I'm working on rearranging my home network to be split up a bit better for security, and to avoid some potential problems.
I'm hoping someone out there can tell me if my proposed setup makes sense. I'm wanting to segregate things a bit better using VLANS in anticipation of:
-separating the mgmt network
-keeping my security cameras completely contained to their own network with no outside access
-separating the consumer devices from trusted devices
Currently, all of my setup is flat using 192.168.2.x, including the router/gateway at 192.168.2.1. ISP modem consumes the 1.x range. I'd like to move the router address to avoid 2.x as well, since there could be VPN issues at 1.x and 2.x, if I ever use a VPN.
First of all, looking at the network layout, does that make sense as an end goal?
-can I remove the VLAN1 in the switch? Anyone have experience with the HP switches and if I need the trunk/LAGG ports set as Untagged in VLAN1 and if it needs to stay that way?
I'm hesitant to make changes en-mass from reluctance to dealing with losing a network connection to the server or the switch. None of it is on VLANs currently, so I'd be making a lot of changes at once.
Correct me if I'm wrong here:
-vswitch setups change first (adding in all the VLAN port-groups and moving the VMs to them)
-make sure the BMC/DRAC and ESXi are using DHCP rather than static at least for now
-router needs the VLANs and bridges configured to which ports will be the uplinks
-physical switch changes next. implementing all the VLANs and moving the MGMT port and VLAN (might need to connect a laptop to each VLAN port group if I lose connection)
-after all that I should be able to move the router address, but I think if I've configured the VLAN bridges properly, each VLAN uses its own gateway, correct? VLAN 44 uses 44.1 as a gateway, right?
-once all that's done and I can access the VMware console, I can open each VM's console and adjust the networking IP addresses there, yes?
I'm hoping someone out there can tell me if my proposed setup makes sense. I'm wanting to segregate things a bit better using VLANS in anticipation of:
-separating the mgmt network
-keeping my security cameras completely contained to their own network with no outside access
-separating the consumer devices from trusted devices
Currently, all of my setup is flat using 192.168.2.x, including the router/gateway at 192.168.2.1. ISP modem consumes the 1.x range. I'd like to move the router address to avoid 2.x as well, since there could be VPN issues at 1.x and 2.x, if I ever use a VPN.
First of all, looking at the network layout, does that make sense as an end goal?
-can I remove the VLAN1 in the switch? Anyone have experience with the HP switches and if I need the trunk/LAGG ports set as Untagged in VLAN1 and if it needs to stay that way?
I'm hesitant to make changes en-mass from reluctance to dealing with losing a network connection to the server or the switch. None of it is on VLANs currently, so I'd be making a lot of changes at once.
Correct me if I'm wrong here:
-vswitch setups change first (adding in all the VLAN port-groups and moving the VMs to them)
-make sure the BMC/DRAC and ESXi are using DHCP rather than static at least for now
-router needs the VLANs and bridges configured to which ports will be the uplinks
-physical switch changes next. implementing all the VLANs and moving the MGMT port and VLAN (might need to connect a laptop to each VLAN port group if I lose connection)
-after all that I should be able to move the router address, but I think if I've configured the VLAN bridges properly, each VLAN uses its own gateway, correct? VLAN 44 uses 44.1 as a gateway, right?
-once all that's done and I can access the VMware console, I can open each VM's console and adjust the networking IP addresses there, yes?
Attachments
-
112.4 KB Views: 12