engineers with CAT6A Shielded. Previously IT admin didn't use a patch panel and has random home grade switches spanned across 60k sqft with no backbone cabling and 3 24 port smb unmanaged switches as the core. You cannot tell where any wires are going its a complete mess.. Ill upload a pic later today.
My Ideal -- Overall Ideal
To keep production flowing re wire one department at a time it worked for migration to new domain etc ! 1 CAT6A cable for data and future 10G speeds and 1 CAT6 for VOIP ( keeps cost down. VOIP is not yet implemented that is a future project). create VLANS as I Go and keep the original LAN as management network once everything is said and done.
Move Designers from old switch to new and setup a VLAN for them. Install New Firewall and use a router. Connect old switches to new firewall to keep everyone working\
ammers -- These guys can Talk to everyone but office.
VLAN20 SHOP 192.168.3.1-- Need to see main directory same as engineers but cannot talk to Office -IT Management - or Managers
VLAN30 Office/Managers 192.168.4.1-- Can see everything but Management network
VLAN40 Management 192.168.5.1- Segregated to admins only--Firewalls-Motion-etc
VLAN60 Printers-192.168.6.1 Everyone can see them
VLAN70 Machines-192.168.7.1-Only Need to see shop
VLAN80 192.168.15.1 Guest
Now my question is do I need to put the file server and DC and all the servers on the on the management network and trunk the ones who can see it or have access? or whats the best way to do this
We have few I P address and what I wanted to do since we have 3 WAN ports on gateway and 3 useable address I wanted to separate traffic guest/employees use .89 Exchange uses/web server uses .88 Is this a bad ideal? Create multiple pipes out.
The messed up part of the Data Center since I had to do System's upgrade before the network. So I had no choice since the cables were not marked etc and recovery from disaster right before new hardware arrived ... 3 "core switches" unmanaged that connect everyone. I have Also Attached Pics if this is all garbled up
Just to many ways of doing this and only one person to think this over.
The question is WWEED * what would experts exchange Do*....How would my fellow engineers go about this or any flaws in this design ?