+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 30
Wired Networks Thread, setting up vlans in Technical; something ive never done but suspect could be usefull. Now what im going to try and do (and will someone ...
  1. #1


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296

    setting up vlans

    something ive never done but suspect could be usefull.

    Now what im going to try and do (and will someone tell me if its a. stupid or b. not possible) is separate areas of the network so say pc in the suite cant ping/talk to pc in another room on wifi etc but if possible i want to keep my existing ip range for the sake of argument 192.168.1.x-192.168.4.x and use the same router ip for internet traffic.

    my initial plan (unless someone shoots me down lol) is for 4 vlans
    1 management so all the switches, servers, the router etc are on this and visable to all vlans
    2 suite just the pcs in the ict suite
    3 class other random hard wired pcs
    4 wifi as its all the wifi is through a managed controller this shouldnt be hard

    Ideally i want the main server to dhcp them all (it is in this case 2008r1 single nic hp g5 ml350 but there is an r2 box in school its just a hp microserver acting as wds/mdt/backup box) and tbh i dont care what pc in what vlan gets what ip if they need to be split so be it. Hopefully wds/mdt can be made to work o all vlans but if i have to tag/untag ports to make it work its not a deal breaker

    the rasoning is something in the system is slowing the network down i suspect something somewhere has a dodgy nic/cable etc but everytime i look its fine so im hoping splitting the network will at least allow me to have some control and narrow it down and also there is no reason why 90% of pcs need to know about anything other than the servers

    switches are all recentish managed hps in pretty much default config with spanning tree and igmp turned on

    obviously im not going to do this straight onto the schools network as they have spare switches i was going to borrow them andset up a small test network. Im just not entirely sure where to start so any pointers before i just dive in and try things are appreciated

  2. #2

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    How many machines do you have?

  3. #3


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    about 200 for round numbers

  4. #4

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,808
    Thank Post
    272
    Thanked 1,135 Times in 1,031 Posts
    Rep Power
    349
    I would do as above but keep all machines on the same Vlan removing the suite won't make much difference - if anything use another for printers as they broadcast loads but depends on printer numbers

  5. #5

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,907
    Thank Post
    351
    Thanked 1,291 Times in 882 Posts
    Blog Entries
    4
    Rep Power
    1129
    We have about 450 stations and we have VLans. Before the VLans were setup we had major traffic issues/slow network problems. After they were setup it was like we had a new network.

    Wouldn't be without them now.

  6. Thanks to DaveP from:

    sted (1st May 2012)

  7. #6


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    thats what im trying to achieve lol

    printers there are loads and most now are wireless sigh (aparantly staff cant walk to the copiers/shared printer locations so they all have their own and rather than mess round installing them locally i just added them to the server)

    perhaps sepaating out the suite is overkill but its easy to test lol

  8. #7

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,954
    Thank Post
    862
    Thanked 1,444 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    617
    Way I've just done it here is to set all the VLANS up in the range "next door" so to speak, so that the original range is still alive and I can manage the migration at my own pace. Servers and switches are staying in this original range (VLAN1) and workstations are moving out, where VLANs are split up by the cabinet they're cabled from as it provides a more or less geographical breakdown.

    DHCP wise, you need a separate scope set up for each, and tell the routing switch where the DHCP server is and to act as a DHCP relay.

    Default gateway will need to be the layer 3 switch at your core (which will then have the internet gateway as its gateway) otherwise workstations in your new VLAN won't be able to see servers in the original VLAN.

  9. #8

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by sted View Post
    something ive never done but suspect could be usefull.
    the rasoning is something in the system is slowing the network down i suspect something somewhere has a dodgy nic/cable etc but everytime i look its fine so im hoping splitting the network will at least allow me to have some control and narrow it down and also there is no reason why 90% of pcs need to know about anything other than the servers

    switches are all recentish managed hps in pretty much default config with spanning tree and igmp turned on
    Although segmenting the network is a good idea, a 200 host network is quite small and therefore I wouldn't really expect there to be an issue with excess broadcasts.

    Could you post up a diagram of your network, including the link speeds to all devices?

  10. #9


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    Quote Originally Posted by sonofsanta View Post
    Way I've just done it here is to set all the VLANS up in the range "next door" so to speak, so that the original range is still alive and I can manage the migration at my own pace. Servers and switches are staying in this original range (VLAN1) and workstations are moving out, where VLANs are split up by the cabinet they're cabled from as it provides a more or less geographical breakdown.

    DHCP wise, you need a separate scope set up for each, and tell the routing switch where the DHCP server is and to act as a DHCP relay.

    Default gateway will need to be the layer 3 switch at your core (which will then have the internet gateway as its gateway) otherwise workstations in your new VLAN won't be able to see servers in the original VLAN.
    by cab is also doable but to a large extent would end up ks1 new build /ks2/suite ks1 old build

    by layer 3 switch as default gateway i assume any switch capable of doing vlans is a layer 3 switch so i could use any switch that has a port open to the real router?

    please excuse the crudity of the model its not done to scale

    vlan1.jpg

    so
    vlan 1 has ips of say 192.168.4.x gateway of 192.168.4.1 which is a switch in cab 2 which forwards to the real router
    vlan 2 has ips of say 192.168.23.x gateway of 192.168.3.1 which is a switch in cab 2 which forwards to the real router
    vlan 3 has ips of say 192.168.1/2.x gateway of 192.168.1.1 which is a switch in cab 2 which forwards to the real router

  11. #10


    Join Date
    Mar 2009
    Location
    Leeds
    Posts
    6,591
    Thank Post
    228
    Thanked 856 Times in 735 Posts
    Rep Power
    296
    diagram as current roughly
    3 cabs all gb linked
    cab 1 in newbuild 24+2 10/100(+2xgb)fibre to cab3 has ks1 pcs and main server
    cab 2 is in suite full gb 24 port switch and 24+2 switch linked to cab 3 pcs wifi controller and wds/mdt server.
    cab 3 fibre from cab 1 1 24+2 port and 1 48 port with gb pcs and server 3 (legacy 2003 dc for ye olde software)

  12. #11

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by sted View Post
    by layer 3 switch as default gateway i assume any switch capable of doing vlans is a layer 3 switch so i could use any switch that has a port open to the real router?
    r
    You can create VLANs on a L2 switch, but you need a L3 device to do the interVLAN routing -- preferably a L3 switch.

  13. #12

    Join Date
    Feb 2008
    Location
    Wiltshire
    Posts
    884
    Thank Post
    277
    Thanked 139 Times in 112 Posts
    Blog Entries
    27
    Rep Power
    42
    Its something I'm trying to do here; it's taken a while to get my head around it all but I'm almost there. Biggest stumbling block now is needing an additional 'box' to do NAT-ing for any additional VLANs we put in place. We're on a set range from SWGfL, so the VLANs won't be able to get out through the gateway. To implement it I want something quite robust and simple in place but not really decided on the best option just yet. (TMG, Smoothwall, etc) - Budget is an issue as well.

    Initial driver for us was putting a new VOIP phone system in place, and this was put on a seperate VLAN to help prioritise traffic and seperate it from the main network, but the phone system can't get out through the gateway due to lack of NAT-ing locally. It's not an issue for this system, but I do want to start breaking up the network but at the same time Keep It Simple!

    Pete

  14. #13

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by FragglePete View Post
    Its something I'm trying to do here; it's taken a while to get my head around it all but I'm almost there. Biggest stumbling block now is needing an additional 'box' to do NAT-ing for any additional VLANs we put in place. We're on a set range from SWGfL, so the VLANs won't be able to get out through the gateway. To implement it I want something quite robust and simple in place but not really decided on the best option just yet. (TMG, Smoothwall, etc) - Budget is an issue as well.
    Pete
    Why do you need an additional box to do NAT?

    How do your devices get onto the internet at the moment? Do you have an address range which is big enough for all of your devices? Are you allowed to use PAT?

  15. #14

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,954
    Thank Post
    862
    Thanked 1,444 Times in 991 Posts
    Blog Entries
    47
    Rep Power
    617
    Quote Originally Posted by sted View Post
    by layer 3 switch as default gateway i assume any switch capable of doing vlans is a layer 3 switch so i could use any switch that has a port open to the real router?
    If your switches are all Layer 3 devices then you can just do the routing at that point, give all the workstations a default gateway of that VLAN's interface IP. Those layer 3 switches would then have a default gateway of the next hop along to the core, or a static route, so it knows where to pass it along.

    Given the size of your network you could go the easier way of just doing all VLAN work at the Layer 3 core, and just do the tagging/untagging at the cab switches, not as sound technically as it means more traffic over your uplinks (prob. not significant for you) but also less work when setting up.

  16. #15

    teejay's Avatar
    Join Date
    Apr 2008
    Posts
    3,176
    Thank Post
    284
    Thanked 773 Times in 583 Posts
    Rep Power
    335
    VLANs won't necessarily solve your problem, you are seeing the effects of a problem, ie network slowdown, without finding the cause of the problem. May I suggest before you do anything you invest some time with Wireshark and figure out what is causing the problem. Shout on here if you need help analysing

  17. Thanks to teejay from:

    Mehmet (1st May 2012)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Setting up a VLAN
    By iSteve in forum Wireless Networks
    Replies: 9
    Last Post: 1st July 2014, 04:02 PM
  2. setting up vlans
    By sted in forum Wired Networks
    Replies: 6
    Last Post: 25th April 2012, 10:03 AM
  3. Setting up home wireless network with MAC and PC..?
    By tosca925 in forum General Chat
    Replies: 6
    Last Post: 21st November 2011, 04:39 PM
  4. Setting up VLANS
    By mattpant in forum Wireless Networks
    Replies: 14
    Last Post: 22nd February 2011, 09:16 AM
  5. Setting up NAT using IPTABLES
    By ChrisH in forum *nix
    Replies: 23
    Last Post: 9th November 2005, 01:54 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •