Understanding VLANS or Zones

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
Forsters
New Member
Posts: 3
Joined: Mon Jun 03, 2019 2:25 pm

Understanding VLANS or Zones

#1

Post by Forsters »

Just installed new Managed switches. I'm a network engineer, so I understand the purpose behind using s VLAN, but the Church doesn't allow us STS's to see the policies behind the Zone. Does anyone understand the intended purpose behind the following:

1. Special Purpose Zone: What advantages / disadvantages does a Special Purpose Zone provide? When should we apply one?

2. Link: Should we use Link to connect larger Unmanaged switches in the meetinghouses? Or Public?

While deploying these switches I have adhered to the following principles:

1. Nothing but the Managed Switch and Modem Uplink connected to the Firewall.

2. ALL of the Meraki POE Access Points connected to the Managed Switch and tagged to Zone "AP".

3. ALL of the Facilities connections connected to the Managed Switch and tagged to Zone "Facilities".

4. Currently I have the Unmanaged switch connected to the new Managed Switch on the Public Zone, but I'm not sure if that's correct.

5. ALL Meetinghouse endpoints connected to the Unmanaged Switch.

I don't currently deal with Workforce users, so I haven't had to tag any endpoints to Workforce, but I don't see that as an option on these Meraki MS120 switches. Along those lines, I might need to deploy a managed switch into a Bishops Storehouse. Would those be considered Workforce users or Public?
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Understanding VLANS or Zones

#2

Post by russellhltn »

Here's what I know:

Public: is assigned an IP in the 192.168.x.x range. This same range is re-used at every site, so the church has enough IPs for overlapping congregations of devices.

All other zones tend to be assigned a unique 10.x.x.x address so someone outside the building can VPN to them.

Facilities: For devices like A/C, Door control, Parking gates, and satellite receivers.

Special Purpose: Generally it's for a FHC This allows the Family History Department to monitor the printer. It's also likely important for the FHC access to paid portals.

Workforce: Church Employees

Special Purpose and Workforce will only show up if they've been authorized for your location. I'm not sure what the differences are between the non-Public zones, but I'm guessing it has to do with web filtering rules.

Link: Only for connecting managed switches. Unmanaged switches are connected to the appropriate zone.

All APs must have a connection to their own port on a managed switch. I had gotten an indication from one source that it should be direct (no POE - the switch will take care of that), but I'm not 100% about that. Given that both the APs and managed switches belong to the same family, some non-standard stuff might be going on. Perhaps using the extra wire pairs as a side channel, or since the switch would be supplying power, it could be used to power cycle the AP remotely.

I'm not sure about the Bishop's Storehouse. If you install it and see it as an option, I'd take hat as a suggested answer. Otherwise, you'd need to contact MHT.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
Forsters
New Member
Posts: 3
Joined: Mon Jun 03, 2019 2:25 pm

Re: Understanding VLANS or Zones

#3

Post by Forsters »

Thanks for the thorough answer. This is good information and very helpful!
Post Reply

Return to “Meetinghouse Internet”