Network Design decision Help


I'd appreciate some input in here. I'm relatively new to design decisions. Here's the plan so far, feel free to completely change it given your experiences.

I have about 10 vlan's in office A, this is connected to various other sites via WAN's. In Office A I have an internet vlan and the rest of the vlan's are restricted access via acl's on the vlan, (3750-E switches). Moving forward I want to evaluate whether this is the best decision. Shall I keep the current setup or is there a better way i.e add a firewall or separate the network somehow?

Thanks for your input.



Not possible to say really without the requirements ie. you can't really design a solution without knowing what you are trying to solve.

So the sort of things you need to answer

1) Do you have budget for more kit if needed - always one of the most important constraints on any design

2) How important is resiliency/redundancy to you

3) Does remote sites utilise the internet connection in site A

4) Why are you restricting access/what are you restricting and is this not sufficient to meet your companies security requirements

5) What factors are influencing your decision to re-evalaute whay you have eg. will there be more users coming along, are you planning to introduce a new technology, such as VOIP, to your network

The above are just a few of the issues involved. Without filling in some of the blanks it's really not possible to suggest anything.



Hi Jon,

Sorry for the delay, I've been off sick.

In answer to your questions:

1)Yes I can purchase more kit if necessary

2) Very important, I always have two links.

3) No, remote sites don't utilise the local internet connection. Each site has their own internet connection.

4) I've just joined the company and here all vlan's are locked down by acl's restricting access in and out of the vlan. I wanted to address this and see if it can be implemented better in any way. Basically we have different trading environments each in their own vlan, with internet enabled pc's in an internet vlan.

5) I am going to introduce VOIP this year, and managing these lists is becoming a bit of a head ache.

Thanks for taking the time, if you need more please let me know as I'm not 100% sure what information is needed to address this question.



