Do I Need A Layer 3 Core Switch?
-
Something to keep in mind, your firewall is currently able to keep all traffic on those VLANs out of the normal network.
I'm not sure if L3 or L2+ switches have firewall like features to prevent cross VLAN communications.
-
@Dashrender Really? I thought that was the point of a VLAN.
-
@wrx7m said:
@Dashrender Really? I thought that was the point of a VLAN.
Well, no. A VLAN is just a LAN, it's not a thing on its own. If you connect them all together through a router or switch, by default you've joined them all into a single thing. Just routed between them, rather than switched. VLANs are not "for" anything specific. You have to build in the functionality that you want from them.
-
@scottalanmiller Sure, I meant that I thought the whole point of a VLAN was to segregate traffic/keep broadcasts domains smaller while utilizing the same physical switches.
-
@wrx7m said:
@scottalanmiller Sure, I meant that I thought the whole point of a VLAN was to segregate traffic/keep broadcasts domains smaller while utilizing the same physical switches.
Segregating traffic to broadcast domains for layer 2 doesn't imply that L3 isn't wide open between the subnets. In a typical network, you'd be wide open between them.
-
@scottalanmiller That is true, however, I am running in access mode to prevent cross communication and would like it to remain that way. Would a Layer 3 switch have the features to create ACLs for traffic on multiple VLANs across the same ports?
-
@wrx7m said:
@scottalanmiller That is true, however, I am running in access mode to prevent cross communication and would like it to remain that way. Would a Layer 3 switch have the features to create ACLs for traffic on multiple VLANs across the same ports?
Generally they will, but that was @Dashrender concern, that it would not.
-
OK. Got it. So since that is the goal, based on the size of the network and addition of 10GE for virtual hosts, I should consider a Layer 3 switch?
-
The 10 Gb in this case doesn't play a part in the decision making process, as far as I can see.
-
@Dashrender The layer 3 portion was for the inter-vlan traffic but the core aspect would be to provide the backbone bandwidth
-
What switch do you have in mind?
How many 10 Gb ports do you need? Will you run two for whichever r word will make Scott happier? -
@Dashrender Ha! It would be a single as a core and I am not sure which switch I would use yet. I am still trying to see if all of it will be within my budget. For my virtual hosts I currently need 6 10GE (which I am leaning toward 2 switches to create some redundancy) and then I would ideally be stacking the switches with the others so I am not sure how it will all go together with the introduction of a core switch, stacking-wise.
-
I've never been responsible for a network that was large enough to have a core switch.
I have a HP 2824 (L3 switch) 1 GB switch with 4 ports that will take GBICs that I use for fiber.
connected to that I have two 2650-PWR switches for phones and endpoints.
I am planning on upgrading the 2824 to a UBNT Edgeswitch 48 which has two SPF +1 ports (10 Gbe) and two SPF 1 ports (1 Gb fiber)
I will eventually replace the 2650-pwr with 1 Gb switches in the future.
-
For the TOR switches for all my servers and virtual hosts and NAS, I am looking at using 2 of the Extreme Summit X460-G2-24t-10GE4. 24 ports of copper 1Gb and 4 ports of 10GE SPF+ and additional stacking ports on the back. For the edge switches for things like the access points, IP phones and desktops, I was looking at the Extreme Summit X450-G2-48P-10GE4 or the Extreme Summit X450-G2-48P-GE4.
-
wow, $3800/ea for the TOR switches...
-
Yeah, that is kind of why I was asking. Is this enough to warrant the consideration of something designed to be a core?
-
@Dashrender Don't forget to add the PSU(s)
-
I suppose that I could always get the TOR and Edge switches first and see how well it works and if I need to get better throughput from the LAN to the WIFI and vice versa, then I could add the "core" switch into the mix. Anyone have thoughts on this?
-
Not that it means anything - but I've never heard of Extreme Summit.
Any reason not to find a solution that has six 10 Gbe ports on a single switch?
-
@Dashrender said:
Not that it means anything - but I've never heard of Extreme Summit.
Not SMB gear. It's good stuff. Way better than Cisco.