I apologize right now for the noob questions, and the likely hood of some very stupid sentences.
Im taking a few networking papers at uni, but there seems to be a lack of real world examples of networking, and we are getting alot more theory based work.
Meaning I feel like I am missing out on some key points on designing a network and best ways of doing things.
Im not sure if this is the best place to ask, so feel free to tell me off, or move to another section,
but I have a example network in my head, and I was wondering if I could get some help understanding a few things.
Firstly network design
You have a public and private network, so guests can use the internet, but dont have access to internal servers and such
there is also a management network which an admin can use to access routers / switches / servers etc and manage them, (security purposes in my head)
and a security network with cameras, and / or other security devices.
To me, you break this into different subnets and vlans, to keep all the traffic separate, for EG
192.168.10.x - Vlan 10 - Guest
192.168.20.x - Vlan 20 - Private
192.168.30.x - Vlan 30 - Security
192.168.40.x - Vlan 40 - Management
Now from class, I know you put a router in at the top which you can use to route the networks to the internet, as well as each other, with security procedures in place
EG. only authorized computers can access the security network to monitor it. and the guest network cant go back down into the private network.
But this is where things get a little lost on me, and I could do with some discussion and clarifications.
DHCP - To me there are 3 ways of doing this
1) Put a separate dhcp server on each network which serves only that network
2) Put one dhcp server with multiple NIC's (or virtual nics) serving all networks, as I know dhcp is offered based on the interface subnet it came from
3) Put one dhcp server on either the management network, or another "servers" network, and add DHCP helpers to the router to forward on dhcp requests.
Which of these is better, and what are the pro's and cons of each.
and is there another way of doing it which I dont know about.
DNS - Similar sort of deal to the DHCP, (This is for internal dns, not external)
Can you add one DNS server at the top, and do DNS forwarding, similar to the DHCP helper, and if so, how does it work
or do you need to add a DNS server to each network, either a separate one per network, or one with multiple connections in and out.
and finally, this is a thought I keep coming to when thinking about this all, and how it all works together
Lets say I have a file server available on the network. I want the security network to access part of it to store surveillance footage on, part of it to be open to the private network for people to store files on, and part of it to be open to both the pubic and private network so a guest can drop a file on, and someone can access it from a internal pc.
I know the easy and obvious option would be, just use 3 different file servers, but what if there is only space or budget for one large one.
I know you can do the option of having multiple network cards, one per network, and setting up the file structure to bind to the interfaces.
but doesn't that open up to security risks, having all three networks combining at that point.
As well as this I keep going to the DNS for it.
Say your internal network is abc.local.
Your computers get named based off this.
PC1.abc.local, printerA.abc.local
and I assume your guest devices also get named, Guest1.abc.local
If you give your file server files.abc.local, how does the dns work for it.
if an internal pc accesses files.abc.local, it will look it up in the dns records and find 3 different ip's for it
Guest, Internal and Security.
Does it only return the one based on the IP from which the requst came, like DHCP does.
or do you need to separate out the dns zones
For eg
internal.abc.local, security.abc.local, guest.abc.local
So your devices will be named
PC1.internal.abc.local, Cam1.security.abc.local, GuestLaptop.guest.abc.local
and your file server will get
Fileserver.internal.abc.local, fileserver.security..... etc
Sorry if alot of this doesn't make sense, it doesnt to me and I feel like im making connections in how it works in my head, which don't work in the real world.
Which is why im asking for some advice and clarifiation.
pomtom44 got a reaction from Lurick in Help understanding network theory
