How to subnet and add VLANS into my network
10 years 1 month ago #38489
by Chris
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Replied by Chris on topic How to subnet and add VLANS into my network
AdminOmid,
Network diagrams always help
The last diagram you posted would certainly work, however I'd like to make a few comments if I could:
1) There is no gain placing L3 switches all over the place. You could use one L3 switch at the top where all three networks/VLANs connect to and from there below, use L2 switches, so that all Red switches are L2, all Green switches are L2 and all blue switches are L2.
Since the switch at the top is a L3 switch, you would only need one single cable to the Firewall. This link can either be a trunk link (that carries all 3 vlans) or a single access link with a completely different VLAN - e.g VLAN4.
Of course you can also connect the L3 switch the same way you show in your diagram and you would require 3 Ethernet ports on your Firewall.
Closing, if you decided to perform the VLAN routing through the Firewall, then you could also replace the top switch with a standard L2 switch.
As you can see, there are quite a few alternatives here. It all has to do with your budget, physical setup of your network and requirements.
If you asked me how would I set this network up, then this is what i'd do:
I'd connect one link from the Firewall to the Top Switch, in access-link mode (a single VLAN) and I'd make sure the Top switch is a L3 switch. From there on all switches below would be L2 switches e.g 2960.
From there on, depending on the physical setup of the network, I'd certainly create multiple rings to ensure redundancy and even connect the three VLANs between them if I can. Of course, this type of a setup would require good knowledge of Spanning Tree, to ensure traffic is spread out amongst the switches in the best possible way.
Please let us know if you require any additional information.
Chris.
Network diagrams always help
The last diagram you posted would certainly work, however I'd like to make a few comments if I could:
1) There is no gain placing L3 switches all over the place. You could use one L3 switch at the top where all three networks/VLANs connect to and from there below, use L2 switches, so that all Red switches are L2, all Green switches are L2 and all blue switches are L2.
Since the switch at the top is a L3 switch, you would only need one single cable to the Firewall. This link can either be a trunk link (that carries all 3 vlans) or a single access link with a completely different VLAN - e.g VLAN4.
Of course you can also connect the L3 switch the same way you show in your diagram and you would require 3 Ethernet ports on your Firewall.
Closing, if you decided to perform the VLAN routing through the Firewall, then you could also replace the top switch with a standard L2 switch.
As you can see, there are quite a few alternatives here. It all has to do with your budget, physical setup of your network and requirements.
If you asked me how would I set this network up, then this is what i'd do:
I'd connect one link from the Firewall to the Top Switch, in access-link mode (a single VLAN) and I'd make sure the Top switch is a L3 switch. From there on all switches below would be L2 switches e.g 2960.
From there on, depending on the physical setup of the network, I'd certainly create multiple rings to ensure redundancy and even connect the three VLANs between them if I can. Of course, this type of a setup would require good knowledge of Spanning Tree, to ensure traffic is spread out amongst the switches in the best possible way.
Please let us know if you require any additional information.
Chris.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.144 seconds