Wireless Networks Thread, VLANs? in Technical; I'm toying with the idea of splitting my network into VLANS to cut back on the traffic.
Basically we have ...
13th August 2008, 09:19 PM #1
- Rep Power
I'm toying with the idea of splitting my network into VLANS to cut back on the traffic.
Basically we have a central cabinet, with all other cabinets meeting in that cabinet in a fibre/gigabit switch (netgear L3) using fibre cabling. The servers are on another switch, which feeds into that fibre switch using one port.
Am I right in saying that I can just configure the main fibre switch ports to assign them to different VLANs? As this is the central point of all cabling this is where the geographical split would be.
I.e Port 1 is the 'south wing' cabinet, does sticking port 1 into its own VLAN effectively put all traffic from that port (and therefore all ports in the south wing cabinet) seperate it from the others? (I would want the various cabinets to communicate with the servers, but not necessarily with each other)
Am I over-simplifying this? Never really used VLANS before as networks I've managed have always stayed at under 500 PCs!
14th August 2008, 08:31 AM #2
I have just split our network into 6 VLANS comprising of 42 L2 Switches and 2 L3 Routing Switches.
I would spend a little time planning your VLAN setup and try to anticipate some growth and build that in also.
To implament VLANS you would need to consider the following:
- DHCP Scope assignment for each VLAN (i.e. number of hosts required - think about growth here)
- Number of VLANs required
- Hardware - Are all switches VLAN capable at least the core ones
- Routing - Have you a Layer 3 router or switch that can handle the amount of routing requests. Routing Switches are better as they route at processor level wgile routers tend to be at software level
- Depending on the size of your network it could take time to implement, it has taken me 4 weeks to get it setup and I am still making cinfig changes as some bits have been missed not to mention the 4 months of planning before that.
- Make sure you have a good network map so you know where everything is and what need to be in which VLAN
Your Core switch (Netgear L3) will need to uplink to your other switches (uplinks are generally untagged on the native vlan, normally vlan 1, and tagged on all other valns) this means that your uplink switches will have to be at least a managed layer 2 switch with 802.1q (VLAN) ability.
The uplinked switches would also have the uplink port tagged in the same way as the port on the main switch. The rule is if you are linking to anything other then a switch the port is assigned to the apropriate VLAN otherwise they are uplinks and are trunked/tagged depending on the type of switch you use.
14th August 2008, 12:28 PM #3
- Rep Power
Thanks for that - it will take some planning I guess.
The core switch is L3 and the downstream cabinet switches are generally L2 stacking units so in theory I'm ready to go!
14th August 2008, 01:35 PM #4
Implementing a VLAN is something I have looked into myself, but never had the time to consider it seriously. We only have L2 switches though (fully managed HP ones), but not L3. Would we be in any position to do this?
Sorry for the hijack by the way
14th August 2008, 02:24 PM #5
I assume your HP switchs are procuve managed ones in which case they handle Vlans very well. However my recomendation for VLans is plan a test enviroment, document your plan, implement your test enviroment and then plan some more and then go live if you get Vlans wrong it very difficult to explain why you changed what was a working network into one that doesn't (I speak from bitter experiance)
14th August 2008, 02:24 PM #6
We have 8 different VLANS at our school. Mainly to increase the security. A student machine can never access a teacher machines, which can never access a laptop machine ...etc...etc..
We use the HP Procurve range of switches, which allows you to create your network this way, and then divide the ports up to the different vlans as required, whilst leaving the unused ones not connected. So the answer it that you do not need to make port 1 student vlan, and port 2 teacher vlan etc... that would casue to many problems when you get to the switch and need to have a teacher machine on a switch that only has access to the student vlan.
In procurve, you simply select the vlan, and thats about it!
It works well, but as they have suggested, I think its best to learn about it first. There are training sessions one can attend on Procurve, which will really assist with this.
14th August 2008, 03:16 PM #7
I've been looking at (ages ago) using Radius to define the VLAN, so if admin laptop plugs or connects to the wireless, they will connect to the admin network. Where as a curr laptop would go on the curr VLAN and anyone not know would be on the guess VLAN, which would have limited or no internet access, so you could allow them to see your lovely intranet
The idea would be you have a special VLAN for building machines, once installed they would join the Windows domain and join the admin\curr domain and the VLAN. You COULD if you was reallly good, setup openRadius using a MySQL database which you would then setup a web interface or such where you would put in the MAC addresses of each computer and what VLAN they are attached to. I would then ideally, like to link this into a database which you've created that has all the machine info aka your support program.
It's a bit more complex, but it's nice to see the kids faces when they connect up to your Guest VLAN and they think they've bet your security and all they see is your Intranet despite what URL they put in
19th August 2008, 12:37 PM #8
@DaveSmith: You would still need a Layer 3 switch/router in order to route the traffice between the VLANs
19th August 2008, 12:49 PM #9
Most secondary schools have Cisco 2611 (two ethernet ports, 2610 has 1)
I've seen a few using it to route the VLANs, I believe the Cisco 2600 series has been replaced with Cisco 2800 series, which can have gigabit. However the Cisco 2600 series is either 10mb (unlike in a school) or 100mb, so you have to take this into account.
That's why you really want a "core" switch which is layer3. This way your "routed" data traffic isn't limited to a total of 100mb\1gb rather then if you use layer 3 switch, which is really limited to the amount of ports, I think the Cisco 3750 (top end switch) is limited to about 37GBps
19th August 2008, 01:24 PM #10
That is what I thought. The switches we have bought have all just been layer2, as we didn't see any reason for spending extra on layer3, but of course, it means we can't fully make use of the technology out there.
Originally Posted by ICTNUT
Does the layer3 switch necessarily have to be the core, or can be it hung off the core?
19th August 2008, 02:05 PM #11
@Matt40K: If schools are like those in my LEA the yes they do have Cisco's provided by the LEA to act as perimiter switches to the LEA network but the schools do not have control of these.
@DaveSmith: I would say yes as this will provide all the routing and possibly DHCP you want it to be as central as possible but then this does depend on the size of your network.
Best practices dictate that it SHOULD be the core with all else coming of it.
19th August 2008, 02:30 PM #12
Perhaps I should have said if it's managed, you would be required to contact them to ask nicely if they could set up VLAN routing. It's unlike as LEA's don't have control of them, the ISP does (NTL normally).
Still if your messing around with network switches and VLANs it again depends on the network setup. Cambridgeshire provide all\most schools with switches, which they control. Suffolk is pretty much do as you want minus the routers. Not sure about the rest of the UK, I'm sure ICTNUT could shed some light on some others.
That reminds me, we had a school that was on ADSL where they had replaced the Cisco router with a v.cheap Netgear one.... was rather shocked to hear this. The school said there 3rd party ICT Support people said they need it as the other one was old and out of date and the new one was better!
19th August 2008, 05:22 PM #13
Even if the schools have access to the routers, its hardly an ideal candidate to route the vlans on that router. A Layer 3 is better than a router as this performs the routing at the ASIC (hw) level rather than software which is slower and it definately be slower on 2600 or 2800 series. On cisco you ideally want a 3550, 3560 or 3750 or the higher end of 4500 0r 6500 switches to do this as these are all L3 ready.
Originally Posted by matt40k
19th August 2008, 05:54 PM #14
You can have it setup this way, in cisco this is called router on a stick configuration. It is mostly used when you have a router with limited or even one port and not much traffic between VLANs. The idea it to trunk all of the VLANs into a single port which goes to the router, the router is setup with multiple subinterfaces, one for each VLAN which is the default gateway. Routing can then be setup on the router between all of the VLAN networks. The problem with this is that it is slow and all VLANS end up shareing your router link when traversing VLANS.
Originally Posted by DaveSmith
Layer 3 switching is the best answer as any traffic is only routed once, when the path is figured out the switch will simply bridge the traffic at layer 2 because it already knows where the packets are headed. It is orders of magnitude faster than routing as it is a much simpler operation that does not involve reading through the packet headers.
19th August 2008, 07:41 PM #15
Originally Posted by ashok
All ready said you ideally want a layer switch rather then using your router.
However if you can't afford a new "core" switch (3750 is about £2k+) and your small, like a primary school, using the router might be a better choice.
By Sunderwood in forum Wireless Networks
Last Post: 30th August 2008, 03:13 PM
By robbie-w in forum Wireless Networks
Last Post: 17th April 2008, 02:15 PM
By strawberry in forum Wireless Networks
Last Post: 4th October 2007, 02:09 PM
By Ste_Harve in forum Wireless Networks
Last Post: 25th June 2007, 12:42 PM
Last Post: 6th November 2006, 12:48 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)