Can you provide a quick diagram with the current subnet and traffic path? On Fri, May 22, 2015 at 7:51 PM Sina Owolabi <notify.s...@gmail.com> wrote:
> Hi! > > > I am in a bit of a planning and implementation quandary and I'm hoping > to solicit implementation assistance on an already existing network > which needs to have segmentation and security. > > I have only remote access to the network which comprises a number of > Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of > virtual machines in different networks), a Sophos UTM gateway device > (specifically ASG220) serving as a router, and two Cisco Catalyst 2960 > switches (one on the internet side of the UTM gateway, and the other > allowing access to the UTM from the RHEL6 hypervisors). > > > There are a number of subnets defined on both the hypervisors and the > virtual machines, all using the Sophos UTM as their gateway to each > other, and to the internet. My task is to properly segregate access > and traffic between the devices, which do not have VLANs defined on > them. Remotely. > > My question is, can I create VLANs, and their trunk ports on the 2960 > switches (especially on the LAN switch) that will segregate traffic > between the networks defined on the UTM, the hypervisors and their > guest machines, without causing network downtime? > > Is it best to attack the switches first, creating the VLANs there, > before implementing VLANs on the UTM and the hypervisors? > > I would be grateful for any planning assistance. The data center is a > long way away, and any downtime will be catastrophic. > > > Thanks in advance! >
