redgoblet
asked on
Best practices for VLAN: 6 Cisco SG-300 switches
We have six new Cisco SG-300 switches of varying port capacity. Here's how they're connected to each other:
SW1>SW2
SW1>SW3
SW1>SW4
SW1>SW5
SW1>SW6 (fiber)
We have outgrown our flat network and are looking to VLAN to improve performance, security and capacity.
I would like to create 3 VLANS, 1 of which will be "in scope" and subject to increased security and stricter access rules. Users within the other 2 VLANS should not be able to access resources within VLAN1.
Currently, we have Spanning Tree enabled with SW1 as the root bridge.
Subordinate bridge IDs have been assigned to the other 5 switches.
SW1 is in Layer 3 mode, all the other switches are in Layer 2 mode.
Currently, SW1 is configured to use the network gateway for external access.
All other switches use SW as their gateway.
Question 1: Is it proper to only have 1 switch (SW1) in layer 3 mode?
Question 2: What is the desired VLAN approach for the environment as described?
Question 3: with a single DHCP server available, how will this traffic traverse the 3 VLANS?
Thanks much...
SW1>SW2
SW1>SW3
SW1>SW4
SW1>SW5
SW1>SW6 (fiber)
We have outgrown our flat network and are looking to VLAN to improve performance, security and capacity.
I would like to create 3 VLANS, 1 of which will be "in scope" and subject to increased security and stricter access rules. Users within the other 2 VLANS should not be able to access resources within VLAN1.
Currently, we have Spanning Tree enabled with SW1 as the root bridge.
Subordinate bridge IDs have been assigned to the other 5 switches.
SW1 is in Layer 3 mode, all the other switches are in Layer 2 mode.
Currently, SW1 is configured to use the network gateway for external access.
All other switches use SW as their gateway.
Question 1: Is it proper to only have 1 switch (SW1) in layer 3 mode?
Question 2: What is the desired VLAN approach for the environment as described?
Question 3: with a single DHCP server available, how will this traffic traverse the 3 VLANS?
Thanks much...
ASKER
Thanks...a couple more questions..
Desktop member of VLAN5 is connected to SwitchB on Port 30.
Port 1 of Switch B is connected to Port 1 of Switch A (core router).
Do ports 1 and 30 on Switch B and Port 1 of Switch A all have to be assigned to VLAN 5?
What VLAN mode is preferable (access, general, trunk)?
Since layer 3 is not enabled on Switch B, how do we route traffic through it to Switch A?
Sorry for the rookie questions, really appreciate everyone's help.
Desktop member of VLAN5 is connected to SwitchB on Port 30.
Port 1 of Switch B is connected to Port 1 of Switch A (core router).
Do ports 1 and 30 on Switch B and Port 1 of Switch A all have to be assigned to VLAN 5?
What VLAN mode is preferable (access, general, trunk)?
Since layer 3 is not enabled on Switch B, how do we route traffic through it to Switch A?
Sorry for the rookie questions, really appreciate everyone's help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your VLAN approach is fine, each VLAN's default gateway would be a Switched Virtual Interface on the core switches (if you are doing VRRP, both core switches will have their own unique IPs and sharing a virtual IP via VRRP - each VLAN uses the VRRP IP as their default gateway).
DHCP with a single server works by using DHCP relay. This is found under "IP Configuration" then "DHCP" then "Properties". Simply select to enable the DHCP relay and at the bottom put your DHCP server in the table. You then just setup your different scopes for the VLANs on your DHCP server.