I'm completely new to VLANs, but what I've read about them is very interesting, and will potentially be a significant increase in our security. Unfortunately, I'm pretty sure I'm only getting about half of the details, and the rest is getting bloated by my over-active imagination.
Never-the-less, I've gotten approval to upgrade our 10/100 network with Catalyst 2960 switches... performance gains should go through the roof once I get my entire network on GigE (yes the PCs and servers are all GigE capable).
On my main LAN segment, I'm going to have 2 core switches... these 2 will have the servers (running VMware) and all of my edge switches (more catalyst 2960s).
Core Switching:
Port 1 through 5 on the core switches will be set up as Trunk ports, used to uplink my edge switches to the rest of the network.
Port 6,7 and 8,9 will be trunk ports, connected to virtual switches in VMware (aka plugged into my servers)
Port 10 will also be a trunk port, for my distributed wireless access device.
Edge switches
port 1: A trunk port, connected to the first core switch
port 2: A trunk port, connected to the second core switch
port 3 - 48: Will have end users plugged into it.
My VLANS will be configured as follows (different subnet for each vlan):
1 - Internet / Firewall
2 - Servers and Printers
3 - "Admin" users, with access to all VLANs
4 to whatever - A VLAN for each physical switch... rather than arrange by dept, I'm just gonna put all 46 remaining ports on the edge switches each on their own VLAN, so that if I had 5 edge switches, I'd have 5 VLANs. I would then configure access to the servers and the internet... no other access is needed.
Is this the right way to be going? Have I misunderstood something about VLANs? Would I end up wasting my weekend trying to clean up a gigantic mess made by this strategy?
Attached is a PDF containing a more detailed migration strategy.
Start Free Trial
