Hello,
I am brand new here. A bit of background:
We have a 10 story building and about 400 people at our primary location, and two much smaller branch offices. Most of our 400 employees are software devs who need access to machines in our data centers. We have Palo Alto firewalls at each of the three locations.
We just purchased brand new Instant APs (335) for each of locations, with about 35 for our primary location. We also purchased brand new Aruba 5412 chassis switches for our wired connectivity on each floor.
Finally we don't have a wireless controller, we do have the VM edition of Clearpass with basically all features licensed, and we plan to use the Palo Alto for inter-vlan routing (especially outside of the data center).
I have the following goals, in approximate order of importance:
1) Need to create 3x access zones:
A) Guest with internet access only
B) Standard employee workstations with access to data center #1
C) High-security employee workstations with access to data center #1 and data center #2
2) Want to use Palo Alto as inter-vlan router and also remote VPN access. Want to share as much info/credentials between Clearpass and PA (I think there is an integration here that passes user credentials? Does it pass anything else?)
2) Want wireless to be able to roam between floors for video conferencing etc.
3) Want same SSID if possible for Zone B and Zone C. Guest can be same or different SSID (don't care much).
So, a few questions about the above:
What is the best subnet layout for our wired and wireless network? Lots of /24 subnets or one big /20?
Are there any limitations using Instant APs that I will regret or need to understand?
Do I need a seperate Clearpass VM at each branch office or can I simply have them connected via a VPN tunnel to the HQ? What about one VM at HQ, and one VM at the larger branch office?
Thanks!
(First Post)