February 22nd, 2012, 01:29 PM
Do i have correct hardware to subnet/vlan
We have at present a Netgear DG834 ADSL Modem Router with static external ip, an internal lan comprising 1 Windows Server 2003 AD and exchange with 1 NIC, 4 pcs running Windows 7 each with a NIC and 1 Linux machine running trixbox (Asterisk PBX VOIP) 4 Cisco IP Phones, 1 HP Procurve 2610 POE Switch and a DLink DEG Switch (i think unmanaged).
We would like to have the win2k3 server and 4 windows pcs on a internal lan and a seperate internal lan (vlan or subnet) for the trixbox and ip phones (we don't need the 2 internals to be able to communicate/share files etc)
I have read loads about the switches, vlans, subnets etc but can't get my head around how to change the network and if we have sufficient hardware. Any help would be greatly appreciated.
February 24th, 2012, 10:14 AM
Let's just start out with this question. What is the reason you want to create a VLAN? For something this small it really is not necessary. And I cannot think of any reason besides maybe creating some sort of DMZ or QoS tagging that this would be useful.
February 24th, 2012, 01:26 PM
To seperate VOIP system for security
Originally Posted by AdamPI
Thanks for replying, it may not be a vlan that i need but i wanted to seperate out the VOIP server and voip phones for security as previous experience has shown us that the voip server more difficult to secure and we want to keep this seperate from our internal lan.
I was also under the impression that ny having the VOIP server and phones on a seperate subnet/vlan i could use QoS to optimise bandwidth
February 27th, 2012, 09:36 AM
QoS was about the only thing I could see being a real benefit, security isn't completely inherent in making a new VLAN, extra steps need to be taken to really *secure* that network.
All you need is a router that can handle the VLAN tagging and can route between the two networks. One way to think about it is to treat different VLANs as actual physically separate networks. What would you need to route between them? Same thing: a router. In this event your router would need a router that can communicate and router over the different VLANs, usually this is over a single port. You create sub-interfaces on Cisco routers each one having its own IP address and is treated like a whole new network.
Does that make enough sense? Or should I go into more detail?