It can get a bit tedious when changing the design of your network, if you have an existing configured network, it’s harder to change it then implement a new one all together.
If you look at a company’s network, it’s focal point is its firewall. Behind each interface is a network or a group of networks.
On the 3-layer switch level, you’ll have the VLANs configured and on that switching level, there are routing capabilities, all is routed to the gateway. ex. users private network will be routed to a single firewall interface (172.17.1.1), where as your DMZ private network, has it’s own interface on the firewall.
When changing the network, do it one step at a time, have your design layout and let it make sense, if you have VLANs, name your VLANs correlated with the network IP settings, ex. VLAN 3 is configured for network 10.3.x.x, something to make your life easier for future troubleshooting.
Change one thing a day (VLAN/switch) and start with the least network usage department/users. Which locations, uses the network resources less, they don’t depend on the email system, Internet, etc. Most of their tasks are local to their PCs. Preferable, if it has the less users mixture, what we call direct users who are configure on another level, firewall, to use services other than the normal ones, like direct access to application servers.
Adding a new VLAN, doesn’t mean you delete the old one, keep it still, the same VLAN maybe configured somewhere else you aren’t aware of and needs to be routed.
Don’t forget to go beyond the switch level, your firewall needs to be aware of the new settings. Route the new network to the proper interface and don’t forget to add the network group on the firewall application, it has to know that this is a valid network residing behind that specific interface, ex. network 10.x.x.x is behind interface 172.17.1.1, or else the firewall will drop the packets presuming it some kind of spoofing attack. These settings are needed for users with public IPs natted to their private ones.
Check everything after each configuration, even if you think it won’t effect what you are checking, believe me with IT crazy things that don’t make sense happen all the time!
Write everything down, day and what tasks were done and build up your documentation through that.
Leave the servers network last, this is a huge headache, you can have both old and new server network, working side by side, routing between each other and gradually shift them and don’t forget to PRAY throughout the whole process 
Recent Comments