Is this setup Feasible? Medium Sized-Biz
-
I work for a Public Library and we currently have Cisco 2800 series routers at each (4) branches. They are unfortunetly managed/owned by our ISP so we can't do any configs on them. I'm looking for a solution for me to manage and remove the old routers.
Is this a feasible setup?
4 Branches all on Site-Site VPN
Branch 1 (main Site)
10 Employee computers
4ish Server (some require Direct NAT IPs)
15 Public Computer
Public/Staff Wifi
IP Phones
IP Phone ControllerBranch 2
13 Employee computers
14 Public Computers
Public/Staff Wifi
IP Phones (which Go to controller at Branch 1)Branch 3
7 Employee Computers
18 Public Computers
Public/Staff Wifi
IP Phones (which Go to controller at Branch 1)Branch 4
5 Employee Computers
16 Public Computers
Public/Staff Wifi
IP Phones (which Go to controller at Branch 1)Each Location will have VLANs for Staff, Public and Voice. Additionally Branch 1 will have a DMZ Vlan
The Staff Vlan needs to be able to access the public, DMZ, and voice vlan (weather it is in the same branch or not)
All the Staff Vlans at each location will need to have DHCP/DNS Handled but the windows Domain controler at that location.
Voice/Public can have DHCP/DNS from Pfsense
Public (computer and wifi) Should have a captive portal that requires no login
Public should have access to the DMZ vlan.
Public should not have access to staff or voice vlan.More Info
Staff Vlan 10 (Branch 1) 10.10.100.x 255.255.255.0
Staff Vlan 11 (Branch 2) 10.10.110.x 255.255.255.0
Staff Vlan 12 (Branch 3) 10.10.120.x 255.255.255.0
Staff Vlan 13 (Branch 4) 10.10.130.x 255.255.255.0Voice Vlan 20 (Branch 1) 10.20.100.x 255.255.255.0
Voice Vlan 21 (Branch 2) 10.20.110.x 255.255.255.0
Voice Vlan 22 (Branch 3) 10.20.120.x 255.255.255.0
Voice Vlan 23 (Branch 4) 10.20.130.x 255.255.255.0Public Vlan 30 (Branch 1) 10.30.100.x 255.255.255.0
Public Vlan 31 (Branch 2) 10.30.110.x 255.255.255.0
Public Vlan 32 (Branch 3) 10.30.120.x 255.255.255.0
Public Vlan 33 (Branch 4) 10.30.130.x 255.255.255.0DMZ Vlan 40 (Branch 1) 10.40.100.x 255.255.255.0
Any thoughts?