We have six new Cisco SG-300 switches of varying port capacity. Here's how they're connected to each other:
We have outgrown our flat network and are looking to VLAN to improve performance, security and capacity.
I would like to create 3 VLANS, 1 of which will be "in scope" and subject to increased security and stricter access rules. Users within the other 2 VLANS should not be able to access resources within VLAN1.
Currently, we have Spanning Tree enabled with SW1 as the root bridge.
Subordinate bridge IDs have been assigned to the other 5 switches.
SW1 is in Layer 3 mode, all the other switches are in Layer 2 mode.
Currently, SW1 is configured to use the network gateway for external access.
All other switches use SW as their gateway.
Question 1: Is it proper to only have 1 switch (SW1) in layer 3 mode?
Question 2: What is the desired VLAN approach for the environment as described?
Question 3: with a single DHCP server available, how will this traffic traverse the 3 VLANS?