Do you group servers into VLANs?

D

Danil2018-08-09 14:29:01

Computer networks

Danil, 2018-08-09 14:29:01

There are more than 10 servers that users access on the local network. Now divided users into different VLANs. Now the question is, what about the servers? Put them in the same VLAN and redirect users there? Put each server in its own VLAN? Move servers to VLANs in which users? How right?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

mikes, 2018-08-10
@mikes

Depending on tasks.
If the router is productive enough and allows you to flexibly write access rules (acl), output everything to separate vlans .
I would break it into the following groups
: 1. Domain controllers. And everything related to users (radius tactacs, etc.)
2. DMZ - servers accessible from the Internet (web servers, etc.)
3. Terminal servers (rdp farms, etc., where users can log in)
4. All other servers.

S

Stanislav Bodrov, 2018-08-09
@jenki

VLAN is a broadcast domain restriction technology that works at the data link layer. The goal is to reduce network load from broadcast requests. This is where you start dancing.
By topology: at the link level you have an asymmetric scheme - several servers to which many clients connect;
on the network - client-server architecture - there are servers that serve client requests.
Now, based on which servers, what requests should and how to serve, you need to look at what's what.