Is this setup Feasible? Medium Sized-Biz



  • I work for a Public Library and we currently have Cisco 2800 series routers at each (4) branches.  They are unfortunetly managed/owned by our ISP so we can't do any configs on them. I'm looking for a solution for me to manage and remove the old routers.

    Is this a feasible setup?

    4 Branches all on Site-Site VPN

    Branch 1 (main Site)
    10 Employee computers
    4ish Server (some require Direct NAT IPs)
    15 Public Computer
    Public/Staff Wifi
    IP Phones
    IP Phone Controller

    Branch 2
    13 Employee computers
    14 Public Computers
    Public/Staff Wifi
    IP Phones (which Go to controller at Branch 1)

    Branch 3
    7 Employee Computers
    18 Public Computers
    Public/Staff Wifi
    IP Phones (which Go to controller at Branch 1)

    Branch 4
    5 Employee Computers
    16 Public Computers
    Public/Staff Wifi
    IP Phones (which Go to controller at Branch 1)

    Each Location will have VLANs for Staff, Public and Voice. Additionally Branch 1 will have a DMZ Vlan

    The Staff Vlan needs to be able to access the public, DMZ, and voice vlan  (weather it is in the same branch or not)
    All the Staff Vlans at each location will need to have DHCP/DNS Handled but the windows Domain controler at that location.
    Voice/Public can have DHCP/DNS from Pfsense
    Public (computer and wifi) Should have a captive portal that requires no login
    Public should have access to the DMZ vlan.
    Public should not have access to staff or voice vlan.

    More Info

    Staff Vlan 10 (Branch 1) 10.10.100.x 255.255.255.0
    Staff Vlan 11 (Branch 2) 10.10.110.x 255.255.255.0
    Staff Vlan 12 (Branch 3) 10.10.120.x 255.255.255.0
    Staff Vlan 13 (Branch 4) 10.10.130.x 255.255.255.0

    Voice Vlan 20 (Branch 1) 10.20.100.x 255.255.255.0
    Voice Vlan 21 (Branch 2) 10.20.110.x 255.255.255.0
    Voice Vlan 22 (Branch 3) 10.20.120.x 255.255.255.0
    Voice Vlan 23 (Branch 4) 10.20.130.x 255.255.255.0

    Public Vlan 30 (Branch 1) 10.30.100.x 255.255.255.0
    Public Vlan 31 (Branch 2) 10.30.110.x 255.255.255.0
    Public Vlan 32 (Branch 3) 10.30.120.x 255.255.255.0
    Public Vlan 33 (Branch 4) 10.30.130.x 255.255.255.0

    DMZ Vlan 40 (Branch 1) 10.40.100.x 255.255.255.0

    Any thoughts?