I have a scenario that i'm hoping i can get some help with. I'll be as detailed and descriptive as i can.
This is for a business with 100 employees nodes and 100 camera nodes all needing IP internet through private addressing and public gateway.
I have a business class gateway with a private range of 12 public addresses. Ther modem does nothing but act as a gateway since i have disabled the firewall and DHCP.
In place of the firewall and DCHP from the modem i have installed a RV120 Firewall with VPN. When installing i replicated the IP scheme of the modem as to not disturb and distrup the devices assigned addresses from that scheme from the modem. I did this because the owner could not have any down time or any disruption to the business operations.
The RV120 now acts as firewall , DHCP , and VPN. I'll address the subnet first. I's using 10.0.0.0/24 subnet range.
DHCP is assigning 10.1.10.50 - 10.1.10.100 the rest are static and i plan to use static DHCP with the IP and MAC assigned to each static DHCP address.
There are 100 cameras with static IP addresses in the range of 10.1.10.11 - 10.1.10.40, and 10.1.0.1.101 - 10.1.10.170.
There are no layer 3 switches that i know of. Just a layer two that is the primary swith and ports have run out, and various out of the box switches and wireless access points connected to the primary switch.
I want to implement subnets into the network and VLANS as well on a new Layer 3 switche from cisco. Thinking 3550 from Cisco or one of the older layer 2 switches with layer three capabilities.
I also want to introduce a 192.168.0.0/24 IP range for the existing wireless network and segment the traffic from the rest of the traffic on other ranges.
I want to replace the 10.0.0.0/24 DHCP alltogether and the static addresses for end user nodes on the same network, but keep that range just for camera nodes segmented.
I want to implement a NEW end user IP range and VLAN for employee/guest networks using the 172.16.0.0/24 range.
Iv'e thought of replacing all the wireless nodes with RV120's and use VLAN. Dont know if that strategy works. Need to think it through.
I want the 192.168.0.0/24 IP range comunicate to with the 172.16.0.0/24 and possibly the 10.0.0.0/24 range.
Any advice on how to do this?
As a side note the next step after this is to install a server domain controller as all the computers are all stand alones in their own workgroups. It's a simultaneous project that will introdue a DCHP, WINS, DNS server.
Hi Omid, it sounds like you're proposing the 3550 switch but you're not decided yet. The 3550 switch is a pretty old device and needs enhanced multilayer image. It may be more prudent to use a more current switch such as small business SG300 or SG500 as the feature set is more rich and it supports around 480 LAN connections.
To answer the inquiry, the RV120W, when you create a VLAN it will automatically create an IP interface. From this you may assign subnet as you like along with 'enable or disable' for inter vlan routing. Since the RV120W has this feature, a layer 3 switch is not required unless you are looking to keep the routing load smaller by routing locally with the switch.
With Catalyst or a small business switch you would need to create a VLAN. After creating the VLAN, on a Catalyst you can simply issue "switchport trunk encapsulation dot1q" on the desired interface and all VLAN will passage without issue. For a port connecting a user "switchport mode access" "native vlan xx" This will assign the port as untag member of the desired VLAN.
If using a small business switch, it is slightly different, you still create the VLAN but the command issue is a bit different "switchport trunk allowed vlan add xx" for the link to the router, where xx = the VLAN ID to tag to the router. For access client it remains the same as Catalyst.
Please mark answered for helpful posts
The 3550 has 49 ports and the price is right at used.cisco.com. The SG's just have 24 ports.
I also have also considered using more RVs because they are routers with VLAN and Access points all in one to replace the out of box switches and separate access points altogether.
Any comments at all, idea, knowledge not matter how trivial please help by responding.