Wired Networks Thread, Lan Extension: VLAN or Single Subnet HELP>> in Technical; Hello All,
I urgently need you guidance with this.>>> !
We currently run two servers, therefore domains split by a ...
14th July 2013, 02:31 PM #1
14th July 2013, 09:53 PM #2
What does your scope of work say with Virgin? Presumably you've specced this system to work how you wish, so if they've suddenly said that isn't how it's going to work then I'd tell them to do one, personally.
Can a knowledgeable person comment on any negatives in going to a single subnets
That very much depends on what problem you're solving by having more than one subnet in the first place. You're essentially maintaining two LANs, one for admin and one for curriculum right? That's not the way I'd do it these days, and you imply that you've only got one domain controller in each of the two domains and *that* would worry me a lot more than any possible security issues from a 'combined' LAN.
It's difficult to say for sure what work would be required to make this work the way you want, At the very least you're going to want switches on both ends that can route traffic onto the appropriate VLAN, and how much extra is needed on top of that is going to depend very much on the network config you have now.
14th July 2013, 10:04 PM #3
- Rep Power
Thanks for replying Roberto.
Yes Virgin said once the lan extension was in place it would be a matter of plugging in our ethernet switches and off we go. But not anymore!! They now suggest someone reconfigures the vlan and provides the necessary switches at each end or go to one subnet. I don't have the time to do either, nor want to do the latter. They said it should work out of the box and now are back tracking.. I think the single subnet is a cop out. !
We the school switches from LGFL 1 TO 2 they recreated the vlan, so don't understand why they don't want to do it from the lan extension? They say the kit that is being installed has only x1 RJ45 port... But thats not my issue.. well shouldn't be!
Can I asked, why yu would do the two domains, via a vlan? and why does having one DC in each domain worry you?
14th July 2013, 10:12 PM #4
If the equipment either end of this supports it, it just needs to be a trunk port so it carries both VLANs tagged, or I suppose one port of a switch either end could be the trunk that this "link" connects to. As you want to keep the traffic separate, you would not need to worry about a router or a layer 3 switch at each end. What will be the connection device at either end ?
14th July 2013, 10:23 PM #5
- Rep Power
At the main site there will be a Cisco 2951 G2 and a lan extension device of some sort at the other..
They have suggested that we provide 2 x 8 port switches and configure them, so you have 2 ports that are segmented at each end.
Surely, they should carry out the necessary configuration\kit so we can plug in Ethernet layer 2 switches, patch in and be off and running.
The whole set up was sold and plug and play!!
14th July 2013, 10:41 PM #6
According to what they are saying the "LAN extension device" must be capable of carrying tagged traffic for both VLANs else they wouldn't suggest the two 8 port switches. Assuming some of your switches have ports in both VLANs at the moment you would just need to replicate the configuration of your uplink from that switch to another port that would connect to the "LAN extension device" so
Site 1 Existing Switch with Trunk Port > "LAN extension device" > Site 2 Existing Switch with Trunk Port
The port config on the switch would be something like
You would just need to make sure your switches fabric at either side were up to carrying the extra traffic else new switches.
switchport mode trunk
Last edited by ChrisH; 14th July 2013 at 10:43 PM.
14th July 2013, 10:50 PM #7
- Rep Power
Hi Chris, so are you saying we would need vlan ethernet swithes either end?
Would these switches need any technical configuration, or just plug in and go?
14th July 2013, 11:10 PM #8
Okay I misread the equipment list slightly but yes you will need a switch configured with VLANs at each end.
Port 1 Trunk from the router or LAN extension at the other end.
Port 2 Admin VLAN uplink to rest of network.
Port 3 Curriculum VLAN uplink to rest of network.
You will need to configure the switches but I can give you a config if you let me know what ports you are using (assuming Cisco).
Last edited by ChrisH; 14th July 2013 at 11:11 PM.
14th July 2013, 11:25 PM #9
- Rep Power
Hi Chris, you have been very helpful.
Originally Posted by ChrisH
So just so I'm clear in my mind. The new vlan switches either end will require some sort of technical configuration?
If this is the case, and as we were told the vlan would be set up and ready to go, I think we will lay the problem back with lgfl.
Many thanks mate.
Btw, do you think their suggested single subnet alternative is a bit of a cop out?
14th July 2013, 11:42 PM #10
Yes they will require configuration because at the default configuration, all ports will be in the same VLAN. For this solution to work I am assuming that the traffic is being passed from that router or lan extension thingymebob with it's VLAN tag added. If this frame hits a port that is not configured to receive traffic from multiple VLANs (a trunk port) it will be dropped or just wont reach its intended destination.
The lack of ports complicates matters hence their 2 suggestions, I do however think that these days you should be operating on a single domain with the necessary security and multiple VLANs/subnets for traffic control and security, but this would depend on the size of your network and would require routers or layer 3 switches. If you want to talk further I am happy to talk on the phone tomorrow, pm me for my number if you would like to do this.
15th July 2013, 12:06 AM #11
- Rep Power
Thanks Chris, why is single subnet / domain over vlans and is that quite complex to configure?
The school has always operated on a vlan and it works well. As lgfl promised the vlan aka same set up would be in place with a lan extension, I feel they should see it through and make everything is in place, configured and working.. Don't you agree?
15th July 2013, 10:06 AM #12
What are the two Current switches at either end adn do they have a spare port?
We run SHDS ( what Lan Extension Services became about 4 years ago ( LES and EES are old terms ) across 5 miles , we don't actualy run vlans across it ( it's routed insted ) but that's because of poor install by the I.T. Contractor who did not do as we expected. It's not at all diffcult to do though if everythignis the same at both sites and you have a L3 switch at the core on each site.
15th July 2013, 10:08 AM #13
Regardless of havign two domains, you probably want to implement vlans.
The two domains could exist on the same VLAN though, many schools droped the idea of a Physicaly separate ( or vlaned ) Curriculum/Admin network many years ago.
16th July 2013, 12:32 AM #14
- Rep Power
Originally Posted by twin--turbo
16th July 2013, 01:06 PM #15
In many instances when teachers got classroom PC's or teacher laptops they needed to use resources from admin and curriculum systems and although possible the complexity outweighed the risk of a single network, this became more true when they started using wifi laptops on old wi-fi systems without vlan abilities.
The main security weak point is the user that leaves their workstation logged in and left unattended.
By SSTechIII in forum Wireless Networks
Last Post: 28th April 2008, 10:09 PM
By Ste_Harve in forum Wireless Networks
Last Post: 25th June 2007, 01:42 PM
By SimpleSi in forum Wireless Networks
Last Post: 11th February 2007, 01:51 PM
By tickmike in forum *nix
Last Post: 12th January 2007, 10:26 PM
By CM786 in forum Wireless Networks
Last Post: 6th August 2006, 08:20 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)