Hi and thanks for taking the time to read this. I have some understanding of networking but am looking for help designing the best solution for an environment.
It consists of approx ~30 users with computers and IP phones. We have a Cisco ASA5505 for firewall, VPN and internet gateway, two HP V1910 24-port PoE switches for the LAN (and powering the phones) and two more regular HP V1910 24-port switches where hosts and storage reside for virtual infrastructure (ESX) and other network appliances.
What is the best practices for linking these all together? I've sketched a rough diagram below on how it looks currently. Currently, links between switches are untagged on the data VLAN and tagged on other VLANs to allow traffic on those to pass between switches. Could this be improved in any way? Please ask anything if needed to clarify. Thank you.
PoE SW 1------PoE SW 2------ASA5505
| |
| |
SW 1----------SW 2
Best Answer
In my opinion, pyatka's solution looks like overkill. I like the hub-and-spoke topology though. Your initial topology is redundant, but leaves you highly dependent on Spanning Tree being configured and working properly in order to prevent network loops.
I don't think you need IP's on the inter-switch links. Simply uplink each access switch (PoE SW1, PoE SW2, and SW3 in the graphic) with your new "core," SW 4, with trunk ports with the default VLAN allow settings which allow all VLAN traffic.
Each of the switches can have a port-by-port vlan assignment based on need. All the vlan routing is done on SW4. This means that SW4 will be the default gateway for each VLAN. For example on the user VLAN 20, your hosts will be configured with default gateway of 10.1.1.254 and then on SW2: (this is how on a Cisco IOS switch, check you HP documentation for exact syntax):
SW4 will also then have a default route for 0.0.0.0 that sends outbound traffic out G1/1/4 to the ASA.
Use copper (or fiber if >100M) GBICs for your trunk ports from the access switches to SW4. Then you can still have 24 Ethernet ports on SW4 for end devices.
Obviously, you manage the switches on a dedicated management VLAN.
I think this is a setup that gives you the most flexibility and ease of management.
Chime in if you need more details on switch configuration options.