Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is this setup Feasible? Medium Sized-Biz

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 980 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jfinnigan
      last edited by

      I work for a Public Library and we currently have Cisco 2800 series routers at each (4) branches.  They are unfortunetly managed/owned by our ISP so we can't do any configs on them. I'm looking for a solution for me to manage and remove the old routers.

      Is this a feasible setup?

      4 Branches all on Site-Site VPN

      Branch 1 (main Site)
      10 Employee computers
      4ish Server (some require Direct NAT IPs)
      15 Public Computer
      Public/Staff Wifi
      IP Phones
      IP Phone Controller

      Branch 2
      13 Employee computers
      14 Public Computers
      Public/Staff Wifi
      IP Phones (which Go to controller at Branch 1)

      Branch 3
      7 Employee Computers
      18 Public Computers
      Public/Staff Wifi
      IP Phones (which Go to controller at Branch 1)

      Branch 4
      5 Employee Computers
      16 Public Computers
      Public/Staff Wifi
      IP Phones (which Go to controller at Branch 1)

      Each Location will have VLANs for Staff, Public and Voice. Additionally Branch 1 will have a DMZ Vlan

      The Staff Vlan needs to be able to access the public, DMZ, and voice vlan  (weather it is in the same branch or not)
      All the Staff Vlans at each location will need to have DHCP/DNS Handled but the windows Domain controler at that location.
      Voice/Public can have DHCP/DNS from Pfsense
      Public (computer and wifi) Should have a captive portal that requires no login
      Public should have access to the DMZ vlan.
      Public should not have access to staff or voice vlan.

      More Info

      Staff Vlan 10 (Branch 1) 10.10.100.x 255.255.255.0
      Staff Vlan 11 (Branch 2) 10.10.110.x 255.255.255.0
      Staff Vlan 12 (Branch 3) 10.10.120.x 255.255.255.0
      Staff Vlan 13 (Branch 4) 10.10.130.x 255.255.255.0

      Voice Vlan 20 (Branch 1) 10.20.100.x 255.255.255.0
      Voice Vlan 21 (Branch 2) 10.20.110.x 255.255.255.0
      Voice Vlan 22 (Branch 3) 10.20.120.x 255.255.255.0
      Voice Vlan 23 (Branch 4) 10.20.130.x 255.255.255.0

      Public Vlan 30 (Branch 1) 10.30.100.x 255.255.255.0
      Public Vlan 31 (Branch 2) 10.30.110.x 255.255.255.0
      Public Vlan 32 (Branch 3) 10.30.120.x 255.255.255.0
      Public Vlan 33 (Branch 4) 10.30.130.x 255.255.255.0

      DMZ Vlan 40 (Branch 1) 10.40.100.x 255.255.255.0

      Any thoughts?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.