+ Post New Thread
Results 1 to 3 of 3
Wireless Networks Thread, Should i vlan our network in Technical; Ok, we currently have a flat network. The IP range is from xxx.xxx.24.x to xxx.xxx.31.x. Everything is working fine but ...
  1. #1
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,991
    Thank Post
    287
    Thanked 282 Times in 196 Posts
    Rep Power
    118

    Should i vlan our network

    Ok, we currently have a flat network. The IP range is from xxx.xxx.24.x to xxx.xxx.31.x. Everything is working fine but we seem to think that when all the machines (about 400) are used the network traffic is too high even though the speeds of the network seems ok.

    We currently have 2x 7mb load balanced lines into school and even when the majority of the machines are on but not in use we seem to see the internet connection lose about 4mb and looking at the graphs there is hardly any traffic been used on the net. After plenty of speed tests we have seen the ping is about 58ms (this gives about 14mb) when the machines are not in use but turned on. When a few of the machines are in use (im talking about 30), we have seen the ping rise to about 156ms and like i said, the machines aren't using the internet connection but when the lessons are in full swing the ping can rise to about 200ms again, only about 4mb is going out to the net but during a speed test we only get about 2mb.

    Would VLANing the network sort this out or is the problem related somewhere else on the network?

    Also, when is the best time to create VLANs. Obviously someone with about 30 machines isn't going to vlan a network

    At the moment, we dont give out our default gateway on our dhcp server, so if anyone does plug something into the network, yes they get an IP address but they cannot get out to the internet so they either have to add the machine to the network or use proxy authentication which i am happy about but after a lot of playing with VLANs i have found that our current setup will not work in a VLAN environment as you have to provide the clients with the gateway address to talk to the rest of the network and hence if someone plugs something in to the network they can get past the proxy. Is there a way round this so either they have to authenticate against the proxy or add the machine to the domain?
    Last edited by timbo343; 31st March 2011 at 10:08 PM.

  2. #2

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,622
    Thank Post
    49
    Thanked 451 Times in 334 Posts
    Rep Power
    137
    If you break your LAN up into VLANs you will need to route between them so everything can see each other.
    This would normally be handled by a Layer3 device (normally a switch) at your core.
    This becomes the default gateway on all segments.
    The route to your Internet gateway device need still only be known to those devices that need it.

    Your problem stems from the fact that your Internet gateway exists on the same broadcast domain as all of your nodes.

    A broadcast packet is sent to all ports in the collision domain, when one is sent all traffic has to stop and look at it so your servers and ISP routers LAN port all stop what they were doing to check out the broadcast...

    With 400 nodes in the broadcast domain the potential for unwanted broadcast traffic is huge.

    The amount of time your Internet Routers LAN port is inaccessible because it is checking out the broadcast packets contents will be proportional.

    If 30% of all packets were Broadcasts your external connection would effectively be unavailable for 30% of the time not because you are using the bandwidth but because you just can't reach it to send it!
    Your traffic graph will show nothing because nothing can talk until the broadcast has ended.

    By adding vlans, broadcasts do not extend across subnets so a broadcast on your wifi network say 10.0.30.xx would not interfere with the router on the primary or data LAN allowing more packets to escape from other segments.

    So the answer is yes, VLanning can and will if done correctly improve your Internet connection speeds.
    Ideally have your Internet gateway, Proxy and DNS servers all connected to the same core switch...

  3. #3
    timbo343's Avatar
    Join Date
    Dec 2005
    Location
    Leeds/York area, North Yorkshire
    Posts
    2,991
    Thank Post
    287
    Thanked 282 Times in 196 Posts
    Rep Power
    118
    Thanks for the reply.

    We seemed to have sorted something out for now while websense is running...

    We have altered the routers config so that anything that is not going through the ISA server is blocked so that only people who use the proxy server can get out to the net. This was really the only way round it.... for now.

SHARE:
+ Post New Thread

Similar Threads

  1. VLAN Help!
    By edsa in forum Wireless Networks
    Replies: 2
    Last Post: 17th September 2010, 07:02 AM
  2. VLAN Help
    By jayemm in forum Wireless Networks
    Replies: 4
    Last Post: 19th November 2009, 05:01 PM
  3. Wireless authentication for non-owned laptops VLAN/network
    By amfony in forum Wireless Networks
    Replies: 4
    Last Post: 29th January 2009, 08:46 AM
  4. To Vlan or not Vlan?
    By Theblacksheep in forum Wireless Networks
    Replies: 33
    Last Post: 19th August 2008, 03:22 PM
  5. Multiple VLAN setup on network
    By Rattler in forum Wireless Networks
    Replies: 9
    Last Post: 30th November 2007, 11:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •