NAT, VLAN and idea checking
Background: Planning for a complete overhaul of our network. I'm trying to think of those things that we could implement to future proof the network and make it easier to manage. We have the hardware sorted but my mind is trying to sort out all the other networky bits and you suddenly realise how much you know but aren't actually well acquainted with.
So, we are on a defined IP range from our county grid but I think we could well start to press up against that soon, especially as we are hoping to allow personal wireless devices to start using the network soon. We have a Smoothwall box so my idea is to have that link directly into the router on the county IP range and then all our devices internally on a different range. My thought process would be that NAT can sort this. Am I right and would NAT allow specific County IP addresses to be forwarded to a specific internal IP, for example our internal webserver has requests forwarded to a specific IP from the outside?
Also would setting up VLANs be a good strategy from the start? I think I saw someone post their VLAN plan and it had servers, switches, printers, clients and guest devices all separated. Is this good practice or over kill?
Does anyone run a DMZ? Would this be useful for our webserver (runs website, Moodle and various services) or not much benefit?
Any other thoughts for things to implement?