+ Post New Thread
Results 1 to 15 of 15
Wireless Networks Thread, VLANs? in Technical; I'm toying with the idea of splitting my network into VLANS to cut back on the traffic. Basically we have ...
  1. #1

    Join Date
    Mar 2007
    Posts
    421
    Thank Post
    14
    Thanked 16 Times in 10 Posts
    Rep Power
    18

    VLANs?

    I'm toying with the idea of splitting my network into VLANS to cut back on the traffic.

    Basically we have a central cabinet, with all other cabinets meeting in that cabinet in a fibre/gigabit switch (netgear L3) using fibre cabling. The servers are on another switch, which feeds into that fibre switch using one port.

    Am I right in saying that I can just configure the main fibre switch ports to assign them to different VLANs? As this is the central point of all cabling this is where the geographical split would be.

    I.e Port 1 is the 'south wing' cabinet, does sticking port 1 into its own VLAN effectively put all traffic from that port (and therefore all ports in the south wing cabinet) seperate it from the others? (I would want the various cabinets to communicate with the servers, but not necessarily with each other)

    Am I over-simplifying this? Never really used VLANS before as networks I've managed have always stayed at under 500 PCs!

  2. #2
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    I have just split our network into 6 VLANS comprising of 42 L2 Switches and 2 L3 Routing Switches.

    I would spend a little time planning your VLAN setup and try to anticipate some growth and build that in also.

    To implament VLANS you would need to consider the following:

    • DHCP Scope assignment for each VLAN (i.e. number of hosts required - think about growth here)
    • Number of VLANs required
    • Hardware - Are all switches VLAN capable at least the core ones
    • Routing - Have you a Layer 3 router or switch that can handle the amount of routing requests. Routing Switches are better as they route at processor level wgile routers tend to be at software level
    • Depending on the size of your network it could take time to implement, it has taken me 4 weeks to get it setup and I am still making cinfig changes as some bits have been missed not to mention the 4 months of planning before that.
    • Make sure you have a good network map so you know where everything is and what need to be in which VLAN


    Your Core switch (Netgear L3) will need to uplink to your other switches (uplinks are generally untagged on the native vlan, normally vlan 1, and tagged on all other valns) this means that your uplink switches will have to be at least a managed layer 2 switch with 802.1q (VLAN) ability.

    The uplinked switches would also have the uplink port tagged in the same way as the port on the main switch. The rule is if you are linking to anything other then a switch the port is assigned to the apropriate VLAN otherwise they are uplinks and are trunked/tagged depending on the type of switch you use.

  3. #3

    Join Date
    Mar 2007
    Posts
    421
    Thank Post
    14
    Thanked 16 Times in 10 Posts
    Rep Power
    18
    Thanks for that - it will take some planning I guess.

    The core switch is L3 and the downstream cabinet switches are generally L2 stacking units so in theory I'm ready to go!

  4. #4
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,101
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Implementing a VLAN is something I have looked into myself, but never had the time to consider it seriously. We only have L2 switches though (fully managed HP ones), but not L3. Would we be in any position to do this?

    Sorry for the hijack by the way

  5. #5
    Face-Man's Avatar
    Join Date
    Dec 2005
    Location
    London
    Posts
    577
    Thank Post
    11
    Thanked 58 Times in 40 Posts
    Rep Power
    70
    I assume your HP switchs are procuve managed ones in which case they handle Vlans very well. However my recomendation for VLans is plan a test enviroment, document your plan, implement your test enviroment and then plan some more and then go live if you get Vlans wrong it very difficult to explain why you changed what was a working network into one that doesn't (I speak from bitter experiance)

  6. #6
    rrichmond's Avatar
    Join Date
    Jul 2007
    Location
    Brisbane
    Posts
    108
    Thank Post
    3
    Thanked 7 Times in 7 Posts
    Rep Power
    16
    We have 8 different VLANS at our school. Mainly to increase the security. A student machine can never access a teacher machines, which can never access a laptop machine ...etc...etc..

    We use the HP Procurve range of switches, which allows you to create your network this way, and then divide the ports up to the different vlans as required, whilst leaving the unused ones not connected. So the answer it that you do not need to make port 1 student vlan, and port 2 teacher vlan etc... that would casue to many problems when you get to the switch and need to have a teacher machine on a switch that only has access to the student vlan.

    In procurve, you simply select the vlan, and thats about it!

    It works well, but as they have suggested, I think its best to learn about it first. There are training sessions one can attend on Procurve, which will really assist with this.

  7. #7

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,342
    Thank Post
    367
    Thanked 624 Times in 509 Posts
    Rep Power
    156
    I've been looking at (ages ago) using Radius to define the VLAN, so if admin laptop plugs or connects to the wireless, they will connect to the admin network. Where as a curr laptop would go on the curr VLAN and anyone not know would be on the guess VLAN, which would have limited or no internet access, so you could allow them to see your lovely intranet

    The idea would be you have a special VLAN for building machines, once installed they would join the Windows domain and join the admin\curr domain and the VLAN. You COULD if you was reallly good, setup openRadius using a MySQL database which you would then setup a web interface or such where you would put in the MAC addresses of each computer and what VLAN they are attached to. I would then ideally, like to link this into a database which you've created that has all the machine info aka your support program.

    It's a bit more complex, but it's nice to see the kids faces when they connect up to your Guest VLAN and they think they've bet your security and all they see is your Intranet despite what URL they put in

  8. #8
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    @DaveSmith: You would still need a Layer 3 switch/router in order to route the traffice between the VLANs

  9. #9

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,342
    Thank Post
    367
    Thanked 624 Times in 509 Posts
    Rep Power
    156
    Most secondary schools have Cisco 2611 (two ethernet ports, 2610 has 1)

    I've seen a few using it to route the VLANs, I believe the Cisco 2600 series has been replaced with Cisco 2800 series, which can have gigabit. However the Cisco 2600 series is either 10mb (unlike in a school) or 100mb, so you have to take this into account.

    That's why you really want a "core" switch which is layer3. This way your "routed" data traffic isn't limited to a total of 100mb\1gb rather then if you use layer 3 switch, which is really limited to the amount of ports, I think the Cisco 3750 (top end switch) is limited to about 37GBps

  10. #10
    dgsmith's Avatar
    Join Date
    Nov 2007
    Location
    Merseyside, England
    Posts
    1,101
    Thank Post
    118
    Thanked 90 Times in 78 Posts
    Rep Power
    36
    Quote Originally Posted by ICTNUT View Post
    @DaveSmith: You would still need a Layer 3 switch/router in order to route the traffice between the VLANs
    That is what I thought. The switches we have bought have all just been layer2, as we didn't see any reason for spending extra on layer3, but of course, it means we can't fully make use of the technology out there.

    Does the layer3 switch necessarily have to be the core, or can be it hung off the core?

  11. #11
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62
    @Matt40K: If schools are like those in my LEA the yes they do have Cisco's provided by the LEA to act as perimiter switches to the LEA network but the schools do not have control of these.

    @DaveSmith: I would say yes as this will provide all the routing and possibly DHCP you want it to be as central as possible but then this does depend on the size of your network.

    Best practices dictate that it SHOULD be the core with all else coming of it.

  12. #12

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,342
    Thank Post
    367
    Thanked 624 Times in 509 Posts
    Rep Power
    156
    Perhaps I should have said if it's managed, you would be required to contact them to ask nicely if they could set up VLAN routing. It's unlike as LEA's don't have control of them, the ISP does (NTL normally).

    Still if your messing around with network switches and VLANs it again depends on the network setup. Cambridgeshire provide all\most schools with switches, which they control. Suffolk is pretty much do as you want minus the routers. Not sure about the rest of the UK, I'm sure ICTNUT could shed some light on some others.

    That reminds me, we had a school that was on ADSL where they had replaced the Cisco router with a v.cheap Netgear one.... was rather shocked to hear this. The school said there 3rd party ICT Support people said they need it as the other one was old and out of date and the new one was better!

  13. #13

    Join Date
    Oct 2005
    Location
    East Midlands
    Posts
    737
    Thank Post
    17
    Thanked 105 Times in 65 Posts
    Rep Power
    36
    Quote Originally Posted by matt40k View Post
    Perhaps I should have said if it's managed, you would be required to contact them to ask nicely if they could set up VLAN routing. It's unlike as LEA's don't have control of them, the ISP does (NTL normally).

    Still if your messing around with network switches and VLANs it again depends on the network setup. Cambridgeshire provide all\most schools with switches, which they control. Suffolk is pretty much do as you want minus the routers. Not sure about the rest of the UK, I'm sure ICTNUT could shed some light on some others.

    That reminds me, we had a school that was on ADSL where they had replaced the Cisco router with a v.cheap Netgear one.... was rather shocked to hear this. The school said there 3rd party ICT Support people said they need it as the other one was old and out of date and the new one was better!
    Even if the schools have access to the routers, its hardly an ideal candidate to route the vlans on that router. A Layer 3 is better than a router as this performs the routing at the ASIC (hw) level rather than software which is slower and it definately be slower on 2600 or 2800 series. On cisco you ideally want a 3550, 3560 or 3750 or the higher end of 4500 0r 6500 switches to do this as these are all L3 ready.

    Ash.

  14. #14

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    10,991
    Thank Post
    851
    Thanked 2,653 Times in 2,253 Posts
    Blog Entries
    9
    Rep Power
    764
    Quote Originally Posted by DaveSmith View Post
    That is what I thought. The switches we have bought have all just been layer2, as we didn't see any reason for spending extra on layer3, but of course, it means we can't fully make use of the technology out there.

    Does the layer3 switch necessarily have to be the core, or can be it hung off the core?
    You can have it setup this way, in cisco this is called router on a stick configuration. It is mostly used when you have a router with limited or even one port and not much traffic between VLANs. The idea it to trunk all of the VLANs into a single port which goes to the router, the router is setup with multiple subinterfaces, one for each VLAN which is the default gateway. Routing can then be setup on the router between all of the VLAN networks. The problem with this is that it is slow and all VLANS end up shareing your router link when traversing VLANS.

    Layer 3 switching is the best answer as any traffic is only routed once, when the path is figured out the switch will simply bridge the traffic at layer 2 because it already knows where the packets are headed. It is orders of magnitude faster than routing as it is a much simpler operation that does not involve reading through the packet headers.

  15. #15

    matt40k's Avatar
    Join Date
    Jun 2008
    Location
    Ipswich
    Posts
    4,342
    Thank Post
    367
    Thanked 624 Times in 509 Posts
    Rep Power
    156
    Quote Originally Posted by ashok View Post
    Even if the schools have access to the routers, its hardly an ideal candidate to route the vlans on that router. A Layer 3 is better than a router as this performs the routing at the ASIC (hw) level rather than software which is slower and it definately be slower on 2600 or 2800 series. On cisco you ideally want a 3550, 3560 or 3750 or the higher end of 4500 0r 6500 switches to do this as these are all L3 ready.

    Ash.

    All ready said you ideally want a layer switch rather then using your router.
    However if you can't afford a new "core" switch (3750 is about 2k+) and your small, like a primary school, using the router might be a better choice.

SHARE:
+ Post New Thread

Similar Threads

  1. Vlans
    By Sunderwood in forum Wireless Networks
    Replies: 6
    Last Post: 30th August 2008, 03:13 PM
  2. Help with VLANs
    By robbie-w in forum Wireless Networks
    Replies: 20
    Last Post: 17th April 2008, 02:15 PM
  3. Vlans
    By strawberry in forum Wireless Networks
    Replies: 2
    Last Post: 4th October 2007, 02:09 PM
  4. VLANs/ Subnets help
    By Ste_Harve in forum Wireless Networks
    Replies: 19
    Last Post: 25th June 2007, 12:42 PM
  5. Question about VLans.............help?
    By Kyle in forum Windows
    Replies: 11
    Last Post: 6th November 2006, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •