Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Consolidating multiple sw...

Consolidating multiple switches

Created: Oct 15, 2020 07:56:26Latest reply: Oct 15, 2020 08:54:41 273 3 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hi All,


I am looking at consolidating a series of individual switches into a single stack. The issue is the switches belong in different security zones - Internet facing, Public DMZ, Secure DMZ, Insecure DMZ etc. Most of the interfaces are access ports with an uplink port that is a trunk.


Example:

Switch 1:  Access ports for vlans 911, 918, 982  Trunk port in Eth-Trunk for those vlans.

Switch 2: Access Ports for vlans 914, 720   Trunk port in Eth Trunk for those vlans.



Is using the MUX (PVLAN) the best way to achieve this? If it is what would be the setup considering that I would not need for the vlans on 911, 918, 982 to be able to talk to each other unless it reaches a layer 3 device in the next hop.


Regards


Adrian

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Which one is better
Next: help me
Featured Answers

Recommended answer

(0) (0)
Mash_man
Created Oct 15, 2020 08:54:41

You could do this all on a single stack.  But I would recommand using a stack per logical function as the chance of having errors and incidents will decrease if properly designed.

Create each stack to have at lease 2 similar members to make sure you can do redundant LACP to hots in the segment. Set en configure only Vlans to be used in that area, no DMZ vlans on Public stack and vice versa.


Do logically segment management for the stacks per area.

And make sure all stacks are connected to only one uplink devices or cluster to maintain a logical L2 architecture so L2 will have predicable behaviour at all times.


L2 Isolation can be done by using port-isolation function which is mutch easier than doing muxing and just use different L3 subnets routed on a firewall to segment the area's as that will be mutch easier to maintain.

If cost / space is an issue you could consolidate in less stacks so you will need less switches as ports can host more functions. You can do this by creating a map of security level and only consolidate area's with adjecent security levels so the security contrasts of combined functions will be as little as possible.

But the earlier stated advice should still be followed.








View more
  • x
  • convention:
All Answers
(0) (0)
2#
DDSN
DDSN Admin Created Oct 15, 2020 07:57:36

Hi southside,
Please wait patiently. Our engineers are looking for answers to your questions.
View more
  • x
  • convention:
(0) (0)
3#
DDSN
DDSN Admin Created Oct 15, 2020 08:28:38

Hi southside,
I'm confused about your question. Are switches 1 and 2 connected to firewalls? You can describe your topology with a simple picture. In the meantime, what are your demands? The three VLANs on switch 1 cannot communicate with each other, but can each of the three VLANs communicate with the two VLANs on switch 2?
View more
  • x
  • convention:
(0) (0)
4#
Mash_man
Mash_man Created Oct 15, 2020 08:54:41

You could do this all on a single stack.  But I would recommand using a stack per logical function as the chance of having errors and incidents will decrease if properly designed.

Create each stack to have at lease 2 similar members to make sure you can do redundant LACP to hots in the segment. Set en configure only Vlans to be used in that area, no DMZ vlans on Public stack and vice versa.


Do logically segment management for the stacks per area.

And make sure all stacks are connected to only one uplink devices or cluster to maintain a logical L2 architecture so L2 will have predicable behaviour at all times.


L2 Isolation can be done by using port-isolation function which is mutch easier than doing muxing and just use different L3 subnets routed on a firewall to segment the area's as that will be mutch easier to maintain.

If cost / space is an issue you could consolidate in less stacks so you will need less switches as ports can host more functions. You can do this by creating a map of security level and only consolidate area's with adjecent security levels so the security contrasts of combined functions will be as little as possible.

But the earlier stated advice should still be followed.








View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.