I explain a bit more
three years ago we had a smaller company. Everything we needed was one Nethserver which made everything: File sharing, Router, Firewall, DC, VPN, E-mail, chat, webserver (company + intranet), name server, DHCP etc… Everything was siting in one /24 subnet…
Now we had a spin-off company and during time I have reduced the number of services our Nethserver is offering. Company web is in commercial datacenter, so is DNS. For e-mail and chat we decided to use Office365. For routing and firewall and DHCP we have now separate Unifiy UDM Pro, whih is also doing VPN.
We now have three floors with office space and each floor have one network switch and about 5AP-s in total. Both companies share the space and network infrastucture.
Now I decided that both companies shall have their “own” network. From router and switches I made VLAN10 for spinoff company, VLAN20 for original company and VLAN30 for guests. Sounds logical?
Spinoff is happy in their VLAN10. They have everything (windows server, clients, printers, etc…) in their environment.
Now I want to move all original company stuff to VLAN20 and leave all network stuff (switches, router, AP-s) in default VLAN1 which will not have DHCP.
What is strange here?
OK that VPN (which nethserver is providing) I will also shut down since Router is doing it too (now L2TP via radius authentication from Nethserver) and it is porf forwarded to nethserver from router until all clients move to the new system…
What would be the best practice? Clients and printers I can move from VLAN1 to 20 easily. DC shall be also in VLAN20, since it is serving that part. Also file sharing could be only there but I prefere that I could configure from NS in which VLAN it is accessible. Currently it is accessible from NS via VLAN 20, 10 and 1, Since NS is sitting in default network and it receives all networks (tagged br0.20 br0.10 and untagged br0).
NS is also still doing reverse proxy to share our intranet (which is running in internal network) to the internet.
Goal is also to disable access to VLAN0 rom 10, 20 and 30