Network Architecture

Layer	Device	Model	Redundancy
Internet Edge	Firewall	Palo Alto PA-5450	Active/Passive pair
Core / Border	Router	Cisco Catalyst 9500-48Y4C	VSS pair
DC Spine	Switch	Cisco Nexus 9364C	vPC pair
DC Leaf	Switch	Cisco Nexus 9300-FX	vPC pair per rack row
OOB Management	Switch	Cisco Catalyst 9200	Per-row, separate OOB fabric

VLAN ID	Name	Subnet	Zone
10	CORP-STAFF	10.10.10.0/22	Internal trusted
20	CORP-MGMT	10.10.20.0/24	IT management
30	VOIP	10.10.30.0/24	QoS tagged
40	PRINTERS	10.10.40.0/24	Restricted egress
50	GUEST-WIFI	10.10.50.0/23	Internet breakout only
60	IOT-DEVICES	10.10.60.0/24	Isolated, no corp access
100	SERVERS-PROD	10.0.10.0/22	DC1 production servers
110	SERVERS-MGMT	10.0.20.0/24	DC1 OOB management
200	DMZ-EXTERNAL	10.0.100.0/28	Internet-facing services

DSCP	Class	Traffic Type	Bandwidth
EF (46)	Voice	VoIP RTP	15%
AF41 (34)	Video	Video conferencing	20%
AF31 (26)	Critical Data	ERP, finance apps	25%
AF21 (18)	Business Data	General corporate	25%
BE (0)	Best Effort	Internet, guest	15%

¶ Network Architecture