My understanding is the simple (ha!) way of doing VLAN is to let the wired switches (NetGear jgs524pe) assign it based on what port into which things are plugged.
Imagine a church with offices and sanctuary upstairs, community schools and distance Learning downstairs, printers for each, and Wifi hotspots here and there. And now everything is getting a 192.168.1.x address assigned by the DHCP on the Firewall Router.
And there are some obvious reasons you might not want students downstairs having access to office computers, or the audio mixer in the sanctuary, but they might need to print something on occasion.
Ergo the outline of Routers/VLANS I'm thinking of is below. Indented generally means "I'm plugged into this device above".
Main Firewall Router: (now Cisco, but likely Ubiquity soon) - Comcast VoiceEdge Server (No VLAN) - Office Switch (NetGear) - VLAN1 - PolyCon Office phone-sets - Computers Connected to them - Computers wired direct to switch - Office Wifi Hotspot - VLAN2 - Sanctuary Switch - Propresenter PC - Streaming encoder - Camera - X32 Wifi Hotspot - X32 Audio Mixer - Mixer Control Tablets - No VLAN assigned - Office HP Printer - Office Toshiba Printer - Hanberry Hall Wifi Hotspot
- Downstairs Switch (NetGear) - VLAN3 - Community Schools phone-sets - Computers Connected to them
- Downstairs Hallway Wifi Hotspot - Students doing Distance Learning - Shepherd's Hall Wifi Hotspot?? (do we have to move cable? Or can that hotspot claim VLAN3?) - Students doing Distance Learning - No VLAN assigned - Community Schools Toshiba Printer
My understanding is that each switch will add the VLAN tag, and that by default the Firewall Router will not pass data from one VLAN to another VLAN. Thus: - Any device can obtain internet NAT service; - Any device can print to any printer NOT on a VLAN; - Any device can access the VoiceEdge server; - No devices outside the Sanctuary VLAN2 can access it; - No devices outside the Office VLAN1 can access it; - There is no need to enforce the Guest logins on the downstairs Wifi, as there are no resources to compromise other than paper and toner.
How Comcast voice behaves is important to know. Do phone-sets only talk to the voice server? or do they talk to each other? I shall attempt to beat an answer out of them on this.
Am I thinking right on this? what Firewall Router feature requirements are needed to support this?
regards,
Neal
Model: JGS524PE|ProSafe Plus 24 ports switch with PoE
What Firewall Router feature requirements are needed to support this?
The Firewall Router should support VLANs. Also, it should be able to serve as DHCP server to each VLAN you will set up.
For the switches, it would be best to consider the Smart Managed Pro Switch Models of NETGEAR like the GS324TP instead of the JGS524PE. The JGS524PE belongs to the Smart Managed Plus Switches family. To learn the difference between the Smart Managed Pro and the Smart Managed Plus Switches, kindly click this link. To know more about the GS324TP, kindly check its data sheet here.
