Diagramming is a little difficult right now, but think of the current state as router-on-a-stick without VLANs, that needs to have VLANs setup. On Sat, May 23, 2015, 6:57 AM olushile akintade <olushile@gmail.com> wrote:
Can you provide a quick diagram with the current subnet and traffic path? On Fri, May 22, 2015 at 7:51 PM Sina Owolabi <notify.sina@gmail.com> wrote:
Hi!
I am in a bit of a planning and implementation quandary and I'm hoping to solicit implementation assistance on an already existing network which needs to have segmentation and security.
I have only remote access to the network which comprises a number of Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of virtual machines in different networks), a Sophos UTM gateway device (specifically ASG220) serving as a router, and two Cisco Catalyst 2960 switches (one on the internet side of the UTM gateway, and the other allowing access to the UTM from the RHEL6 hypervisors).
There are a number of subnets defined on both the hypervisors and the virtual machines, all using the Sophos UTM as their gateway to each other, and to the internet. My task is to properly segregate access and traffic between the devices, which do not have VLANs defined on them. Remotely.
My question is, can I create VLANs, and their trunk ports on the 2960 switches (especially on the LAN switch) that will segregate traffic between the networks defined on the UTM, the hypervisors and their guest machines, without causing network downtime?
Is it best to attack the switches first, creating the VLANs there, before implementing VLANs on the UTM and the hypervisors?
I would be grateful for any planning assistance. The data center is a long way away, and any downtime will be catastrophic.
Thanks in advance!