Diagramming is a little difficult right now, but think of the current state as router-on-a-stick without VLANs, that needs to have VLANs setup.
On Sat, May 23, 2015, 6:57 AM olushile akintade <olush...@gmail.com> wrote: > Can you provide a quick diagram with the current subnet and traffic path? > On Fri, May 22, 2015 at 7:51 PM Sina Owolabi <notify.s...@gmail.com> > wrote: > >> Hi! >> >> >> I am in a bit of a planning and implementation quandary and I'm hoping >> to solicit implementation assistance on an already existing network >> which needs to have segmentation and security. >> >> I have only remote access to the network which comprises a number of >> Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of >> virtual machines in different networks), a Sophos UTM gateway device >> (specifically ASG220) serving as a router, and two Cisco Catalyst 2960 >> switches (one on the internet side of the UTM gateway, and the other >> allowing access to the UTM from the RHEL6 hypervisors). >> >> >> There are a number of subnets defined on both the hypervisors and the >> virtual machines, all using the Sophos UTM as their gateway to each >> other, and to the internet. My task is to properly segregate access >> and traffic between the devices, which do not have VLANs defined on >> them. Remotely. >> >> My question is, can I create VLANs, and their trunk ports on the 2960 >> switches (especially on the LAN switch) that will segregate traffic >> between the networks defined on the UTM, the hypervisors and their >> guest machines, without causing network downtime? >> >> Is it best to attack the switches first, creating the VLANs there, >> before implementing VLANs on the UTM and the hypervisors? >> >> I would be grateful for any planning assistance. The data center is a >> long way away, and any downtime will be catastrophic. >> >> >> Thanks in advance! >> >
