I need to divide part of my network using VLANs and give a department a segmented internet connection. I was thinking about creating subinterfaces on my 5520 but have never configured these before and the firewall is so complex right now I don't feel comfortable changing the way an interface works, I have a feeling it might lead to an unexpected long downtime. The 5520 does have 1 available interface and I was wondering if I could put this on a seperate network on the 5520 as another inside interface, then create new rules pertaining only to that network, thus not having to worry about messing with the current configuration for my network.
I'd appreciate any advice!
I guess everything depends on your company requirements, if in the future you need to add more separate networks you may end up using sub-interface. As you said, moving from physical to logical will require major changes on your network, your switch must be configure as a trunk and the entire network must be re-design and you may need to re-configure the inside interface.
If the network is not meant to increase, at least in the next year probably the easiest way will be to use that available interface and configure a second inside interface with the corresponding rules.
Please rate helpful posts.