VLAN Networking Question

Hello everyone,

I’m setting up VLANs to segment our network for better organization and security:

  • VLAN 10: Main Network
  • VLAN 20: Guest Network
  • VLAN 30: Secondary Main Network
  • VLAN 40: Secondary Guest Network
  • VLAN 50: VOIP
  • VLAN 99: Management

I plan to assign DHCP scopes to each VLAN and ensure proper routing. Given our limited resources, should I configure VLANs and inter-VLAN routing on our dinky little Cisco C1300 switch or the SonicWall firewall? What are the performance and security implications of each approach?

Any advice is appreciated! I’m relatively new to networking, and our team is small with limited expertise.

Thank you!

I’m always a firewall guy for L3. You might get a little performance boost when doing the routing on the switch itself, but not significant. I like to manage all the rules and routing in one place rather than multiple switches.

Of course it depends on the horse power of the firewall to handle multi gigabit speeds.

3 Likes

Performance-wise, I think it depends on how much inter-VLAN routing your will do. I would try to design your VLANs in such a way that youneed as little inter-VLAN routing as possible. In my home network, I have the following VLANs: Main, Guest, IoT, Televisions, Server, and server management. There is absolutely NO inter-VLAN routing for Guest, IoT and Televisions.Otherwise the majority of my inter-VLAN traffic is from my main network to services on the server network, and even then I have servers/services that sit in my Main VLAN. Server is reserved only for stuff that reaches the internet (Nextcloud, Wordpress, Cloudflared).

1 Like

Thank ya’ll for your input and suggestions. Starting to clear things up for me. We will have very minimal inter-VLAN routing and of course none for guest networks.

Just trying to navigate how to handle DNS across the VLANs but I’m getting there.

Again thank you for your responses!

I second what @xMAXIMUSx said here, doing L3 stuff on the firewall is almost always the way to go.

Exceptions to this are typically for really big scale routing where a single firewall just can’t do it all, that’s kinda why L3 switches exist, it’s supplemental for high performance environments.

I will say one other exception might be if you have a central management setup for it like Unifi, their L3 ACL stuff leaves a lot to be desired, but having it all in the same management plane is easier to organize and make sure you aren’t doing something wrong/allowing traffic you don’t want to allow.

DNS wise, your sonicwall should be able to provide DNS to all the VLANs you setup for it.