+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 30
Wired Networks Thread, Size of VLANS in Technical; Hi, When creating multiple VLANs for clients, purely for the purpose of cutting down broadcast and segmentation (for example if ...
  1. #1

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,319
    Thank Post
    902
    Thanked 1,799 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    466

    Size of VLANS

    Hi,

    When creating multiple VLANs for clients, purely for the purpose of cutting down broadcast and segmentation (for example if something start flooding a vlan causing problems or a dodgy DHCP) how many clients do you put in each VLAN please?

    Its just for a size really not locations etc

    Thanks
    Last edited by FN-GM; 3rd April 2013 at 09:07 PM. Reason: more nfo added

  2. #2
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    I usually did /24 but mostly machines were grouped by type and area, some core vlans and individual ones for each switch for student machines connected to it.

  3. #3

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    16,319
    Thank Post
    902
    Thanked 1,799 Times in 1,550 Posts
    Blog Entries
    12
    Rep Power
    466
    Thanks, do you usually fill up all of the /24 vlans?

  4. #4

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    6,366
    Thank Post
    613
    Thanked 1,133 Times in 867 Posts
    Blog Entries
    15
    Rep Power
    497
    We're making sure there won't be any problems with the existing ones we're currently setting up - so we have a couple of /25s for misc bits, most of them are /24s, each of our sites are /22s and our wireless inc guest is a /20.
    We won't be running out this time! /shakes fist!

  5. #5
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,491
    Thank Post
    10
    Thanked 502 Times in 442 Posts
    Rep Power
    114
    No, but I didn't have to worry about large numbers of wireless devices at the time, it may be better to have a slightly larger subnet for that vlan. For rooms/trolleys/admin/teaching it's usually fine.

  6. #6
    cpjitservices's Avatar
    Join Date
    Jul 2010
    Location
    Hessle
    Posts
    2,561
    Thank Post
    530
    Thanked 295 Times in 271 Posts
    Rep Power
    84
    For Management VLANS we usually use a subnet for the correct number of devices +10 for expansion, same for the servers VLAN although generally these days we use /24's on server VLANs, PC VLANs we make the same size as users, if we had so many users and machines we would create VLANS with the right subnet size for users. Guest wifi is /28.

    We manage fine, Makes it easily manageable.

  7. #7
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,545
    Thank Post
    4
    Thanked 101 Times in 97 Posts
    Blog Entries
    1
    Rep Power
    53
    Does anyone use variable length sub-net masking for their Vlans?

  8. #8

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    15
    Some would argue that your vlans should not extend past the local switch.

  9. #9
    nicholab's Avatar
    Join Date
    Nov 2006
    Location
    Birmingham
    Posts
    1,545
    Thank Post
    4
    Thanked 101 Times in 97 Posts
    Blog Entries
    1
    Rep Power
    53
    That would mean that every switch cab would need an L3 switch. I used that design before but with each cab on /24 and routing at the centre on a hp 4108gl.

  10. #10

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,270
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by Destinova View Post
    Some would argue that your vlans should not extend past the local switch.
    And they may be missing the point, as above this would require L3 at every cabinet or at the least multiplying the backhaul links by the number of VLANs.

    The size depends on what kind of broadcast domain your system can cope with and what kid of isolation you want. We break stuff up into smaller subnets to limit broadcast domains - making bandwidth usage a little more efficient which can be big on wireless. It also helps limit certain attack and fault vectors like loopbacks and ARP poisoning.

    There can be additional security concerns using VLANs for isolation if you have trunked ports out in the open but the benifits almost always outweigh the risk.

  11. #11


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Most of the decent switches are L3 anyway, and it does make a good deal of sense. Some would even argue that the uplinks should be OSPF VLAN's of their own (ie a vlan of 2). There isn't any point in polluting uplinks with random traffic that doesn't need to be there. I've got 4 links like this and it works pretty well.

  12. #12

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,270
    Thank Post
    884
    Thanked 2,747 Times in 2,321 Posts
    Blog Entries
    11
    Rep Power
    785
    Quote Originally Posted by CyberNerd View Post
    Most of the decent switches are L3 anyway, and it does make a good deal of sense. Some would even argue that the uplinks should be OSPF VLAN's of their own (ie a vlan of 2). There isn't any point in polluting uplinks with random traffic that doesn't need to be there. I've got 4 links like this and it works pretty well.
    If you can afford switches like that, if you are looking mid range most are the old school type of basic routing and not layer 3 bridging so you get some hefty penalties on traffic speed and latency. It also depends on how big your system is, we ahve a 5412zl at the core that happily does all the layer 3 bridging, we could have the lesser 2900 series do it but their featureset is way more limited and it just makes more sense to do it at the core. Almost all of our traffic traverses back to the core anyway so the traffic patterns are not markedly different. If our resources were much more distributed then a different structure may be benificial.

  13. #13

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    Quote Originally Posted by CyberNerd View Post
    Most of the decent switches are L3 anyway, and it does make a good deal of sense. Some would even argue that the uplinks should be OSPF VLAN's of their own (ie a vlan of 2). There isn't any point in polluting uplinks with random traffic that doesn't need to be there. I've got 4 links like this and it works pretty well.
    We have a setup like this (Very dense Layer 3 to the Edge) each switch has 5 to 10 vlans for various services and also additional vlans for OSPF uplinks. All service vlans are /24 and OSPF vlans are /30 (if i remember correctly)
    I must say this setup is a pain in the A*se to admin and wireless clients hate it as they are constantly roaming and changing IP.

  14. #14


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by SYNACK View Post
    If you can afford switches like that, if you are looking mid range most are the old school type of basic routing and not layer 3 bridging so you get some hefty penalties on traffic speed and latency. It also depends on how big your system is, we ahve a 5412zl at the core that happily does all the layer 3 bridging, we could have the lesser 2900 series do it but their featureset is way more limited and it just makes more sense to do it at the core. Almost all of our traffic traverses back to the core anyway so the traffic patterns are not markedly different. If our resources were much more distributed then a different structure may be benificial.
    I think it's good practice to keep data, that doesn't need to be there, away from the uplinks and the core; even if that comes at a cost of overall switching capacity. The caveat would be if there was a lot of traffic that needs to go between the PC's, which is rarely the case.

    It does sound like I'm running a much bigger network with over 50 switches and 80 AP's. 4x A5800's on the core. A mix of 4800's and 5500's at the near edge (where I do the majority of OSFP routing) and a mix of 3600SI 5120 SI and (mostly) 4500's at the edge and a sprinkling of 4500G POE's.

  15. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by apeman View Post
    I must say this setup is a pain in the A*se to admin and wireless clients hate it as they are constantly roaming and changing IP.
    I actually find it easier to admin - the reason being is that it is far easier to diagnose a problem with/in a discrete network than one where traffic is going through multiple switches. We've got a MERU setup, and wireless clients don't even notice the difference if they go between different AP's
    Last edited by CyberNerd; 4th April 2013 at 09:33 PM.



SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Changing standard font size of paragraph
    By Vipered in forum EduGeek Joomla 1.0 Package
    Replies: 3
    Last Post: 25th April 2008, 01:35 PM
  2. Trimming the size of profiles
    By zag in forum Windows
    Replies: 18
    Last Post: 23rd April 2008, 01:27 PM
  3. What is maximum size of a document can be printed?
    By onder in forum How do you do....it?
    Replies: 8
    Last Post: 31st March 2008, 02:40 PM
  4. Replies: 2
    Last Post: 27th February 2008, 04:10 PM
  5. Replies: 7
    Last Post: 18th May 2007, 12:42 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •