6

I finally took time to map my entire shitty network to understand exactly what the guy before me did, and i must admit i'm a little bit surprised even if i'm not a network expert...

Just take a look at That Diagram i made so you can have a better idea of the situation.

I'm planning to reconfigure my network like that.

Do i need to "inform" my router/firewall of the existence of the vlans or is it possible to configure vlans on switches so it totally transparent for my router ? Acting like basic interfaces connected to different physical switches.

Subsidiary questions are :

  • Is this network design ok in regards of best practices and SOP?
  • My VOIP server needs to be accessed trought internet without vpn(for mobile devices), i know it's unsafe, but how could i improve the security without losing this functionnality ?
  • Will linking 2 switches with more than 1 wire boost the available bandwith between them ?

I know my questions are dumb, but i'm totally clueless when it comes to theory...

Thank you in advance.

Thierry Dalleau
  • 61
  • 1
  • 1
  • 4

2 Answers2

2

From a router perspective, what matters are interface. It doesn't change the router behavior if an interface is physical or virtual.

You can have either two cables between the router and the switch, each one in its own VLAN, or a single cable configured as a trunk that carry both VLAN

Both scenario will works, but they are not strictly equivalent.

  • In the first case, if you want to add a third network, you need to have an interface available on the router and on the switch and connect a new cable.

  • In the second case, the single cable is a single point of failure (it's not the only one in the network, but still it is one) and the bandwidth is shared across the 2 VLAN. But it's really easy to add new VLAN.

To get the best of the 2 approach you connect the 2 cables, aggregate them with LACP, set this bond as a trunk and configure QoS. You can further increase the redundancy and bandwidth by adding more link to the bond (most systems allow at least 4 links, 8 is also quite common).

This way you have improved bandwidth and fault tolerance.

Will linking 2 switches with more than 1 wire boost the available bandwidth between them?

Yes, as long as there's several flow. In a bond, a single flow will use only one physical link, and will be limited by the bandwidth of this specific link. But different flow can use different links, thus increasing the overall network bandwidth.
(depending of the algorithm used in the bond, a flow can be defined by source / destination MAC addresses and/or IP addresses and/or even TCP / UDP ports)

Regarding you VOIP server, that should really be a separate question, but you could use VPN on the mobile devices for example.

JFL
  • 19,884
  • 1
  • 36
  • 68
0

It's more optimise to configure Vlan on layer3 switch and route tràffic from layer3 switch firewall allowing all Vlan tràffic routed between firewall and layer3 switch .

Firewall is security devices more feasible to operate on security propective like create security policies , controling , restricting traffic , monitor tràffic for IPS & IDS, antivirus . So VLAN creation and configuration , inter-Vlan routing in firewall is not recommended. Same as router also .

Sagar Uragonda
  • 844
  • 1
  • 17
  • 74