How to let operate SCCM in different VLAN

[Stijn]

In our company I'm using System Center Configuration Manager 2012 SP1. In the days I set SCCM up we only had one network 10.0.99.0 and I could deploy images and WOL in this network. For the configuration I used the manuals on this website. Today we have three networks 10.1.1.0, 10.2.1.0 and a DMZ 10.0.99.0, but I have no idea how I need to configure SCCM so it can deploy images, SCCM client and updates in these three vlan's. I sugest that the SCCM need to be in a routable vlan so it can reach each of these vlans. But what is next?
The clients in 10.0.99.0 are all Domain servers and the vlans 10.1.1.0 and 10.2.1.0 are routable. Which means that these two vlan's can reach each other and the DMZ but the DMZ can't reach the two vlans.
Can someone provide me a step by step how to configure this?

 

[Rocket Man]

So you have a server VLAN and 2 client VLANS.

The 2 Client VLANs cant see each other, but they can both see the server VLAN. This should be no problem to achieve. In one site I have 16 client VLANs that cannot communicate with each other but they all can communicate with the server VLAN via ACLs with ports addressed to the various different services that the servers' provide.

 

Your network Guys should know how to lock down traffic via ports to the your different servers!!

 

You could start off with everything opened to the SCCM server and then gradually close ports that are not needed from client to SCCM and vice versa.

You will also have to add IP helpers on both client VLAN switches to point to the PXE servers IP address so they can find it when they need to PXE boot.

 

As for the ports that are needed by SCCM----->Client and Client---->SCCM heres a link