[ale] Off topic but we're already almost there: VLANS?

Jim Kinney jim.kinney at gmail.com
Thu Feb 25 14:26:58 EST 2021



On February 25, 2021 2:07:58 PM EST, Neal Rhodes via Ale <ale at ale.org> wrote:
>
>I have never worked with VLANS before.
>
>My understanding is the simple (ha!) way of doing VLAN is to let the 
>wired switches (NetGear) assign it based on what port into which things
>
>are plugged.
>
>Imagine a church with offices and sanctuary upstairs, community schools
>
>and distance Learning downstairs, printers for each, and Wifi hotspots 
>here and there. And now everything is getting a 192.168.1.x address 
>assigned by the DHCP on the Firewall Router.
>
>And there are some obvious reasons you might not want students 
>downstairs having access to office computers, or the audio mixer in the
>
>sanctuary, but they might need to print something on occasion.
>
>Ergo the outline of Routers/VLANS I'm thinking of is below.  Indented 
>generally means "I'm plugged into this device above".
>
>Main Firewall Router: (now Cisco, but likely Ubiquity soon)
>     - Comcast VoiceEdge Server (No VLAN)
>     - Office Switch (NetGear)
>         - VLAN1
>             - PolyCon Office phone-sets
>                 - Computers Connected to them
>             - Computers wired direct to switch
>             - Office Wifi Hotspot
>         - VLAN2
>             - Sanctuary Switch
>                 - Propresenter PC
>                 - Streaming encoder
>                     - Camera
>                 - X32 Wifi Hotspot
>                     - X32 Audio Mixer
>                     - Mixer Control Tablets
>         - No VLAN assigned
>             - Office HP Printer
>             - Office Toshiba Printer
>             - Hanberry Hall Wifi Hotspot
>
>     - Downstairs Switch (NetGear)
>         - VLAN3
>             - Community Schools phone-sets
>                 - Computers Connected to them
>
>             - Downstairs Hallway Wifi Hotspot
>                 - Students doing Distance Learning
>           - Shepherd's Hall Wifi Hotspot?? (do we have to move cable? 
>Or can that hotspot claim VLAN3?)
>                 - Students doing Distance Learning
>         - No VLAN assigned
>             - Community Schools Toshiba Printer
>
>My understanding is that each switch will add the VLAN tag, and that by
>
>default the Firewall Router will not pass data from one VLAN to another
>
>VLAN.  Thus:
>- Any device can obtain internet NAT service;
>- Any device can print to any printer NOT on a VLAN;
>- Any device can access the VoiceEdge server;
>- No devices outside the Sanctuary VLAN2 can access it;
>- No devices outside the Office VLAN1 can access it;
>- There is no need to enforce the Guest logins on the downstairs Wifi, 
>as there are no resources to compromise other than paper and toner.
>
>How Comcast voice behaves is important to know.  Do phone-sets only
>talk 
>to the voice server?  or do they talk to each other?   I shall attempt 
>to beat an answer out of them on this.
>
>Am I thinking right on this?  what Firewall Router feature requirements
>
>are needed to support this?


Alcohol. Large amounts. Use local access controls to smash out users no allowed on device foo. Large, flat ip space or literally use multiple IP spans and an internet gateway device for nat. VLAN was created to keep two machines with same IP address from clashing. 

Are you really looking at more than a class A private network? VLAN is technology abused to keep CNA's employed.
>
>regards,
>
>Neal
>
>
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>https://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo

-- 
Computers amplify human error
Super computers are really cool


More information about the Ale mailing list