cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1625
Views
0
Helpful
7
Replies

How to access Vlans to Local servers vlan and dmz vlan

sajjadarab47
Level 1
Level 1

Hello
I have a question regarding VLAN access to servers on a Core switch.
See, we have these hardwares in our organization's network

A Fortigate firewall

I want to put a 3850 switch in the network core

15 2960 switches that have the role of Access.

We do not have a Distribute switch.

I want to have 10 Vlans in the network and since the users are in different places, I cannot use Local Vlan and I have to use End to End. These Vlans are going to be created by the Core switch and the VTP service, and I don't want there to be any communication between the Vlans. That is, I don't want to use IP routing on the Core switch.

But all Vlans must have access to DMZ servers and Local Servers.

One way is to define a hardware interface number for each zone (DMZ and Local Server) on the firewall. This causes the load of traffic on the firewall to be high and the traffic of users to access the internal servers comes and goes back to the firewall. (PLAN A)
The second way is to define two VLANs with the names DMZ and Local server on the Core switch and activate the IP Routing service on the Core switch, which allows users to access other VLANs. (PLAN B)

Thank you

7 Replies 7

can I see topology ??

 

balaji.bandi
Hall of Fame
Hall of Fame

Segmentation is always good, so you can control what device to access what resource based on the VLAN or Source IP address.

Your plan is the most standard setup, I only see the difference between A and B is VLAN (or is there something I am missing? ( as per the diagram)

you have 2960 to 3850 Layer 2, 3850 to Forgitware and other Service Layer 3.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

What is your suggestion ?? A or B???

 I only see the difference between A and B is VLAN (or is there something I am missing? ( as per the diagram)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

neaugust
Cisco Employee
Cisco Employee

can i see topology?

 

sajjadarab47
Level 1
Level 1
 
Review Cisco Networking for a $25 gift card