Background Information:
The main branch of a subsidiary owned by the company I work for is now large enough to justify an overhaul of its existing server and network infrastructure.
Brief:
A large part of what they do is computer repair, which is why we are looking at using VLANs to separate parts of the network for security and QOS. We are trying to determine how many VLANs we need, and in what configuration.
First Scenario:
VLAN 10 - Management
VLAN 11 - Servers/Switches
VLAN 12 - VOIP
VLAN 13 - Printers
VLAN 14 - Video/Security
VLAN 15 - Offices/Office WiFi/VPN Clients
VLAN 16 - Repair Lab/Lab WiFi
VLAN 17 - Rebuild Lab/Rebuild WiFi
We will be using layer 2 switches, so we will need a router for interVLAN routing.
The big question is, how will this affect bandwidth in relation to accessing our storage? VLAN 16 & 17 will be sharing a deployment server. That server will be connected via four gigE connections with link aggregation. If the interVLAN routing is going to a router through a single gigE connection, I assume that will effectively cap the throughput gained by using the link aggregation...? If that is the case, I am open to suggestions to deal with that issue; otherwise we will move on to scenario two.
(NOTE: I am aware that I could use link agregation on two ports for VLAN 16, and two ports for VLAN 17. However, the load between the two VLANs will not always be the same or consistant, and having them share all of the bandwidth will allow the two labs to use more when the other one is not.)
Second Scenario:
VLAN 10 - Management
VLAN 11 - Servers/Switches
VLAN 12 - VOIP
VLAN 13 - Printers
VLAN 14 - Video/Security
VLAN 15 - Offices/Office WiFi/VPN Clients
VLAN 16 - Repair Lab/Rebuild Lab/Lab WiFi
In scenario two, the only change is that VLAN 16 & 17 are now both on VLAN 16 (and the WiFi will be shared). The deployment server will connect directly on VLAN 16 (for deployments only) so that no routing is necessary. While this is an acceptable solution, it is not ideal because there are things in the repair lab that we would prefer not be directly accessible from the rebuild lab (and vice versa).
Questions:
1) As asked above, how will the interVLAN routing affect bandwidth?
2) Does the number of VLANs seem reasonable, with logical divisions?
3) Will one of the two scenarios meet my needs, plus allow for growth? If not, what might?
4) Should the VPN Clients be on their own VLAN?