setting up vlans
something ive never done but suspect could be usefull.
Now what im going to try and do (and will someone tell me if its a. stupid or b. not possible) is separate areas of the network so say pc in the suite cant ping/talk to pc in another room on wifi etc but if possible i want to keep my existing ip range for the sake of argument 192.168.1.x-192.168.4.x and use the same router ip for internet traffic.
my initial plan (unless someone shoots me down lol) is for 4 vlans
1 management so all the switches, servers, the router etc are on this and visable to all vlans
2 suite just the pcs in the ict suite
3 class other random hard wired pcs
4 wifi as its all the wifi is through a managed controller this shouldnt be hard
Ideally i want the main server to dhcp them all (it is in this case 2008r1 single nic hp g5 ml350 but there is an r2 box in school its just a hp microserver acting as wds/mdt/backup box) and tbh i dont care what pc in what vlan gets what ip if they need to be split so be it. Hopefully wds/mdt can be made to work o all vlans but if i have to tag/untag ports to make it work its not a deal breaker
the rasoning is something in the system is slowing the network down i suspect something somewhere has a dodgy nic/cable etc but everytime i look its fine so im hoping splitting the network will at least allow me to have some control and narrow it down and also there is no reason why 90% of pcs need to know about anything other than the servers
switches are all recentish managed hps in pretty much default config with spanning tree and igmp turned on
obviously im not going to do this straight onto the schools network as they have spare switches i was going to borrow them andset up a small test network. Im just not entirely sure where to start so any pointers before i just dive in and try things are appreciated
How many machines do you have?
about 200 for round numbers
I would do as above but keep all machines on the same Vlan removing the suite won't make much difference - if anything use another for printers as they broadcast loads but depends on printer numbers
We have about 450 stations and we have VLans. Before the VLans were setup we had major traffic issues/slow network problems. After they were setup it was like we had a new network.
Wouldn't be without them now. :thumb:
thats what im trying to achieve lol
printers there are loads and most now are wireless sigh (aparantly staff cant walk to the copiers/shared printer locations so they all have their own and rather than mess round installing them locally i just added them to the server)
perhaps sepaating out the suite is overkill but its easy to test lol
Way I've just done it here is to set all the VLANS up in the range "next door" so to speak, so that the original range is still alive and I can manage the migration at my own pace. Servers and switches are staying in this original range (VLAN1) and workstations are moving out, where VLANs are split up by the cabinet they're cabled from as it provides a more or less geographical breakdown.
DHCP wise, you need a separate scope set up for each, and tell the routing switch where the DHCP server is and to act as a DHCP relay.
Default gateway will need to be the layer 3 switch at your core (which will then have the internet gateway as its gateway) otherwise workstations in your new VLAN won't be able to see servers in the original VLAN.
Although segmenting the network is a good idea, a 200 host network is quite small and therefore I wouldn't really expect there to be an issue with excess broadcasts.
Originally Posted by sted
Could you post up a diagram of your network, including the link speeds to all devices?
by cab is also doable but to a large extent would end up ks1 new build /ks2/suite ks1 old build
Originally Posted by sonofsanta
by layer 3 switch as default gateway i assume any switch capable of doing vlans is a layer 3 switch so i could use any switch that has a port open to the real router?
please excuse the crudity of the model its not done to scale
vlan 1 has ips of say 192.168.4.x gateway of 192.168.4.1 which is a switch in cab 2 which forwards to the real router
vlan 2 has ips of say 192.168.23.x gateway of 192.168.3.1 which is a switch in cab 2 which forwards to the real router
vlan 3 has ips of say 192.168.1/2.x gateway of 192.168.1.1 which is a switch in cab 2 which forwards to the real router
diagram as current roughly
3 cabs all gb linked
cab 1 in newbuild 24+2 10/100(+2xgb)fibre to cab3 has ks1 pcs and main server
cab 2 is in suite full gb 24 port switch and 24+2 switch linked to cab 3 pcs wifi controller and wds/mdt server.
cab 3 fibre from cab 1 1 24+2 port and 1 48 port with gb pcs and server 3 (legacy 2003 dc for ye olde software)
You can create VLANs on a L2 switch, but you need a L3 device to do the interVLAN routing -- preferably a L3 switch.
Originally Posted by sted
Its something I'm trying to do here; it's taken a while to get my head around it all but I'm almost there. Biggest stumbling block now is needing an additional 'box' to do NAT-ing for any additional VLANs we put in place. We're on a set range from SWGfL, so the VLANs won't be able to get out through the gateway. To implement it I want something quite robust and simple in place but not really decided on the best option just yet. (TMG, Smoothwall, etc) - Budget is an issue as well.
Initial driver for us was putting a new VOIP phone system in place, and this was put on a seperate VLAN to help prioritise traffic and seperate it from the main network, but the phone system can't get out through the gateway due to lack of NAT-ing locally. It's not an issue for this system, but I do want to start breaking up the network but at the same time Keep It Simple!
Why do you need an additional box to do NAT?
Originally Posted by FragglePete
How do your devices get onto the internet at the moment? Do you have an address range which is big enough for all of your devices? Are you allowed to use PAT?
If your switches are all Layer 3 devices then you can just do the routing at that point, give all the workstations a default gateway of that VLAN's interface IP. Those layer 3 switches would then have a default gateway of the next hop along to the core, or a static route, so it knows where to pass it along.
Originally Posted by sted
Given the size of your network you could go the easier way of just doing all VLAN work at the Layer 3 core, and just do the tagging/untagging at the cab switches, not as sound technically as it means more traffic over your uplinks (prob. not significant for you) but also less work when setting up.
VLANs won't necessarily solve your problem, you are seeing the effects of a problem, ie network slowdown, without finding the cause of the problem. May I suggest before you do anything you invest some time with Wireshark and figure out what is causing the problem. Shout on here if you need help analysing:)