So I am a volunteer for a small non-profit (social club), and although not a network engineer, I a somewhat advanced home user (SSL VPN's, QOS, etc., on my home network.
Here's my initial thoughts, but I am probably missing something.
|-Primary WAN
|-Backup WAN
...>VLAN POS (wired clients only), POS machines, this network transacts with credit card information.
...>VLAN OFFICE (wired and wireless clients), owned computers, printers, etc. At least one computer needs access to VLAN POS, maybe more.
...>VLAN VOIP (mostly conference calls).
...>VLAN MEMBERS (wifi private member only network), some may need to access printers on OFFICE.
...>VLAN Guest -- wireless guests only, no password required.
There are about 300 members, with about 50 member clients at the peak usage and about 75-100 guests. We have plenty of wire throughout the building, but one AP cannot cover the entire area.
We currently do not have a server installed on the network, and I would like to avoid that if possible. There are only two non-POS systems, one of which is hardwired. In the case of a failure, ideally only the POS system and manager system would have access.
Additional desirables: incoming VPN, IDP, QoS, etc. Also the ability to block torrenting. We do have 4 fixed IP addresses from the ISP.
My thoughts
--ZyWall USG 50 (it does have a built-in authentication service)
--Netgear FS726TP, 24-port 10/100, 2 Gigabit, 12 PoE (for AP's, Video Conferencing)
-- 2 X AP's (maybe 3), not sure of which ones.
I'm not sure if the AP's really need multiple SSID's, or one with a login screen. Also, any thoughts on the equipment (too limited, etc.) I'm working on a tight budget.
The current equipment is a bunch of home based routers, and AP's, all with different SSID's. The wired portion of the network is controlled by a donated Cisco IOS series switch (not sure which model), which is segregating the POS System. It is not working well as we have a lot of non-members who use the system with no bandwidth limitations, etc.
Here's my initial thoughts, but I am probably missing something.
|-Primary WAN
|-Backup WAN
...>VLAN POS (wired clients only), POS machines, this network transacts with credit card information.
...>VLAN OFFICE (wired and wireless clients), owned computers, printers, etc. At least one computer needs access to VLAN POS, maybe more.
...>VLAN VOIP (mostly conference calls).
...>VLAN MEMBERS (wifi private member only network), some may need to access printers on OFFICE.
...>VLAN Guest -- wireless guests only, no password required.
There are about 300 members, with about 50 member clients at the peak usage and about 75-100 guests. We have plenty of wire throughout the building, but one AP cannot cover the entire area.
We currently do not have a server installed on the network, and I would like to avoid that if possible. There are only two non-POS systems, one of which is hardwired. In the case of a failure, ideally only the POS system and manager system would have access.
Additional desirables: incoming VPN, IDP, QoS, etc. Also the ability to block torrenting. We do have 4 fixed IP addresses from the ISP.
My thoughts
--ZyWall USG 50 (it does have a built-in authentication service)
--Netgear FS726TP, 24-port 10/100, 2 Gigabit, 12 PoE (for AP's, Video Conferencing)
-- 2 X AP's (maybe 3), not sure of which ones.
I'm not sure if the AP's really need multiple SSID's, or one with a login screen. Also, any thoughts on the equipment (too limited, etc.) I'm working on a tight budget.
The current equipment is a bunch of home based routers, and AP's, all with different SSID's. The wired portion of the network is controlled by a donated Cisco IOS series switch (not sure which model), which is segregating the POS System. It is not working well as we have a lot of non-members who use the system with no bandwidth limitations, etc.
Facebook
Twitter