Currently our network has zero VLANs (one massive network). The plan is to change this at some point in the future and I’ve been working on planning out the change.
Single Network -> 172.29.100.0/22 IP Range, Many VPN networks (192.168.114.0/24, 192.168.115.0/24, etc.) all routed to act as one massive network. Our Firebox VPNs are configured to have one Data VPN connection with one IP range, and a second VPN connection for the phones using a different IP range.
Of note is that we have a second company here now (a division we sold) and so part of the plan is to separate them completely using VLANs. They do not have any servers on-site. But they are part of our PBX server.
- VLAN 1 - Corp Desktops/Laptops/Corp WiFi - 172.29.100.0/22 - Will route to Infrastructure and Dev VMs
- VLAN 2 - Desk Phones/PBX Servers - 172.29.99.0/24 - Will be able to route to Infrastructure via Firewall
- VLAN 3 - Infrastructure Servers/VMs - 172.29.98.0/24
- VLAN 4 - Development VMs - 172.29.104.0/24 - Will Route to Infrastructure via Firewall
- VLAN 5 - IoT Wireless/Wired - 172.29.105.0/24 - Direct to Internet
- VLAN 6 - Staff WiFi - 172.29.106.0/24 - Direct to Internet
- VLAN 7 - Guest WiFi - 172.29.107.0/24 - Direct to Internet
Phones will still use VLAN2
- VLAN 500 - Desktops/Laptops/Corp WiFi - Direct to Internet
- VLAN 501 - Staff WiFi - Direct to Internet
- VLAN 502 - Guest WiFi - Direct to Internet
If I could get some feedback on the proposed layout that would be great.