en:intern:netzwerk:vlan-konzept_rafisa
Inhaltsverzeichnis
Concept for the VLANs of Rafisa Informatik GmbH
| Version | Status | date | Author | URL |
|---|---|---|---|---|
| 0.1 | First draft | 08.08.2019 | Egil Rüefli | |
| 0.2 | Additions | 08.09.2019 | Richi Stammherr, Tim de Vries, Silvan Dux, Egil Rüefli | |
| 1.0 | Review and release | 08.09.2020 | Richi Stammherr, Egil Rüefli | |
| 2.0 | New version | 08.09.2019 | Egil Rüefli | |
| 2.1 | Additions | 08.09.2019 | Egil Rüefli | |
| 2.2 | Additions | 29.05.2020 | Egil Rüefli | |
| 2.3 | Additions | 02.06.2020 | Egil Rüefli | |
| 2.4 | Additions | 15.06.2020 | Silvan Dux, Egil Rüefli | |
| 2.5 | Additions | 02.07.2020 | Silvan Dux | |
| 2.6 | Additions | 11.11.2020 | Saba Nadeswaran, Egil Rüefli | |
| 3.0 | New version | 17.11.2020 | Egil Rüefli | |
| 3.1 | Additions | 18.11.2020 | Egil Rüefli | |
| 3.1 | Additions | 30.11.2020 | Silvan Dux | |
| 3.2 | Additions | 06.12.2020 | Egil Rüefli | |
| 3.3 | Additions | 21.04.2021 | Egil Rüefli | |
| 3.4 | Additions | 29.03.2022 | Egil Rüefli | |
| 4.0 | Additions | 04.05.2023 | Fabio Pagotto | |
| 4.1 | VLAN61_DEPL added | 13.05.2024 | Egil Rüefli |
Subnet concept
All locations receive a /24 network from the larger private network 172.16/12, i.e. 172.16.0.0/16 to 172.31.0.0/16. The VLANs are then subdivided into the respective /24 subnets, e.g. 172.16.1.0/24, 172.16.2.0/24, etc.
| Network address range | CIDR notation | Shortened CIDR notation | Number of addresses | Number of networks according to network class (historical) |
|---|---|---|---|---|
| 172.16.0.0 to 172.31.255.255 | 172.16.0.0/12 | 172.16/12 | 220 = 1,048,576 | Class B: 16 private networks with 65,536 addresses each; 172.16.0.0/16 to 172.31.0.0/16 |
List of subnets of the Rafisa locations
| Location | Network address |
|---|---|
| Dietikon | 172.16.0.0/16 |
| Berne | 172.17.0.0/16 |
| Fribourg | 172.18.0.0/16 |
| Zug | 172.19.0.0/16 |
| Winterthur | 172.20.0.0/16 |
| Vevey | 172.21.0.0/16 |
| Basel | 172.22.0.0/16 |
| Hetzner | 172.30.0.0/16 |
Standard VLAN list
| VLAN name | Abbreviation | VLAN Function | VID | IP address | FW interface name | DHCP server | Colour |
|---|---|---|---|---|---|---|---|
| VLAN management | 01 | ||||||
| VLAN01 | MGMT | management | 01 | 172.[16/17/18/…].1.0/24 | VLAN01_MGMT | ✔️ | |
| VLAN02 | VIRTMGMT | Virtualisation Management | 02 | 172.[16/17/18/…].2.0/24 | VLAN02_VIRTMGMT | ❌ | |
| VLAN Server | 10-19 | ||||||
| VLAN10 | SRVAUTH | Server authentication | 10 | 172.[16/17/18/…].10.0/24 | VLAN10_SRVAUTH | ❌ | |
| VLAN11 | SRVGLOB | Server Global all locations | 11 | 172.[16/17/18/…].11.0/24 | VLAN11_SRVGLOB | ❌ | |
| VLAN13 | SRVPUB | Server Public | 13 | 172.[16/17/18/…].13.0/24 | VLAN13_SRVPUB | ❌ | |
| VLAN14 | SRVAUSB | Server instructor | 14 | 172.[16/17/18/…].14.0/24 | VLAN14_SRVAUSB | ❌ | |
| VLAN15 | SRVLERN | Server learners | 15 | 172.[16/17/18/…].15.0/24 | VLAN15_SRVLERN | ❌ | |
| VLAN clients | 20-29 | ||||||
| VLAN21 | CLAUSB | Clients Instructor | 21 | 172.[16/17/18/…].21.0/24 | VLAN21_CLAUSB | ✔️ | |
| VLAN22 | CLLERN | Clients Learners | 22 | 172.[16/17/18/…].22.0/24 | VLAN22_CLLERN | ✔️ | |
| VLAN23 | CLGUEST | Clients Guest (WLAN) | 23 | 172.[16/17/18/…].23.0/24 | VLAN23_CLGUEST | ✔️ | |
| VLAN VoIP | 30 | ||||||
| VLAN30 | VOIP | Telephony | 30 | 172.[16/17/18/…].30.0/24 | VLAN30_VOIP | ✔️ | |
| VLAN Printer | 40 | ||||||
| VLAN40 | LP | Printer | 40 | 172.[16/17/18/…].40.0/24 | VLAN40_LP | ❌ | |
| VLAN Lab | 50-59 | ||||||
| VLAN50 | LAB00 | Laboratory 00 | 50 | 172.[16/17/18/…].50.0/24 | VLAN50_LAB00 | ✔️ | |
| VLAN51 | LAB01 | Lab 01 | 51 | 172.[16/17/18/…].51.0/24 | VLAN51_LAB01 | ✔️ | |
| VLAN52 | LAB02 | Laboratory 02 | 52 | 172.[16/17/18/…].52.0/24 | VLAN52_LAB02 | ✔️ | |
| VLAN53 | LAB03 | Laboratory 03 | 53 | 172.[16/17/18/…].53.0/24 | VLAN53_LAB03 | ✔️ | |
| VLAN54 | LAB04 | Lab 04 | 54 | 172.[16/17/18/…].54.0/24 | VLAN54_LAB04 | ✔️ | |
| VLAN Special | 60-69 | ||||||
| VLAN60 | IOT | Internet of Things devices | 60 | 172.[16/17/18/…].60.0/24 | VLAN60_IOT | ✔️ | |
| VLAN61 | DEPL | Deployment | 61 | 172.[16/17/18/…].61.0/24 | VLAN61_DEPL | ❌ | |
| VLAN62 | SIGN | Digital Signage | 62 | 172.[16/17/18/…].62.0/24 | VLAN62_SIGN | ❌ | |
| VLAN DMZ | 70-79 | ||||||
| VLAN70 | MGMTDMZ | Management | 70 | 172.[16/17/18/…].70.0/24 | VLAN70_MGMTDMZ | ❌ | |
| VLAN71 | SRVDMZ | VMs | 71 | 172.[16/17/18/…].71.0/24 | VLAN71_SRVDMZ | ❌ | |
Basic authorisation matrix
The matrix is read row by column (access allowed/not allowed from row to column)
| VLAN | 01 | 02 | 10 | 11 | 13 | 14 | 15 | 21 | 22 | 23 | 30 | 40 | 5x | 60 | 61 | 62 | 70 | 71 | WAN |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 01_MGMT | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| 02_VIRTMGMT | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 10_SRVAUTH | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 11_SRVGLOB | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 13_SRVPUB | ❌ | ❌ | ✔️ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 14_SRVAUSB | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 15_SRVLERN | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 21_CLAUSB | ❌ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
| 22_CLLERN | ❌ | ❌ | ✔️ | ❌ | ✔️ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 23_CLGUEST | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 30_VOIP | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 40_LP | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 5x_LAB0x | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 60_IoT | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ❌ | ✔️ |
| 61_DEPL | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ❌ | ✔️ |
| 62_SIGN | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ❌ | ✔️ |
| 70_MGMTDMZ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ❌ | ✔️ |
| 71_SRVDMZ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ | ✔️ |
| WAN | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✔️ |
en/intern/netzwerk/vlan-konzept_rafisa.txt · Zuletzt geändert: 2024/06/13 13:27 von e.rueefli