A new managed switch is ready. What should we do next?
A new managed switch is ready. What should we do next?
Begin with the fundamentals of VLANs, native VLANs, and SVI (VLAN interface). These concepts will help you become comfortable with the switch and allow you to isolate your test equipment from the firewall. For security-focused work, progress to L2 security measures such as MACSEC, 802.1x, STP, BDPU guard, root guard, and stormcontrol. These are the standard L2 protocols used in production environments.
It's confirmed. When setting up your own VLAN for a specific purpose and not routing it back to the firewall, all devices will lose external connectivity. This is where SVIs or VLAN interfaces come into play. You can set up DHCP on the switch, and the SVI will handle DHCP requests. VLANs operate at layer 2, functioning as virtual LANs. Devices within the same subnet and VLAN communicate directly through the switch, without needing routing. Routing is only necessary when you need to reach devices in different subnets. If routing is required, SVIs are useful again, but trunking the VLAN back to the firewall is generally not recommended.
Subnets are groups of IP addresses within the same network, allowing devices to communicate directly. Using 192.168.1.0/24 as an example, the range spans from 192.168.1.0 to 192.168.1.255. All devices in that area share the same subnet and can interact without issues, provided VLANs are confined to the switch and not merged into the broader network.