I am setting up a Dell 6248 combining separate switches used previously. I am planning the following architecture:
VLAN 1 - External traffic (each server's public interface connects to this)
VLAN 2 - Internal communications (server to server via GiGe - each server's internal interface connects to this. This network is a 192.168.1.* range
VLAN 3 - iSCSI network - 192.168.2.* range (iSCSI participating servers have an interface connecting to this along with the iSCSI device
VLAN 4 - iSCSI secondary/MPIO network - 192.168.3.* (iSCSI participating servers and iSCSI device connected)
My question is in the scenario above, is it even required to separate any of these into separate VLAN's or does the switch automatically manage who can handle what? Secondarily, if public is it's own VLAN, can VLAN's 2, 3, and 4 be a single VLAN or does 192.168.1, 192.168.2, and 192.168.3 require VLAN isolation?
Thank you
Nothing REQUIRES VLAN separation.
Switches don't automatically do anything except SWITCH traffic.
That being said, your design looks perfectly OK. You're segregating your public and private traffic and you're isolating your iSCSI traffic.
You could put all of the internal traffic (including the iSCSI traffic) on a single VLAN but that's not recommended and isn't considered best practice.
First; We are in the same situation right now. We are building a new design on our cloud using Force10 and Juniper networks and we created 7 or 8 different VLANs. This is because we are planning a massive amount of servers behind this network and we wanted to secure network starting from basics.
However our previous network was without a VLAN and we have secured the iSCSI, local and management network by using dynamic firewall rules and by programming switch using SDN methods. So if you can manage you dont need for VLANs. (As far as I know, your switch does not support this)
Second; Its totally up to you to take those IPs into different VLANs. As I mentioned above, if you want to secure your network using basics or if you think that there will be wrong usage of the network that may create problems you should do that.
On the other hand; you should also look from the management perpective. The more standart network you make, the more ease your job in the future. Do not forget to think about learning curve for your design for other system admins. If you are the only guy there and will be, its okey to make complex architectures but if you are a system admin, you sould think about other admins coming behind you. Plus if your system admins are dumb as ours you should again create a network that does not create problems to you :)