+ Post New Thread
Results 1 to 14 of 14
How do you do....it? Thread, Vlan review in Technical; Hi all.. I am thinking about changing my current vlan setup. As the network grows I round like to further ...
  1. #1

    Join Date
    Feb 2007
    Posts
    205
    Thank Post
    6
    Thanked 9 Times in 9 Posts
    Rep Power
    17

    Vlan review

    Hi all..

    I am thinking about changing my current vlan setup.
    As the network grows I round like to further reduce broadcast traffic and any unnecessary security issues.
    I just wanted to know how you guys did it as every school I speak to do it differently.

    I know this has been covered but it was some time ago.

    For eg do you have them for printers, phones wireless etc.

    Or do you do them by departments or blocks.

    What scopes have you got configured?

  2. #2
    newpersn's Avatar
    Join Date
    Nov 2010
    Location
    Gloucestershire
    Posts
    1,260
    Thank Post
    288
    Thanked 112 Times in 85 Posts
    Rep Power
    83
    Ours is done by blocks.

    Servers on vlan2
    Downstairs on vlan3
    Upstairs on vlan4
    It suites on vlan 5
    Outside blocks on vlan 6
    Wireless on vlan 8

  3. #3

    Join Date
    Feb 2007
    Posts
    205
    Thank Post
    6
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    Quote Originally Posted by newpersn View Post
    Ours is done by blocks.

    Servers on vlan2
    Downstairs on vlan3
    Upstairs on vlan4
    It suites on vlan 5
    Outside blocks on vlan 6
    Wireless on vlan 8
    That's great thanks.

    How many clients have you got?

    What mask you using?

    What core switch have you got installed?

  4. #4


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    THis is our vlan topology

    network topology.xlsx

  5. #5

    Ric_'s Avatar
    Join Date
    Jun 2005
    Location
    London
    Posts
    7,600
    Thank Post
    109
    Thanked 769 Times in 598 Posts
    Rep Power
    181
    @CyberNerd: Aren't /23 subnets a little excessive? Never mind the /16 for your servers!

  6. #6


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Ric_ View Post
    @CyberNerd: Aren't /23 subnets a little excessive? Never mind the /16 for your servers!
    The 16 is historic - before we vlanned, everything was 16 so rather than change the scope, we added other vlans and slowly migrated everything off the 16 subnet.
    The 23's are too big at 500 devices per vlan- but I don't think that matters because it's all RFC1918, it'll never get to that many devices. I could have chosen a smaller subnet, but I dont see any issue other than it looking quite big.

  7. #7

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Broken up by logical elements

    Servers
    IPT
    Printers
    Guest
    Catering
    ILO ( and other Management interfaces )
    Door Access
    BYOD
    Client ( more than 1 )

    Etc....

    With redundant routing at the CORE(s)


    Rob

  8. #8

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,529
    Thank Post
    301
    Thanked 304 Times in 263 Posts
    Rep Power
    83
    Quote Originally Posted by CyberNerd View Post
    The 16 is historic - before we vlanned, everything was 16 so rather than change the scope, we added other vlans and slowly migrated everything off the 16 subnet.
    The 23's are too big at 500 devices per vlan- but I don't think that matters because it's all RFC1918, it'll never get to that many devices. I could have chosen a smaller subnet, but I dont see any issue other than it looking quite big.
    Interesting VLAN number for your blade centre management . I also tend to use /23's for most of our "fixed building switch stack" VLANs with wireless pools normally being a /22 or /21 (dependant on wireless usage). We've also got a /20 that our servers sit on due to historic setup that was decided before I started and was easier to just continue with it while we migrated away from a flat network

  9. #9

    Join Date
    Jan 2009
    Location
    England
    Posts
    1,529
    Thank Post
    301
    Thanked 304 Times in 263 Posts
    Rep Power
    83
    Forgot to say that we currently have around 15 VLANs for various things. Mostly our VLANs are centered around separate comms room/floor location (similar to @CyberNerd), along with separate VLANs for each wireless SSID, servers/printers, DMZ, VPN connections and VoIP phones.

  10. #10

    Join Date
    Jul 2006
    Location
    London
    Posts
    1,264
    Thank Post
    111
    Thanked 242 Times in 193 Posts
    Blog Entries
    1
    Rep Power
    74
    Design and implement once, sit back and feel relaxed when your are ready for pretty much anything. Here is what we have in place:

    Network Devices Management
    Servers
    Clients Area 1
    Clients Area 2
    Clients Area 3
    Clients Area 4
    VOIP
    Printers
    Wireless Students 1
    Wireless Students 2
    Wireless Staff 1
    Wireless Staff 2
    BYOD 1
    BYOD 2
    Wireless Guests
    Building Control Systems
    Access Control Systems
    Cashless Catering
    IPTV
    DMZ1
    DMZ2


    Everything works better if you can restrict the number simultanesous devices per subnet to <256. For Wireless this is pretty much essential. Our core switch/router has ACL rules to restrict packets between some of the subnets. Not all of the subnets are used. (for example only one of the 'Areas' subnets is in use due to the physical toplogy of the site and low client count, the BCS 'VLAN is awaiting the existance of a BCS which may never happen, many of the 'second' vlans are there ready for when our relevent device count makes then necessary to employ)


    If you want to get fancy, you can have two MSTP groups and load balance your vlan traffic across links that would otherwise be redundant. <- I've never done this. I have seen it done. It adds to complexity, which may not be a good thing depending on the skill available when adding additional network devices.

    Also my subnets for each vlan are HUGE. This is because for simplicity they are all the same size (I only ever have to remember the subnet mask and the ip of the first host...). The BYOD/Guest subnet needs to be large because the churn rate of devices through it when considered from teh point of DHCP leases means that smaller ones are at risk of IP exhaustion when we have ramped up to our expected device levels. I could have set shorter lease times for those subnet, but why make more work and differing configurations when the standard one will do?

    Core is an HP A5500 Stack (Comware). A Cisco engineer can get it to do pretty much anything I need it to after spending 15 minutes with the documentation.
    Last edited by psydii; 25th February 2013 at 02:30 PM.

  11. #11

    Join Date
    Feb 2007
    Posts
    205
    Thank Post
    6
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    That's the core I have..

    Could I see you documentation for this please.

    So I'm assuming you have dhcp scopes for each?

    Do any of you use wds? Does the ip helper work in the same way,

    Thanks

  12. #12
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,493
    Thank Post
    519
    Thanked 290 Times in 266 Posts
    Rep Power
    82
    If your using VLANs and want imaging, if DHCP is on another server just use the next-server option, it'll work and your clients (even on a different IP Range) should get an address providing your firewalling is setup correctly.

    I have VLANS setup as below.

    VLAN 50 - Servers
    VLAN 80 - Clients
    VLAN 99 - Guests
    VLAN 101 - Phones / VOIP
    VLAN 102 - WIFI
    VLAN 166 - LAB Network
    VLAN 77 - Environmental

    My imaging servers (Fog, ZEN, WDS) are all on the servers VLAN, but in my pfsense router I have the next-server option set to the IP of my imaging server, all of my clients when I reboot and boot to Network get the correct range and start imaging, I can even boot into Linux or GParted if need be using PXE.

    All of our network security is on the servers VLAN also, Firewalling, Proxying, AV etc and everything on the other VLANS goes through fine.

    So if IP Helper shouldn't make a difference in this case.

  13. #13

    Join Date
    Feb 2007
    Posts
    205
    Thank Post
    6
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    I can't seem to get my clients vlans to obtain an ip from dhcp. I have configured dhcp with a new scope and created a new interface with the same mask but it just won't get an address.

  14. #14

    Join Date
    Feb 2007
    Posts
    205
    Thank Post
    6
    Thanked 9 Times in 9 Posts
    Rep Power
    17
    I just need to add the route!!! Silly me

SHARE:
+ Post New Thread

Similar Threads

  1. VLAN setup
    By dezt in forum Wireless Networks
    Replies: 4
    Last Post: 29th November 2006, 08:36 AM
  2. Question about VLans.............help?
    By Kyle in forum Windows
    Replies: 11
    Last Post: 6th November 2006, 12:48 PM
  3. RC1 review at Anandtech
    By Geoff in forum Windows Vista
    Replies: 2
    Last Post: 4th October 2006, 09:42 PM
  4. How do you seperate your networks. Subnet / Vlan
    By drjturner in forum Wireless Networks
    Replies: 16
    Last Post: 28th September 2006, 07:24 AM
  5. Changing port vLANs on an HP ProCurve switch
    By MrDylan in forum Hardware
    Replies: 6
    Last Post: 9th March 2006, 03:13 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •