Planning VLan Setup, input wanted ...
Am going to segment my network with VLans and would like some input for the best way to organize it. I will be dealing with one router DLink DFL-300, one switch DLink DGS-1224T both hooking up 2 servers, 3 workstations, 4 NASs, 2 Network printers, one wireless AP, 1 streaming device, and some network cameras on board. I will also have a DMZ connection for testing/repair work. I know the NASs with be completely seperate on only available internally, but beyond that I am open to the most practical suggestion. I sure appreciate the comments
More information would be helpful, like what computers need access to the NAS? Is it just the servers or do you plan on using one NAS for music, on for movies, etc, etc? What are you using the servers for? Which computers need to connect to them? Why do you want to VLAN, what are you hoping to achieve by doing this? Most of what you might be looking to do could probably be accomplished using switches/router in the proper configuration.
Mainly this is my home/home office setup. I will have one Windows 2003 server and 1 MacOSX server running the backbone services (web, mail, simple storage, etc.). Then I will have 2 networked printers. These will be available to all internal systems. Next I will have one wireless AP that will be running roaming wireless duties (mainly 1 desktop workstation, 2 laptops and any guests). They should be able to use the printers, but have no contact with the servers.
I will have 3 NAS boxes, one for images & media (shared with all), one for private files and one for backup duties. The router will be the only outside interface, but will have a DMZ port set for repairing & testing systems. I also have two wired workstations that will be using the network, acting mainly as duty WS boxes (main graphics work and 3D creation). The only requirement will be to have networked render services available on any permanent WS/Server for batch rendering duties. I appreciate your input ;-D
From your description a single L3 switch set up with NAT, PAT and ACL's or policy-maps could achieve what you want to do, with a sufficient amount of ports and WLAN capability.
The DMZ VLAN should route only to and from the internet using NAT (you'd need multiple NAT statements, and as a consequence probably multiple DHCP pools).
The internal LAN should allow acces to the servers, NAS's and the internet, the latter via NAT. The servers would allow only internal LAN, NAS's and the internet with both NAT and PAT, no DHCP pool for tjose due to PAT.
The private NAS VLAN would just allow LAN and servers, just routing, no NAT needed, the public would allow more. A basic ACL would take care of this if you set it up properly.
Then the WLAN is just a continuation, just basic routing to whichever other VLAN's you'd like. The ACL's on teh other VLAN's would either allow or block that access depending on how you set it up.