I am a fair Cisco guy and have been working at my company for almost 5 years. We just hired a new CIO and one of my suggestions was to have an outside party conduct an independant security assessment of the environment. Instead, the CIO retained the consultants he used to work wiith and they recommending that we undo our present VLAN archtecture.
We presently have a 172.16.x.x segment for our managment and server VLAN which I know is a pretty big no-no. We inherited this problem.
We also have 4 floors and have created a VLAN for each floor where we use the third octet to define the floor:
Example: 10.203.2.x for the second floor, 10.203.3.x for the third floor, etc.
I know that Cisco recommends VLANs to limit Layer2 Broadcasts and compartmentalize network issues but I am trying to be a voice of truth in this new mess.
They are proposing creating one network for client PCs and I do not see this as a need since it already exists. I see this change more as a way to create unsubstantiated work to bill. I am not looking for anyone to take side but more provide direction?