Capstone: Workshop Co. Office LAN
Subnet plan for shop, office, cameras, guest Wi‑Fi.
Capstone objectives
- Produce a complete LAN addressing plan for Workshop Co.
- Document VLANs, DHCP pools, and reservations
- Define firewall policy between segments
The brief
Workshop Co. — Edmonton shop network
- WAN
- Static
198.51.100.44/30from ISP, gateway198.51.100.45 - Hardware
- Firewall/router, 24-port PoE switch, 2× APs, NVR + 4 cameras
- Devices
- 6 staff laptops, 2 printers, 1 POS, 1 kiosk, guest Wi‑Fi ~25 clients peak
- Constraints
- Guest isolated; cameras no inbound from internet; office reaches NVR UI only
Your task — network plan document
Create a one-page plan with: VLAN table, subnet CIDRs, gateway IPs, DHCP pools, at least five reservations, and inter-VLAN firewall rules summary.
Model solution
VLAN & subnets
| VLAN | Subnet | Gateway | DHCP pool |
|---|---|---|---|
| 10 office | 192.168.10.0/26 | .1 | .100–.120 |
| 20 shop | 192.168.10.64/26 | .65 | .80–.95 |
| 30 cameras | 192.168.10.128/27 | .129 | Reservations only |
| 99 guest | 192.168.20.0/24 | .1 | .50–.250 lease 4h |
Reservations (sample)
- Office printer →
192.168.10.40 - Shop label printer →
192.168.10.75 - POS tablet →
192.168.10.81 - NVR →
192.168.10.130 - Cameras →
192.168.10.141–.144
Firewall policy
- Allow: office → NVR
:443 - Allow: shop → payment SaaS (WAN)
- Deny: guest → all RFC1918
- Deny: WAN → all inbound (no port forwards)
- Allow: cameras → NVR only (no WAN)
DNS
Router at each VLAN gateway forwards to 1.1.1.1 / 1.0.0.1. Optional internal zone workshop.lan for printers.
Part 2 — growth scenario
Workshop Co. opens a second location in Calgary. They want site-to-site VPN between shops. Which subnets must not overlap with Edmonton?
Answer
All Edmonton RFC1918 ranges — Calgary should use e.g. 192.168.30.0/24 and 192.168.40.0/24 instead of reusing 192.168.10.0/26. VPN routing advertises distinct prefixes each direction.
Book 4 covers bare metal servers — when Workshop Co. outgrows shared VPS and needs dedicated hardware in a Canadian data centre.
Book 3 complete
You can plan subnets, assign addresses, design a secure LAN, and troubleshoot connectivity methodically. Workshop Co.’s shop network is documented and ready to implement.