Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
601
Views
0
Helpful
3
Replies

Server VLAN

HMidkiff
Level 1
Level 1

‎05-03-2010 12:47 PM - edited ‎03-06-2019 10:55 AM

Hello:

Ten years ago when I first deployed my network I only needed one subnet.   I settled on a 192 subnet at that time with ".1" being my firewall to the Internet.  As time went on all my servers came online on that subnet.   I have added additional subnets over the years.  Right now the interface for my firewall is on the VLAN for all my servers.  The network is fully switched so don't think it is a huge problem but here is my question.

Would it be better to have my servers on a VLAN that is not on the same subnet as my firewall?  I can see some pros to doing this.  Is this the best practice?

Harrison 

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎05-03-2010 12:53 PM 

HMidkiff wrote:
Hello:
Ten years ago when I first deployed my network I only needed one subnet.   I settled on a 192 subnet at that time with ".1" being my firewall to the Internet.  As time went on all my servers came online on that subnet.   I have added additional subnets over the years.  Right now the interface for my firewall is on the VLAN for all my servers.  The network is fully switched so don't think it is a huge problem but here is my question.
Would it be better to have my servers on a VLAN that is not on the same subnet as my firewall?  I can see some pros to doing this.  Is this the best practice?
Harrison 

Harrison

Yes it is better to have your server vlan separate from the firewall vlan. Ideally you should have a dedicated vlan for communcation between your L3 switch and your firewall. I'm assuming you have a L3 switch as you now have multiple vlans internally. It is best pratice for servers to be on their own dedicated vlan whenever you can.

Is it crtical, no it isn't but generally speaking vlans should be dedicated to a specific purpose and by having your current setup you have a vlan doing 2 things ie. containing servers and being a transit network between your L3 switch and the firewall.

Jon

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎05-03-2010 12:53 PM

Hi,

I think that definitely it is a best practice to have logically segmented your servers in a separate VLAN.

Also, you can further isolate the servers using Private VLANs (PVLANs)

Normally, the servers are also placed on different VLANs depending if they should be accesible from the Internet or private servers.

I guess it depends a lot on your setup.

Federico.

0 Helpful

HMidkiff
Level 1
Level 1

‎05-03-2010 12:56 PM

Thanks for replying.  Your post was very helpful....

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card