HPE Community
Switches, Hubs, and Modems
1752538 Members
4909 Online
108788 Solutions
New Discussion

Network Configuration Opinion Requested from Experts

 
MCG43
Occasional Collector

‎02-09-2017 10:44 AM

‎02-09-2017 10:44 AM

Network Configuration Opinion Requested from Experts

Hello all I'm looking for a bit of advise.

Please see the attached network topology, I'm looking for opinions on the best configuration based on performance and security.  I welcome any suggestions that the experts on the forum can provide to assist with this config.

I would also welcome any suggestions to avoid bottleneck or loops.

Thanks in Advance,

 

 

 

0 Kudos
1 REPLY 1
Vince-Whirlwind
Honored Contributor

‎02-09-2017 04:13 PM

‎02-09-2017 04:13 PM

Re: Network Configuration Opinion Requested from Experts

I would have a few problems with that design, eg,

- Server VLAN spanned to Access switrches.

- Access VLANs spanned to Servers

- DMZ VLAN spanned to internal servers.

- internal VLANs spanned across the core switch out to gateway devices, eg, 40, 47, 55

- i don't know what the "gateway" VLAN is, but once again this VLAN is spanned across the core

 - you have 2 gateways, so you would normally assume some kind of resilient setup, but you have a slightly different set of VLANs trunked to each.

I think you need to rethink your understanding of the purpose of VLANs - a VLAN is used to manage a broadcast segment. 
The golden rule with VLANs is you should span each VLAN to the least possible number of switches, and each switch should have the least possible number of VLANs spanned to it.

So, a server VLAN should encompass a limited number of server access switches and be spanned to the core, nowhere else.

An access VLAN should be restricted to one switch, stack, or wiring closet, and be spanned to the core switch for routing.

DMZ devices should be seperated from production devices by a firewall.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.