Help Needed Segmenting Existing Network with Sophos UTM Cisco Catalyst switches and RHEL6 Hypervisors

olushile akintade olushile at gmail.com
Sat May 23 05:57:36 UTC 2015


Can you provide a quick diagram with the current subnet and traffic path?
On Fri, May 22, 2015 at 7:51 PM Sina Owolabi <notify.sina at gmail.com> wrote:

> Hi!
>
>
> I am in a bit of a planning and implementation quandary and I'm hoping
> to solicit implementation assistance on an already existing network
> which needs to have segmentation and security.
>
> I have only remote access to the network which comprises a number of
> Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of
> virtual machines in different networks), a Sophos UTM gateway device
> (specifically ASG220) serving as a router, and two Cisco Catalyst 2960
> switches (one on the internet side of the UTM gateway, and the other
> allowing access to the UTM from the RHEL6 hypervisors).
>
>
> There are a number of subnets defined on both the hypervisors and the
> virtual machines, all using the Sophos UTM as their gateway to each
> other, and to the internet. My task is to properly segregate access
> and traffic between the devices, which do not have VLANs defined on
> them. Remotely.
>
> My question is, can I create VLANs, and their trunk ports on the 2960
> switches (especially on the LAN switch) that will segregate traffic
> between the networks defined on the UTM, the hypervisors and their
> guest machines, without causing network downtime?
>
> Is it best to attack the switches first, creating the VLANs there,
> before implementing VLANs on the UTM and the hypervisors?
>
> I would be grateful for any planning assistance. The data center is a
> long way away, and any downtime will be catastrophic.
>
>
> Thanks in advance!
>



More information about the NANOG mailing list