Quote:
Originally Posted by Mindflux  howarweb: the ASA5505 (top of the pyramid) does 3 VLANs. It's currently doing 2, outside and inside. I can add another one.
One of my biggest problems with this is even though port 1 is 10.x and port 2 is 172.x, because some of the offices are mixed between subnets but share common wiring back to the closet.. I cannot simply take computer 2,3,8 and 9 and plug them into a switch that is uplinked to a designated VLAN port. |
You are correct from your first posting this can be complex.
Also there are so many alternatives.
I am not totally familiar with the features of the ASA5505 security device (Firewall) but it sounds to me that you need better switches at your end-workstation level.
I hope that the business that you are doing this for can consider a switch upgrade. A VLAN will best accomplish what you want, but your switches are going to need the ability to understand VLANs (not the ASA5505). You could setup VLANs by subnet addresses, but this will add delays to your network because most of the traffic would need to be evaluated by the ASA5505.
So my recommendation is to upgrade the hardware. Switches with per-port (or MAC) VLAN capabilities are not that expensive and it would be a good investment long term.
After looking at your post a little closer a MAC VLAN may suit you better, which would mean that you only have to change the netgear switch and network performance would not suffer as much. The per-port however will give you the best performance and easiest manageability.