Network Management

I've been tasked with adding a new network to our existing LAN that will all be run on the same hardware but can only access the internet and one internal application for certain employees on their phones. The main purpose is to try and eliminate any malware/virus' from external sources. We have approx. 40 switches that are Aruba, Ubiquiti, and Cisco as well as 30 Aruba AP's. We currently use 6 different VLANs and our default VLAN has 4 subnets on it already. Our original plan was to use VRF however our L3 switches don't support it so my question is am I better off creating an entire new VLAN for this use case or just an additional subnet on the default VLAN? Also for some context I'm still preparing for CCNA and have only been exposed to this large of a corporate network for a little over a month so I've mainly been teaching myself as well learning from my manager.

------------------------------
Jacob Wetzel
------------------------------

Can you share a network diagram of what you have today?

In general, you should not have multiple subnets in the same VLAN and if you have this diversity of equipment, the network may have 'evolved' over time, and doing a re-design may be something to consider. For 'can only access the internet and one internal application for certain employees on their phones' you might need some firewall to do that right.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 24, 2021 08:03 AM
From: Jacob Wetzel
Subject: Adding a new network to existing LAN

I've been tasked with adding a new network to our existing LAN that will all be run on the same hardware but can only access the internet and one internal application for certain employees on their phones. The main purpose is to try and eliminate any malware/virus' from external sources. We have approx. 40 switches that are Aruba, Ubiquiti, and Cisco as well as 30 Aruba AP's. We currently use 6 different VLANs and our default VLAN has 4 subnets on it already. Our original plan was to use VRF however our L3 switches don't support it so my question is am I better off creating an entire new VLAN for this use case or just an additional subnet on the default VLAN? Also for some context I'm still preparing for CCNA and have only been exposed to this large of a corporate network for a little over a month so I've mainly been teaching myself as well learning from my manager.

------------------------------
Jacob Wetzel
------------------------------

Yes it has evolved tremendously in the past few years and its a work in progress re-designing as everything before was "just make it work" and never best practice. We do have a firewall that all traffic is routed through, we are also looking at the option of using access controls on the Aruba IAP's to accomplish the task as that would likely be the simplest option since everything they would need would only be ports 80 and 443.

------------------------------
Jacob Wetzel
------------------------------

Original Message:
Sent: Nov 25, 2021 05:35 AM
From: Herman Robers
Subject: Adding a new network to existing LAN

Can you share a network diagram of what you have today?

In general, you should not have multiple subnets in the same VLAN and if you have this diversity of equipment, the network may have 'evolved' over time, and doing a re-design may be something to consider. For 'can only access the internet and one internal application for certain employees on their phones' you might need some firewall to do that right.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 24, 2021 08:03 AM
From: Jacob Wetzel
Subject: Adding a new network to existing LAN

I've been tasked with adding a new network to our existing LAN that will all be run on the same hardware but can only access the internet and one internal application for certain employees on their phones. The main purpose is to try and eliminate any malware/virus' from external sources. We have approx. 40 switches that are Aruba, Ubiquiti, and Cisco as well as 30 Aruba AP's. We currently use 6 different VLANs and our default VLAN has 4 subnets on it already. Our original plan was to use VRF however our L3 switches don't support it so my question is am I better off creating an entire new VLAN for this use case or just an additional subnet on the default VLAN? Also for some context I'm still preparing for CCNA and have only been exposed to this large of a corporate network for a little over a month so I've mainly been teaching myself as well learning from my manager.

------------------------------
Jacob Wetzel
------------------------------