I got my first job as IT administrator in a relatively small company (around 120 users), working alone both on the system and the networking part. My problem is that I haven't done much networking, I only have some basis.
The company's LAN infrastructure is as follows : two /24 subnets, one for the VoIP equipment, and one for everything else. Also, everything except the VoIP uses the VLAN 1. The firewall is the gateway. There are three Aruba L3 switches stacks, but they are only used as L2, no routing is really used.
I'm thinking of splitting this network into several networks, at least one network for the users, another one for the servers, so I can create policies on the firewall to restrict accesses. I was planning to create VLAN interfaces on the firewall, and use each interface as a gateway for the corresponding subnet.
Is there any downside for doing this ? Is this a good idea at all ? I also looked at light VRF, so I can do the routing on the L3 switches and still use the firewall policies, but that seemed overkill to me (maybe I'm wrong).
No comments:
Post a Comment