[ale] Off topic but we're already almost there: VLANS?
Scott Plante
splante at insightsys.com
Thu Feb 25 14:22:06 EST 2021
One thing to note: You can set the VLAN in the Polycom config file. The
advantage to that is a) if you plug a computer into the second port on the
phone, it won't be on the VLAN, and b) if someone unplugs the phone and
plugs a computer into that network port, it won't be on the VLAN.
On Thu, Feb 25, 2021 at 2:07 PM Neal Rhodes via Ale <ale at ale.org> wrote:
>
> I have never worked with VLANS before.
>
> My understanding is the simple (ha!) way of doing VLAN is to let the
> wired switches (NetGear) assign it based on what port into which things
> are plugged.
>
> Imagine a church with offices and sanctuary upstairs, community schools
> and distance Learning downstairs, printers for each, and Wifi hotspots
> here and there. And now everything is getting a 192.168.1.x address
> assigned by the DHCP on the Firewall Router.
>
> And there are some obvious reasons you might not want students
> downstairs having access to office computers, or the audio mixer in the
> sanctuary, but they might need to print something on occasion.
>
> Ergo the outline of Routers/VLANS I'm thinking of is below. Indented
> generally means "I'm plugged into this device above".
>
> Main Firewall Router: (now Cisco, but likely Ubiquity soon)
> - Comcast VoiceEdge Server (No VLAN)
> - Office Switch (NetGear)
> - VLAN1
> - PolyCon Office phone-sets
> - Computers Connected to them
> - Computers wired direct to switch
> - Office Wifi Hotspot
> - VLAN2
> - Sanctuary Switch
> - Propresenter PC
> - Streaming encoder
> - Camera
> - X32 Wifi Hotspot
> - X32 Audio Mixer
> - Mixer Control Tablets
> - No VLAN assigned
> - Office HP Printer
> - Office Toshiba Printer
> - Hanberry Hall Wifi Hotspot
>
> - Downstairs Switch (NetGear)
> - VLAN3
> - Community Schools phone-sets
> - Computers Connected to them
>
> - Downstairs Hallway Wifi Hotspot
> - Students doing Distance Learning
> - Shepherd's Hall Wifi Hotspot?? (do we have to move cable?
> Or can that hotspot claim VLAN3?)
> - Students doing Distance Learning
> - No VLAN assigned
> - Community Schools Toshiba Printer
>
> My understanding is that each switch will add the VLAN tag, and that by
> default the Firewall Router will not pass data from one VLAN to another
> VLAN. Thus:
> - Any device can obtain internet NAT service;
> - Any device can print to any printer NOT on a VLAN;
> - Any device can access the VoiceEdge server;
> - No devices outside the Sanctuary VLAN2 can access it;
> - No devices outside the Office VLAN1 can access it;
> - There is no need to enforce the Guest logins on the downstairs Wifi,
> as there are no resources to compromise other than paper and toner.
>
> How Comcast voice behaves is important to know. Do phone-sets only talk
> to the voice server? or do they talk to each other? I shall attempt
> to beat an answer out of them on this.
>
> Am I thinking right on this? what Firewall Router feature requirements
> are needed to support this?
>
> regards,
>
> Neal
>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20210225/b0f72d8e/attachment.html>
More information about the Ale
mailing list