asked on Design of VLANs
I am working with a client who has some Cisco equipment.
network design is very simple now ; all machines in one VLAN and one subnet.
they like to go with a VLAN based solution , they have a Cisco switch 3750 (24 port) and a ASA (5510) . They also have six Dlink (layer3) switches.
The Idea is to use Cisco 3750 as a core switch ; subnet network to 5 different IP ranges ( for 5 departments ) and put each department on a separate VLAN.
They also have another location which will be connected to primary site using a site-to-site VPN (through Cisco ASA) .So ASA provides site-to-site connectivity and Internet access.
machines on that site also need to be in a different VLAN but should be able to talk to servers in primary site.
so .. with this scenario in mind ; here are my thoughts :
we need one dedicated switch on each subnet ( probably those Dlinks)
we need to enable trunking on each Dlink switch.
Each Dlink switch will be connected to core Cisco switch using its trunk interface.
Core switch performs required routing and send traffic to ASA if required.
Is this right ? I am not quiet sure if ASA should be VLAN aware too ... any thoughts ?
network design is very simple now ; all machines in one VLAN and one subnet.
they like to go with a VLAN based solution , they have a Cisco switch 3750 (24 port) and a ASA (5510) . They also have six Dlink (layer3) switches.
The Idea is to use Cisco 3750 as a core switch ; subnet network to 5 different IP ranges ( for 5 departments ) and put each department on a separate VLAN.
They also have another location which will be connected to primary site using a site-to-site VPN (through Cisco ASA) .So ASA provides site-to-site connectivity and Internet access.
machines on that site also need to be in a different VLAN but should be able to talk to servers in primary site.
so .. with this scenario in mind ; here are my thoughts :
we need one dedicated switch on each subnet ( probably those Dlinks)
we need to enable trunking on each Dlink switch.
Each Dlink switch will be connected to core Cisco switch using its trunk interface.
Core switch performs required routing and send traffic to ASA if required.
Is this right ? I am not quiet sure if ASA should be VLAN aware too ... any thoughts ?
Network OperationsCiscoNetwork Architecture
Last Comment
pwindell
ASKER
Thanks for all information , can we enable rapid spanning tree even in a Dlink-Cisco mix ?
Spanning-tree is IEEE and is not proprietary to cisco so as long as the switch itself supports RPVSPT then absolutely. You said they are L3 switches so I would assume yes but, to confirm just look up the model numbers on the manufactures website it should confirm / deny.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Simple principle to follow:
For every 200 machines,...create a new /24 (254 host) Segment.
Whether that is done with physical interfaces on a convention LAN Router or with virtualized Interfaces on a L3 Switch really doesn't matter.
For every 200 machines,...create a new /24 (254 host) Segment.
Whether that is done with physical interfaces on a convention LAN Router or with virtualized Interfaces on a L3 Switch really doesn't matter.
There is no need to dedicate one switch per VLAN unless you just wanted to, it is possible to simply assign different switchports to access the vlan intended. It would help to understand the physical topology to answer this question. Are the devices in these 5 different areas cabled back to the same data closet or different closets?
You would have all 5 Vlans on all switches and simply assign a range/specific ports to each VLAN. You could also use VTP to manage Vlans across the switches if you had a native cisco switching environment.
Example
Int fa0/1
switchport access vlan 10
int Fa0/2
switchport access vlan 20
I would shutdown Vlan1 and pick one Vlan to be your management Vlan for your switches.
I would also recommend using RPVST - rapid per vlan spanning tree.