Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Network Configuration Opinion Requested from Experts

MCG43
Occasional Collector

Network Configuration Opinion Requested from Experts

Hello all I'm looking for a bit of advise.

Please see the attached network topology, I'm looking for opinions on the best configuration based on performance and security.  I welcome any suggestions that the experts on the forum can provide to assist with this config.

I would also welcome any suggestions to avoid bottleneck or loops.

Thanks in Advance,

 

 

 

1 REPLY
Vince-Whirlwind
Honored Contributor

Re: Network Configuration Opinion Requested from Experts

I would have a few problems with that design, eg,

- Server VLAN spanned to Access switrches.

- Access VLANs spanned to Servers

- DMZ VLAN spanned to internal servers.

- internal VLANs spanned across the core switch out to gateway devices, eg, 40, 47, 55

- i don't know what the "gateway" VLAN is, but once again this VLAN is spanned across the core

 - you have 2 gateways, so you would normally assume some kind of resilient setup, but you have a slightly different set of VLANs trunked to each.

I think you need to rethink your understanding of the purpose of VLANs - a VLAN is used to manage a broadcast segment. 
The golden rule with VLANs is you should span each VLAN to the least possible number of switches, and each switch should have the least possible number of VLANs spanned to it.

So, a server VLAN should encompass a limited number of server access switches and be spanned to the core, nowhere else.

An access VLAN should be restricted to one switch, stack, or wiring closet, and be spanned to the core switch for routing.

DMZ devices should be seperated from production devices by a firewall.