Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

New VLAN Architecture/Implementation

bigger_gabriel
Level 1
Level 1

‎06-03-2013 11:41 AM - edited ‎03-07-2019 01:42 PM

Hello All,

I have been given the task to architect and implement VLAN's in our company.  And I have a couple of architecture and implementation questions I wanted to run by the experts.

Quick Run Down on Topology:

There is a total of 18 Layer 3 switches and 1 asa5510 firewall/gateway.

16 of the switches are running out of the IDF and connect 1gb connection to 2 L3 switches in the MDF.  The MDF contains the server farm and firewall/gateway.

There is around 400 IP devices connected to the LAN including, Networking devices, Servers, Printers, and Desktops.

The majority of the devices are desktops and belong to our customer service agents.

Architecture Questions:

Architecture needs;  I would like to create a VLAN for, Executives, Management, Support Services, Customer Service agents, Printers, and Servers, and I need one isolated VLAN for security reasons.  Total of 7 Vlans.

The CSA's only need access to 2 servers, the Executives on down need access to all servers and printers, the isolated group need access to the same 2 servers as the CSA's.

Is it better to put all the servers in one VLAN?  or Isolate out the 2 servers for the CSA's and put the rest of the servers in another VLAN?

Implementation Questions:

Currently we do not have documentation on what switchport goes to what IP device.

Is the only way to make this work is to create a map to map all switchports to IP devices?  Is there a free program out there that can do this for me? Or is there another way to do this?

Are there any other considerations I should be aware of?   Is there any other advice from someone who has done something similar to this project?

Thank you in advanced for you help,

Gabriel

Labels:
0 Helpful
1 Reply 1

ALIAOF_
Level 6
Level 6

‎06-03-2013 01:19 PM

Is it better to put all the servers in one VLAN?  or Isolate out the 2  servers for the CSA's and put the rest of the servers in another VLAN?

**** That depends what kind of servers and what kind of security you need to setup on them.  For instance you can have some domain controllers that will sit on on VLAN with a high security level, then some servers might need to go on the DMZ like webservers with a lower security level and a different VLAN.  You might have some database server that you might want on another VLAN.  It just depends on your environment and security requirements.  If you are really looking for security and are in a PCI/HIPAA environment yeah have multiple tiers of VLANs is a good way to go i.e; different user VLANs, server VLANs and giving them access accordingly to the servers.

***** About your implementation question it is a good idea to know where your servers are connected exactly and your printers and rest of the network devices if you ever have to troubleshoot links you can do that easily instead of scrambling when there is an issue.  How many printers you have you can probably find out easily where they are connected by looking at the arp talbe and mac address table on the switches.  There are some free programs online that you can probably find on Google. 

http://netdbtracking.sourceforge.net/

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card