We intend to create a seperate vlan segment specially for use by servers to backup their data, so that these servers say seperate from other vlans & dont interrupt or consume resources due to their high volumes.
Idea is to have extra interface cards on each of these servers which will connect back to this seperate VLAN possibly without any gateway being used.
Is something like this possible, if so kindly suggest.
You can create a private vlan onthe switches (layer 2 only) and just plug these new NIC into that vlan, remembering there wont be any DHCP, so you will have to make the ip addresses static.
hope this helps
ok..but would these NIC's function without any gateway address on them among the segments. Also, these servers are currently off fwsm module. Would this impact this , as i want to avoid making changes for access on the firewall for these servers.
Devices only need a gateway when needing to talk to a device outside it's own subnet, I can't help you with the server config bit, but I know it can be done as we have them here (which I think Jon Marshall put in).
Maybe I missed the point somewhat here, I assumed you would get a separate switch for this private vlan, and in which case wouldn't include the FWSM or Jon's worry about still overloading the current switch.
If the backups are going to be moving large amounts of data then it may be worth considering purchasing a separate switch(es) purely for your backup vlan. This will keep all traffic off your main production switch.
Just using a separate vlan on the same switch does not necessarily mean it won't interfere with other vlans traffic.
3560, 3750, 4948 are all good switches for this sort of thing.
Edit - the servers would not need a default-gateway for this vlan whether it is on a separate switch or a vlan with no L3 interface. They just all need to have an address out of the same subnet on the second NIC.
If the servers are behind firewalls then
1) definitely no default-gateway for second NIC
2) Ensure that IP routing has been disabled on servers
3) Ensure that the server(s)/SAN's etc. that the servers back up to are protected as well otherwise you have just bypassed the firewall ie. you could connect to one of the firewalled servers by it's backup NIC and not have to go through the firewall.
You probably don't want to firewall the backup NIC's with the FWSM because that could impact the FWSM performance.