https://community.hpe.com/t5/switches-hubs-and-modems/network-configuration-opinion-requested-from-experts/m-p/6939004#M33514 <P>I would have a few problems with that design, eg,</P><P>- Server VLAN spanned to Access switrches.</P><P>- Access VLANs spanned to Servers</P><P>- DMZ VLAN spanned to internal servers.</P><P>- internal VLANs spanned across the core switch out to gateway devices, eg, 40, 47, 55</P><P>- i don't know what the "gateway" VLAN is, but once again this VLAN is spanned across the core</P><P>&nbsp;- you have 2 gateways, so you would normally assume some kind of resilient setup, but you have a slightly different set of VLANs trunked to each.</P><P>I think you need to rethink your understanding of the purpose of VLANs - a VLAN is used to manage a broadcast segment.&nbsp;<BR />The golden rule with VLANs is you should span each VLAN&nbsp;to the least possible number of switches, and each switch should have the least possible number of VLANs spanned to it.</P><P>So, a server VLAN should encompass a limited number of server access switches and be spanned to the core, nowhere else.</P><P>An access VLAN should be restricted to one switch, stack, or wiring closet, and be spanned to the core switch for routing.</P><P>DMZ devices should be seperated from production devices by a firewall.</P> Fri, 10 Feb 2017 00:13:48 GMT Vince-Whirlwind 2017-02-10T00:13:48Z https://community.hpe.com/t5/switches-hubs-and-modems/network-configuration-opinion-requested-from-experts/m-p/6938890#M33513 <P>Hello all I'm looking for a bit of advise.</P><P>Please see the attached network topology, I'm looking for opinions on the <STRONG>best configuration based on performance and security</STRONG>. &nbsp;I welcome any suggestions that the experts on the forum can provide to assist with this config.</P><P>I would also welcome any suggestions to avoid bottleneck or loops.</P><P>Thanks in Advance,</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 09 Feb 2017 18:44:10 GMT https://community.hpe.com/t5/switches-hubs-and-modems/network-configuration-opinion-requested-from-experts/m-p/6938890#M33513 MCG43 2017-02-09T18:44:10Z https://community.hpe.com/t5/switches-hubs-and-modems/network-configuration-opinion-requested-from-experts/m-p/6939004#M33514 <P>I would have a few problems with that design, eg,</P><P>- Server VLAN spanned to Access switrches.</P><P>- Access VLANs spanned to Servers</P><P>- DMZ VLAN spanned to internal servers.</P><P>- internal VLANs spanned across the core switch out to gateway devices, eg, 40, 47, 55</P><P>- i don't know what the "gateway" VLAN is, but once again this VLAN is spanned across the core</P><P>&nbsp;- you have 2 gateways, so you would normally assume some kind of resilient setup, but you have a slightly different set of VLANs trunked to each.</P><P>I think you need to rethink your understanding of the purpose of VLANs - a VLAN is used to manage a broadcast segment.&nbsp;<BR />The golden rule with VLANs is you should span each VLAN&nbsp;to the least possible number of switches, and each switch should have the least possible number of VLANs spanned to it.</P><P>So, a server VLAN should encompass a limited number of server access switches and be spanned to the core, nowhere else.</P><P>An access VLAN should be restricted to one switch, stack, or wiring closet, and be spanned to the core switch for routing.</P><P>DMZ devices should be seperated from production devices by a firewall.</P> Fri, 10 Feb 2017 00:13:48 GMT https://community.hpe.com/t5/switches-hubs-and-modems/network-configuration-opinion-requested-from-experts/m-p/6939004#M33514 Vince-Whirlwind 2017-02-10T00:13:48Z