I just wanted to share a design of an old network, and based on that ask for suggestions on integrating the new network into the old network.
The diagram has been enclosed for your reference as well.
The old network has essentially two categories of users: Admin and Guests. There are two network segments created for both of
them as well which are as follows:
Admin Users: 192.168.0.0 / 24
Guest users: 10.254.1.0 /24
The access method is different for both categories of users. With regards to outside access, the Admin users go through the firewall. But guest users dont touch the firewall. Regarding DHCP, the Admin users get their DHCP address from a server in
192.168.0.0/segment. For wireless users, the DHCP server / Default Gateway is the Egress server (a Linux box) with IP address
10.254.1.1 / 24. The default gateway for the Admin users is the firewall viz. 192.168.0.254. Both the Egress server and the Symantec firewall have a public interface too connecting to the router.
The 3560's connecting to the Egress, Symantec are all Layer 2. The same servers will be used by the new network users too for DHCP allocation, Internet access, firewall filtering. There are no VLAN's in the current network, which means, there is only VLAN viz. VLAN 1. The old network was setup by third party.
With regards to the new network in a different building, the network design and integration has been contracted to us.
Now, there is a core / distribution switch 4506 connected to 3560 access switches in different floors. The access switches are connected to users and access points. We are planning for floor based VLAN's and also ensuring that wired / wireless VLAN's are separated too. The design is pretty simple if you look at the new building / network alone. But a few questions that pop up are as follows:
1. The 4506 switch connects through fiber to the old building 3560 switches which in turn connect to the Egress and Symantec firewall. Now, how should the ports connecting the 4506 to the 3560 be configured? As trunks? I am not sure as 3560 will have no ports configured in VLAN's created on 4506. So, why should it receive VLAN info from 4506?
2. How will I be able to pass traffic from VLAN's on the new network to the servers in the old network? The old network has only one VLAN viz. VLAN1. And the new network has multiple VLAN's.
As of now, all that I can think is configure the 3560's connected to servers as Layer 3 devices. The 3560's can be used to route traffic between the old network and new network. The 3560 and 4506 can share a common VLAN. There can be routes created on the 3560's pointing to 4506 for reaching VLAN's created on new network. Similarly, there can be routes added on core to reach the 3560's for old network. But the DHCP servers become two hops away now for clients on new network. So, first hop is 4506 switch and second hop is the 3560 connected to the server. SO, I believe I need to configure ip-helper address on the 4506 as well as the 3560 switches?? I really need some help in validating this solution as well.
Once I know the answer to these two questions, I think that the setup pretty much gets straightforward. I can configure ip-helper address to pass DHCP requests to different DHCP servers on the Layer 3 vlan interface. And I can use policy-based routing to pass traffic to different default gateways (for admin and guests) because that is source-sensitive.
Looking forward to your kind help in this regard
Thanks a lot