Network Design of new equipment


This is my equipment:

1x Fortigate 200B
1x Cisco 2960S-48Port-POE(VLAN 1, VLAN 2)
1x Cisco 2960S-48Port (VLAN 1 Only)
1x Dlink 24Port-Poe(VLAN 3)

VLAN1 - Clients / Computers VLAN
VLAN2 - Phones (IP) VLAN
VLAN3 - Camera VLAN

according the info, how should i setup the equipment? What is the best way and the way will give me best results.
note that all the vlans can not communicate which one and another.

1) First option
Every switch is connected to Fortigate by 2X(Copper) via LACAP

2) Secound Option

Fortigate 200B to Cisco 2960S-48Port-POE by 2XLACP

then Cisco 2960S-48Port-POE to Dlink and Cisco 2960S-48Port

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

To prevent coms that will be easy as you are using the firewall as your router.
I would do it like this:
Int 1-2 -> 48port PoE = gateway for VoIP address
Int 3-4 -> 48port         = gateway for client address
Int 5-6 -> 24port         = gateway for CCTV

48poe = ports 47-48 LACP to FortiGate only vlan 2 untagged/native + ports 45-46 trunked/grouped native vlan 1 to the std48port.

48std = ports 47-48 LACP to FortiGate only vlan 1 untagged/native + ports 45-46 trunked/grouped native vlan 1 to 48poe.

24= port 23-24 to FortiGate only vlan 3 untagged/native.

And then in the firewall don't add rules for the interfaces to communicate between each other and them wont
also don't forget to set a quality of service on the VoIP vlan if you plan on having voip and client on one cable.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yairgeAuthor Commented:


What do you mean by "don't forget to set a quality of service on the VoIP vlan if you plan on having voip and client on one cable."

I currently have the Asterisk Server and VoIP Phones on the same VLAN(VLAN2), do i still need QOS then ? because the only data on that vlan is VoIP VLAN
Most cases you will have a VoIP phone and then a desktop going to that and if you do you will need to set a quality of service or the data will be treated as FiFo (first in First out) and VoIP need to have a higher preference.
But if you stick to what i recommended there is no mixing of vlans or data so there should be no need for QOS.
yairgeAuthor Commented:
thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Architecture

From novice to tech pro — start learning today.