So if I were to go down the VLAN route, what might I need to do?
This is our topology:
Cisco 877 >>> Gig switch and clients >>> Gig switch and clients >>> Gig switch and clients >>> Gig switch and clients >>> Gig switch and clients >>> Gig switch and clients
It’s a long factory
Switches can be managed but are not currently managed.
Switches are connected as shown, with a single cable between each.
Access points are plugged into various ports along the way.
Many thanks.
Huh!
So when something happens to one of the first switches or cables between them, all of the rest is down?
And I assume, that will might down production as well?
I guess, I’d really be looking in a complete reorganization, more like setting up a central L3 switch and connecting the rest with fiber to that switch. This still would put you at risk that things fail, if the L3 switch fails, but depending on how critical this is, you could set it up in a HA manner.
Instead of doing all the routing on a switch – having pretty limited ACL/filtering capabilities, the routing and filtering could be taken over by a proper firewall. Unfortunately this will be a far more expensive option, as you would need a capable firewall for the traffic it will need to route and filter/inspect between subnets/VLANs.
I would suggest you to sit down with some good consultant from your area and talk over trough the options you have to improve your network layout and security, so you can start building a budget plan for the changes.
If the consultant is smart enough, they could also split the project into stages, to keep the budget acceptable.
Most important to keep in mind is the loss you could suffer, if things break and you are not prepared for it. If such a breakdown would stop production, than you have pretty good arguments to ask for reasonable funds to get safer from such unwanted events.