Hi,
I'm looking over the network at an industrial plant and have some questions. I'm quite inexperienced with this kind of stuff so please bear with me for being stupid.
Here's some background.
-
On the top, there's two core switches (HP 3800-48G-4SFP+).
-
Two (redundant) firewalls (Cisco ASA 5506-X) separate WAN from LAN. They are both connected to one (!) of the core switches.
-
Several L2-switches are connected as a star with the core switches in the middle. Hosts are connected either directly to the L2-switches or via other L2-switches. Some hosts are connected directly to the core switches as well.
In order to separate manufacturing traffic, I will create zones by means of VLAN. However, some traffic needs to pass between VLANs. The original thought was to use the ASA as default gateway and route between VLANs using access rules, where for example an office PC (e.g. 172.16.0.50, VLAN 10) needs to connect by RDP to a host in a certain manufacturing VLAN (e.g. 10.10.60.3, VLAN 60).
My questions:
-
Would it be better to use an L3 switch, for instance one of the core switches, for routing?
-
If so, how do you establish the connection between the hosts in the above example? Do you set up a static route in the switch from 172.16.0.50 to the ASA firewall, and in the firewall set up an access rule which permits RDP from 172.16.0.50 to 10.10.60.3? Of course with the VLANs properly set up in switch and firewall.
Thank you
No comments:
Post a Comment