Help Needed Segmenting Existing Network with Sophos UTM Cisco Catalyst switches and RHEL6 Hypervisors

Sat May 23 17:36:18 UTC 2015

Diagramming is a little difficult right now,  but think of the current
state as router-on-a-stick without VLANs, that needs to have VLANs setup.

On Sat, May 23, 2015, 6:57 AM olushile akintade <olushile at gmail.com> wrote:

> Can you provide a quick diagram with the current subnet and traffic path?
> On Fri, May 22, 2015 at 7:51 PM Sina Owolabi <notify.sina at gmail.com>
> wrote:
>
>> Hi!
>>
>>
>> I am in a bit of a planning and implementation quandary and I'm hoping
>> to solicit implementation assistance on an already existing network
>> which needs to have segmentation and security.
>>
>> I have only remote access to the network which comprises a number of
>> Red Hat Linux 6-based hypervisor servers (hosting a multiplicity of
>> virtual machines in different networks), a Sophos UTM gateway device
>> (specifically ASG220) serving as a router, and two Cisco Catalyst 2960
>> switches (one on the internet side of the UTM gateway, and the other
>> allowing access to the UTM from the RHEL6 hypervisors).
>>
>>
>> There are a number of subnets defined on both the hypervisors and the
>> virtual machines, all using the Sophos UTM as their gateway to each
>> other, and to the internet. My task is to properly segregate access
>> and traffic between the devices, which do not have VLANs defined on
>> them. Remotely.
>>
>> My question is, can I create VLANs, and their trunk ports on the 2960
>> switches (especially on the LAN switch) that will segregate traffic
>> between the networks defined on the UTM, the hypervisors and their
>> guest machines, without causing network downtime?
>>
>> Is it best to attack the switches first, creating the VLANs there,
>> before implementing VLANs on the UTM and the hypervisors?
>>
>> I would be grateful for any planning assistance. The data center is a
>> long way away, and any downtime will be catastrophic.
>>
>>
>> Thanks in advance!
>>
>