Hi all,
we have many switches (EOS and EXOS) and I would like to know if my design is OK or how to make it better.
We have switches in our DMZ but most of them in our LAN behind Internet and DMZ firewall.
All switches will be managed by a single separate management VLAN (inband - I didn't use the MGMT port).
Now I have to realize that some servers will be accessable direct via internet (without any firewall in front - don't ask why) and my idea is to use a X440G2 and let all ports in default vlan (without IP interface configuration) for the connection to the servers and use the MGMT port of the switch for management.
I would connet the MGMT port of the X440G2 directly to the internal management VLAN via a copper cable but I'm unsure that this will be the best and most secure solution.
Other option I know is to create an separate management vlan on the X440G2. But then I have to tag the unsecure traffic from the servers (vlan 1) and the management traffic (vlan 2) on the same port and try to separate this in the firewall.
Additional I have to add policies/acl at the X440G2 to protect management traffic from server traffic.
I've found some discussions here that I may get in trouble with the MAC address of the switch (because MAC address of switch is same on MGMT port ) or some people said - don't use the MGMT port - (the reason to say this were different then in my question) .
Because I'm new to Extreme Switches I would like to ask people with more experience. So any suggestions are welcome.
Thanks for your time.