galanticoMemberJun 29, 2013 at 12:51 am #161833
I’ve the below scenario that I need to figure a way out :
– staff network with 70 nodes, VLAN100
– 8 x external clients using our serviced-office (2 nodes each), total 16 nodes, VLAN201-208, no inter-VLANs traffic allowed
– 2 x 48port L2 switches stacked into 1 virtual 96-port switch (for all the VLANs)
– 1 x Fortigate 60C firewall
Thought of the following ways to assign IPs to these VLANs :
1. Via Windows Server DCHP with differing scopes for each VLANs
2. Let Windows assign IPs for VLAN100 and Firewall’s DHCP assign IPs for VLANs 201-208
3. Use 48+24Ports stacked switch for VLAN100 & a L3-Lite switch (eg. HP Procurve 1910) for VLANs 201-208. Let the L3-switch do the DHCP role.
Much as Method 1 being the simplest to implement, I’m not comfortable with external computers accessing an in-house DC/DHCP/File&Print Server for IPs. I’m deciding between Methods 2 or 3.
If Method 2, I understand that one higher-end firewall is able to assign a DHCP scope to different ethernet ports on them. Ie. Scope 1 for Port 1 to VLAN201, etc… What is this feature usually known as in the Firewall speak? Also, can anyone confirm whether fortigate 100C is able to perform this job?
If Method 3, the HP1910 will be VLANed into 8 and I’d need to assign the gateway as the Firewall, correct? Also, I assumed the DHCP on 1910 will be able to assign differing scope to the various VLANs? How will the Firewall be able to route the incoming traffic (diff VLANs, diff scope) from the 1910 to the internet?
Pardon me for asking so much. I’m not very versed in networking.
You must be logged in to reply to this topic.