Wired Networks Thread, Introduce VLAN in stages in Technical; I'm trying to get my head around something and would appreciate people's thoughts.
We need to introduce VLANs for our ...
28th August 2014, 10:23 PM #1
Introduce VLAN in stages
I'm trying to get my head around something and would appreciate people's thoughts.
We need to introduce VLANs for our phone and CCTV systems (initially, maybe more services in future) but due to current switches it is not fully possible.
However we are having a new building built and are installing Layer2 switches so this would be a good time to start the VLAN setup which we would then take site wide as and when switches are replaced.
First question - is it possible to do this?
I'm thinking to keep the default VLAN ID 1 for all computers etc, a VLAN 10 for CCTV and VLAN 100 for phones.
I then set all uplinks as Trunk ports on the new switches. I tag the phone system on VLAN 1 and VLAN 100 and the CCTV to VLAN 1 and VLAN 10.
I understand that by doing this I won't see a benefit yet until all switches are replaced and configured but I hope to use this as a starting point.
Any thoughts would be appreciated.
28th August 2014, 10:44 PM #2
I am in a similar boat. I have no inter vlan routing setup but have a separate VLAN for some of the chromebooks. The other VLAN is just set up on wireless so the WIFI ports are set to trunks. The only bit I change the PVID is on my smoothwall port for the second VLAN
28th August 2014, 10:56 PM #3
You shouldn't need to do that on the smoothwall. Setup a static route on your core L3 switch pointing to smoothwall. Then add the second subnet in the smoothwall network settings. We have a large number of VLANs with only 1 interface on the internal side on smoothwall.
To put an ip route it on a Cisco switch run the following command in global configuration mode.
IP Route 0.0.0.0 0.0.0.0 <Smoothwall IP>
29th August 2014, 05:28 AM #4
- Rep Power
Why do you want the CCTVs on VLAN 1 and VLAN10? And why would you want the phones on VLAN 1 and VLAN 100? Defeats the whole purpose of having VLANs and switches in the first place.
So, this is how we have our network set up.
VLAN 1, computers
VLAN 2, Phones
VLAN 3, Server to Server
VLAN 4, Guest
VLAN 5, Cameras
VLAN 6, Apple TVs
VLAN 1 is Computer traffic
VLAN 2 doesn't talk to the other VLANS. There is a route in the Dell SonicWall that lets the server VLAN talk to it, but the only traffic on the VLAN is phone.
VLAN 5 is like VLAN2, except the NAS we have has two ports, one is for all the cameras to come into and be recorded on. The other is a VLAN1 port on the NAS so certain people can view the cameras. No other traffic goes on VLAN 5
VLAN 3 is strictly inter-server traffic on two switches.
VLAN 4 is our Guest network. It only has that traffic and goes to our low/free comcast internet connection
VLAN 6 is for Apple TVs. The Ruckus wireless has a separate SSID/radio for the apple TVs to be on, and then they use a bonjour gateway on the Ruckus. This cuts down the chatter on the wireless network dramatically. Only VLAN 1 can talk to VLAN 6, and only certain ports for Apple TV stuff.
The idea of VLANs is to keep the traffic segregated so you have more overall bandwidth. When you "trunk" them to another switch, you just need to make sure you tell it what traffic you want on it. For some of our switches, the camera VLAN is the only thing going to another switch as there are more cameras on that switch, and more data. So we keep the traffic to the one fiber run back to another switch.
Originally Posted by snagrat
29th August 2014, 06:21 AM #5
Because I have a lot of switches I can't configure which will have phones and CCTV on them.
Originally Posted by ericdano
I know it defeats the object by tagging them on VLAN 1 but I need Phones/CCTV on the older switches to still work until those switches are replaced by managed switches.
Once all switches are managed I can remove the VLAN 1 as a tag.
Does that make sense? If I'm talking rubbish then please set me straight!
29th August 2014, 06:35 AM #6
You could set them up, and just leave the PVID at 1 until you have all your switches in place. You don't really want to tag (T) aka trunk the vlans unless you are using wifi with multiple SSID, trunking uplinks is fine.
eg ports 1-10 vlan 1 - pvid 1 all set to U
ports 11-20 vlan 10 - pvid 10 all set to U
ports 21-23 vlan 100 pvid 100 all set to U
port 24 uplink tagged on all vlans
This is my understanding anyway (802.1q vlan)
Why are people using vlan 1 ? Isn't this normally the management vlan ?
3rd September 2014, 03:28 PM #7
- Rep Power
You'd normally leave vlan1 well alone as the default one, move management etc onto other random numbers.
Originally Posted by caffrey
By Richings110 in forum Network and Classroom Management
Last Post: 5th July 2013, 01:07 PM
By garethedmondson in forum Thin Client and Virtual Machines
Last Post: 18th April 2013, 02:11 PM
By kumar in forum Wired Networks
Last Post: 11th June 2012, 12:39 PM
Last Post: 17th March 2010, 09:52 PM
By CPLTD in forum Our Advertisers
Last Post: 13th July 2008, 09:26 AM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)