Hello,
I'm in the process of redesigning our corporate network.
Currently we have a stack of 3x Dell S3048 that contains 30 VLAN. The stack takes care of internal routing and has a default gw to the firewall to get out over the internet. There is no isolation between these VLANs.
We plan to change this architecture to 10G and take advantage of this to add security.
The core network will be replaced by 2 Nexus 3064PQ-10GX with HSRP and VPC. Each access switch will be connected in VPC.
There will be about 20 VLANs for the users (1 per building) and about 10 for the infrastructure (SRV/MGMT/PRINT/CCTV/STORAGE) .
Regarding isolation of these VLAN, I had several ideas:
- Create a 1 VRF per VLAN and add static routes in each VRF to access the PRINT/SRV VLANs and 1 default gw to the firewall
That would make me more than 30 VRF to manage, knowing that the N3K supports a maximum of 64 VRF. And we planned in futur to add more VLAN with the expansion of our fiber network.
- Connect my firewall (Sophos UTM in cluster) with 2x 10G to the N3K and create SVIs. Use N3K only in level 2 and use my firewall as a gateway.
- ACL ?
So I'm looking for advice and ideas for this new network.
Thank you !
PS : Sorry for my bad English
No comments:
Post a Comment