Re-Design Network with InterVLAN Routing

Marco Soeder-Schuettler · ‎09-12-2016

Hey guys,

i have a question more about designing a VLAN network.

Our customer has a /16 network with roundabout 1500 devices and 90 Cisco switches. All devices are in VLAN 1 in subnet 192.168.0.0/16.

Now its my part to Re-Design this network in different VLANS

Now my question how would you do it, which method is the best?

I thought the core stack switch WS-C3850-48P activate IP Routing and handle Inter VLAN routing. For all devices actually is Sophos UTM SG 430 the default Gateway 192.168.1.1

This IP will give the new core switch to handle requests. Then configure Sophos UTM as Gateway for core switch

In first step we can disregard security reason, ACL´s and security come in next step between VLAN´s

What do you think about this method?

Regards Marco

devils_advocate · ‎09-12-2016

Hi Marco

For me it would depend on the physical topology of the network.

Are all the hosts connected to the 3850 or are there additional switches?

Are any additional switches directly connected to the 3850 or are any daisy chained off each other?

Is the Sophos acting as just a FW between the hosts and the internet?

If so, is the internet patched directly into the Sophos' WAN port?

What is currently doing DHCP?

Making the 3850 the Core switch seems logical as long as its the 'core' of the network and all switches come off this. Enabling IP routing and creating Vlans and SVI's etc is easy but you have to think about traffic flow up and downstream in terms of spanning tree. Also think about having to create Trunks between switches.