Quick question on local vlans and end-to-end vlans
So as I have been reading through documentation on these I have had a question constantly popping into my head.
What about some sort of hybrid design. Not necessarily keeping one or three vlans on a switch, but keeping these vlans segregated at the distribution layer.
vlan 2 - Admin
vlan 3 - IT
vlan 4 - Finance
vlan 5 - Voice
Then keeping these segregated at the distribution block. Mapping these using dynamic vlan assignment controlled in a radius server.
Then in another distribution block (say you have two distribution blocks)
vlan 6 - Admin
vlan 7 - IT
vlan 8 - Finance
vlan 9 - Voice
From there doing the same thing on these and segregating these at the distribution block. Having a seperate policy for the radius servers based on which switches are authenticating the users. Would this be a bad design or would this be something advisable. So you would have four vlans on each of the switches potentially, but each building would have its own vlans and you wouldn't have broadcasts and other layer two traffic going over the trunks between switches. Then the only traffic going across the trunks would be to servers and voice between users.
I know that it is best to keep layer two traffic from crossing layer three devices (i.e. merging vlan 5 and vlan 9 because they are both voice). But what are some of the reasons for not doing this. Is it advisable to hybridize this further. I know the 80/20 has been switching to 20/80 with VDI and cloud computing. Devices are going outside of their LAN for more and more information. I am trying to think of a way to keep things segregated and allow for security policies in the distribution layer. Are IP and layer four ACLs falling out of favor for security policies? I just keep on trying to put those into context and I am thinking about how you would lock down access to say a finance server. If yoou didn't map someone to a vlan/subnet from finance the ACLs would just get gigantic. Would this just be something that you would rely on LDAP for instead? Are ACLs becoming something for QoS, routing updates, and PBR only?
PRTG system in place running other sensors on the same host, which are working. Ive added syslog receiver sensor and receiving PRTG data from switch that increases drops, errors and warning stats that disappear after a few minutes. Within mess...
Hi, here is an example how to configure IP-NAT, GRE, IPSEC. I've seen plenty of questions and this might be a good solution! (Mostly the use of commands that might remind u) IP NAT======================================================================...
Hi everyone.I have a problem in my Network.So i have 3 routers and a firewall in my topology. I have configured OSPF and all routers works expect R3 (see in the image below)When I watch my neignbor in R3 it says :192.168.7.7 1 INIT/DROTHER 00:00:37 10.0.2...
Host Onboarding is the term used when connecting an endpoint (hosts , IOT , Other devices) to the fabric , and can be accomplished in a couple of ways.One option is the "static" approach as oppose to the dynamic and secure approach using&nbs...