[ale] Off topic but we're already almost there: VLANS?
Vernard Martin
vernard at gmail.com
Fri Feb 26 18:19:41 EST 2021
VLANS make a LOT more sense when you are using IPv4 and had constrained
IP spaces. If you have have a really large and complex network that
spans multiple geographic sites and don't have VLANs then you are going
to be in a world of hurt. You can do it without a CNA but then you might
as well purchase stock in adult beverage companies :)
I speak as someone that works for a media company with has one of those
aforementioned networks.
I have seen things. *shudder* The horror. *twitch*
I sometimes wonder if IPv6 were already fully mainstream everywhere if
we would be going down that road instead of using VXLAN.
On 2/25/21 2:26 PM, Jim Kinney via Ale wrote:
>
> On February 25, 2021 2:07:58 PM EST, Neal Rhodes via Ale <ale at ale.org> wrote:
>> I have never worked with VLANS before.
>>
>> My understanding is the simple (ha!) way of doing VLAN is to let the
>> wired switches (NetGear) assign it based on what port into which things
>>
>> are plugged.
>>
>> Imagine a church with offices and sanctuary upstairs, community schools
>>
>> and distance Learning downstairs, printers for each, and Wifi hotspots
>> here and there. And now everything is getting a 192.168.1.x address
>> assigned by the DHCP on the Firewall Router.
>>
>> And there are some obvious reasons you might not want students
>> downstairs having access to office computers, or the audio mixer in the
>>
>> sanctuary, but they might need to print something on occasion.
>>
>> Ergo the outline of Routers/VLANS I'm thinking of is below. Indented
>> generally means "I'm plugged into this device above".
>>
>> Main Firewall Router: (now Cisco, but likely Ubiquity soon)
>> - Comcast VoiceEdge Server (No VLAN)
>> - Office Switch (NetGear)
>> - VLAN1
>> - PolyCon Office phone-sets
>> - Computers Connected to them
>> - Computers wired direct to switch
>> - Office Wifi Hotspot
>> - VLAN2
>> - Sanctuary Switch
>> - Propresenter PC
>> - Streaming encoder
>> - Camera
>> - X32 Wifi Hotspot
>> - X32 Audio Mixer
>> - Mixer Control Tablets
>> - No VLAN assigned
>> - Office HP Printer
>> - Office Toshiba Printer
>> - Hanberry Hall Wifi Hotspot
>>
>> - Downstairs Switch (NetGear)
>> - VLAN3
>> - Community Schools phone-sets
>> - Computers Connected to them
>>
>> - Downstairs Hallway Wifi Hotspot
>> - Students doing Distance Learning
>> - Shepherd's Hall Wifi Hotspot?? (do we have to move cable?
>> Or can that hotspot claim VLAN3?)
>> - Students doing Distance Learning
>> - No VLAN assigned
>> - Community Schools Toshiba Printer
>>
>> My understanding is that each switch will add the VLAN tag, and that by
>>
>> default the Firewall Router will not pass data from one VLAN to another
>>
>> VLAN. Thus:
>> - Any device can obtain internet NAT service;
>> - Any device can print to any printer NOT on a VLAN;
>> - Any device can access the VoiceEdge server;
>> - No devices outside the Sanctuary VLAN2 can access it;
>> - No devices outside the Office VLAN1 can access it;
>> - There is no need to enforce the Guest logins on the downstairs Wifi,
>> as there are no resources to compromise other than paper and toner.
>>
>> How Comcast voice behaves is important to know. Do phone-sets only
>> talk
>> to the voice server? or do they talk to each other? I shall attempt
>> to beat an answer out of them on this.
>>
>> Am I thinking right on this? what Firewall Router feature requirements
>>
>> are needed to support this?
>
> Alcohol. Large amounts. Use local access controls to smash out users no allowed on device foo. Large, flat ip space or literally use multiple IP spans and an internet gateway device for nat. VLAN was created to keep two machines with same IP address from clashing.
>
> Are you really looking at more than a class A private network? VLAN is technology abused to keep CNA's employed.
>> regards,
>>
>> Neal
>>
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
More information about the Ale
mailing list