+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Wired Networks Thread, Vlan basics in Technical; Hi Everyone, so it's come to the point where we need V-lans. i understand the concept (hence knowing it's time ...
  1. #1

    Join Date
    Jun 2010
    Location
    Cardiff
    Posts
    78
    Thank Post
    35
    Thanked 3 Times in 3 Posts
    Rep Power
    9

    Vlan basics

    Hi Everyone,

    so it's come to the point where we need V-lans.

    i understand the concept (hence knowing it's time to implement them) but am not really sure what to do for the best,

    as we have over 500 devices and only 12 cab locations i was thinking of segregating the network in two ways.

    1. by cab location
    2. Or Device location I.e It Suite etc

    if i go for option 1 would i just need to put all ports into say vlan 2 and leave the uplinks on the default vlan 1 ? so other traffic can pass ?

    so my setup would look something like

    Cab 1 - All ports vlan 2 uplink(s) vlan 1
    Cab 2 - All ports vlan 3 uplink(s) vlan 1
    Cab 3 - All ports vlan 4 uplink(S) vlan 1

    Or option 2 would be cab 1 switch 1, ports 1-20 vlan 2 uplink vlan 1 ports 21-47 vlan 4 etc

    any help ideas, or best practice much appreciated as always,

  2. #2
    ass17's Avatar
    Join Date
    Feb 2013
    Posts
    317
    Thank Post
    5
    Thanked 35 Times in 34 Posts
    Rep Power
    25
    The way we do it is:

    Servers
    Printers
    Wireless (8 vlans)
    Boilers
    TVs
    VoIP phones
    Admin PCs
    accounts PCs
    ICT tech PCs
    Catering Tills
    Curriculum PCs (separate vlan per building, 10 buildings)
    Internet router

  3. Thanks to ass17 from:

    richbrowncardiff (6th September 2013)

  4. #3
    DMcCoy's Avatar
    Join Date
    Oct 2005
    Location
    Isle of Wight
    Posts
    3,434
    Thank Post
    10
    Thanked 489 Times in 429 Posts
    Rep Power
    111
    What are you going to route the vlans with?

  5. #4

    Join Date
    Jun 2010
    Location
    Cardiff
    Posts
    78
    Thank Post
    35
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Thanks for your response guys. i was going to ask that question DMcCoy. Not sure what would be best the switches support l3 routing so can i use that or would i be better investing in a separate router ?

  6. #5

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    so it's come to the point where we need V-lans.
    Why?

    Not sure what would be best the switches support l3 routing so can i use that or would i be better investing in a separate router
    Stick with a good L3 Switch, as effectivly it is a router with multiple ports. Unlike a router which ususaly has limited port capacity which can become a problem.

    Rob

  7. #6

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,622
    Thank Post
    49
    Thanked 451 Times in 334 Posts
    Rep Power
    137
    As we already use Sonicwalls at our border gateway we use this to provide DHCP and inter VLAN routing, on many of our smaller sites its just easier to manage.
    On bigger LANs the L3 switch is obviously the better option.
    Using a simple router between port based VLANs is a good way to start and learn but L3 switches have far more throughput capability and cope with many VLANs easily.

  8. #7

    Join Date
    Jun 2010
    Location
    Cardiff
    Posts
    78
    Thank Post
    35
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Hi all thanks for your input. we need to implement the vlans as the broadcast traffic is quite high and the performance is starting to drop slightly i want to regain the performance (and all being well improve it) by implementing vlans i feel this would be the best way forward as we have good switches which like many we currently only use a fraction of the functionality available (Stacking, RSTP & Qos) am planning on using the l3 routing on the switches.

    cheers

  9. #8
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,457
    Thank Post
    349
    Thanked 255 Times in 210 Posts
    Rep Power
    98
    Quote Originally Posted by ass17 View Post
    The way we do it is:
    Admin PCs
    accounts PCs
    ICT tech PCs
    Why do you make a separate vlan for each of these? There's no real security benefit behind it considering everything can be secured at a file and authentication level so why would you need to add these to separate vlans from their local areas?

    Genuine question by the way, I'm not trying to sound argumentative.....though i can't help but see this as a mostly pointless exercise that it seems many here partake in, some even taking it to another level by splitting teacher and student machines vlans. I'm more interested in being convinced otherwise than trying to convince others that they're wrong in doing so though, but i remain very skeptical

  10. #9

    Join Date
    Jun 2010
    Location
    Cardiff
    Posts
    78
    Thank Post
    35
    Thanked 3 Times in 3 Posts
    Rep Power
    9
    Hi MrBios ! well personally i agree it comes down to need & choice. I want to segregate areas of the LAN to improve performance primarily the security benefit comes in as an additional definitive layer by giving the ability to effectively "hide" different devices / sections of the network from each other you are ensuring a more complete security structure throughout the Lan but by doing so your obviously adding an additional layer of management and complexity (depending on how its setup and also what the documentation includes) i have worked in a school with over 100 vlans. (in my view uber excessive) wherby admin printers were egregated from student printers!

  11. #10

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by richbrowncardiff View Post
    i have worked in a school with over 100 vlans. (in my view uber excessive) wherby admin printers were egregated from student printers!
    rediculous rather than excessive.

    we only have about 8 major vlans ( if that )

    what is you switch processor load, the droped packets, crc, runts , etc.

    appart from boot dhcp, what are the sources of the broadcasts?

    Rob

  12. #11
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,457
    Thank Post
    349
    Thanked 255 Times in 210 Posts
    Rep Power
    98
    Quote Originally Posted by richbrowncardiff View Post
    Hi MrBios ! well personally i agree it comes down to need & choice. I want to segregate areas of the LAN to improve performance primarily the security benefit comes in as an additional definitive layer by giving the ability to effectively "hide" different devices / sections of the network from each other you are ensuring a more complete security structure throughout the Lan but by doing so your obviously adding an additional layer of management and complexity (depending on how its setup and also what the documentation includes) i have worked in a school with over 100 vlans. (in my view uber excessive) wherby admin printers were egregated from student printers!
    I can understand the desire to hide a device from another device, if that device held anything of importance on it, but are your users in accounts really storing sensitive data on their client PCs anyway? Probably not, because most of the time we have network storage, things like FMS have everything stored in a database, that database requires authentication and is also held in a server, those servers are on a separate vlan....you see what I'm getting at right?

    End of the day i think my real question is what are you actually trying to protect? I can obviously only speak for myself here but the only sensitive data on my network is either A. in teacher shares/home folders or B. in SIMs/FMS both of which are secured from prying eyes with share security, file level security, database authentication etc. Those sensitive items are only visible to a client PC once a user has logged on, nothing sensitive is on the machines themselves. So where's the security benefit?

    The benefits to limiting broadcast traffic from PCs isn't going to be anywhere near as great as the benefit to limiting service broadcast traffic such as printers, tv systems, apple devices etc, so again from a performance standpoint i'd still argue that the additional management complexity isn't worth the effort. Especially when talking about admin/finance/office PCs we're taking 10s of PCs not 100s.
    Last edited by mrbios; 10th September 2013 at 11:15 PM.

  13. #12

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    We probably have 50 vlans on just one of our switches.

  14. #13

    twin--turbo's Avatar
    Join Date
    Jun 2012
    Location
    Carlisle
    Posts
    2,334
    Thank Post
    1
    Thanked 381 Times in 340 Posts
    Rep Power
    150
    Quote Originally Posted by apeman View Post
    We probably have 50 vlans on just one of our switches.
    why? is this a core for a multi site?

    TT

  15. #14

    Join Date
    Jul 2010
    Posts
    106
    Thank Post
    0
    Thanked 14 Times in 14 Posts
    Rep Power
    11
    Close, its one of the core switches for just one site but we are doing layer 3 to the edge via OSPF so each uplink has its own vlan.

    Our edge switches probably have between 12 to 16 vlans (Data,Voice,CCTV,IPTV,Printers,Cashless Vending,Wifi,Guest Data, Guest Wifi,Management, Plus 2 to 8 uplinks)

  16. #15

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,942
    Thank Post
    862
    Thanked 1,442 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    616
    We did it by cab with /24 VLANs when we did it 18 months ago, so (for example) MFL is all on one VLAN because it comes out of one cabinet in that block, same with English, Humanities... the only exceptions are major IT rooms, which tend to have a switch in situ for a single room so they're on /25 ranges, and printers which are on their own VLAN across the site - random ports here and there on every switch, with different colour patch cables for them.

    We route at the furthest point - i.e. if a cab has stacked level 3 switches that service an entire VLAN, route there. If a VLAN spans multiple non-stacked switches then it has to be routed at the core (e.g. printers, some cabs with older switches). Saves on traffic on the backbone.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. ProCurve 2910 basic VLANs
    By maestromasada in forum Wired Networks
    Replies: 6
    Last Post: 21st August 2012, 06:44 PM
  2. Basic VLAN
    By mcnallyfc in forum Wireless Networks
    Replies: 1
    Last Post: 2nd February 2011, 01:43 PM
  3. visual basic 2005 beta 2 tutorials ?
    By mac_shinobi in forum Coding
    Replies: 4
    Last Post: 14th December 2006, 09:43 PM
  4. Replies: 0
    Last Post: 26th August 2005, 01:29 AM
  5. CSS Basics & Demos
    By Diello in forum Web Development
    Replies: 14
    Last Post: 19th July 2005, 08:46 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •