+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 27
Wireless Networks Thread, VLAN Clarification Required in Technical; Hi All, I walked into my current position nearly 3 years ago and VLANs were already in place and as ...
  1. #1
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    VLAN Clarification Required

    Hi All,

    I walked into my current position nearly 3 years ago and VLANs were already in place and as things were working I did not bother looking at it.

    I am now going through a large renovation and expansion project which is resulting in putting in new switches with VLANS and things are not playing ball.

    I have done a fair bit of VLAN google'in and apreciate the fact the VALNS can be set up on Layer 2 /3 switches but as yet nowhere have I found a definative if you set a switch up like this then you will need to setup your other swicthes like that.

    Brief Background

    VLAN 1 - contains all the server and switches and as you can see the server swicth connects to the back

    VLAN 2 - All the admin PC that run SIMS

    VLAN 3 - All student PC's and other non admin PC's

    To this end I have put together a quick visio and would like the following questions answered if possible:

    1 - What is the correct way to setup the back bone connections bearing in mind that these need access to all 3 VLANS

    2 - What is the correct way to setup the VLAN2 and VLAN3 ports currently these ports are configured as UnTagged on all three VLANS <- I don't think this is right.

    3 - What is the correct setup for the server switch considering ALL network devices will need access to them.

    There will be more questions I am sure but I need to get the basics covered first....

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VLAN Clarification Required

    You might want to read the 'switch configuration' section of my VLAN HOWTO for Linux where I cover the basic concepts of VLANs and give a practical example.

    1 - What is the correct way to setup the back bone connections bearing in mind that these need access to all 3 VLANS
    Disable untagged packets. Enable tagging for all 3 VLANS.

    2 - What is the correct way to setup the VLAN2 and VLAN3 ports currently these ports are configured as UnTagged on all three VLANS <- I don't think this is right.
    First, you need to look at your switch configuration for each port and find out what it's been told to do with untagged data.

    3 - What is the correct setup for the server switch considering ALL network devices will need access to them.
    If you want to use VLANs to separate broadcast domains as per your diagram, you will need to use a router to route traffic between each network segment.

  3. #3
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    geoff,

    You might want to read the 'switch configuration' section of my VLAN HOWTO for Linux where I cover the basic concepts of VLANs and give a practical example.
    Thanks for this I will look into it now.

    Disable untagged packets. Enable tagging for all 3 VLANS.
    Ok ALL are set to untagged so this needs to be changed, i'll look into this as part of my plans.

    First, you need to look at your switch configuration for each port and find out what it's been told to do with untagged data.
    Each switch can have a number of dedicated admin (VLAN2) ports and curriculum ports (VLAN3). Looking at one switch in particular the VLAN2 port are set to have thier PVID = 2 and the VLAN3 ports are set to PVID = 3 and then the ports are simply set to untagged. The Backbone feed ports that link the switch to the backbone are set to tagged on all 3 VLANS with the primary VLAN ID set to 1

    If you want to use VLANs to separate broadcast domains as per your diagram, you will need to use a router to route traffic between each network segment.
    OK this is what I want to do as this will also allow me to control DHCP and ThinClients. Now the Layer 2 switches do not have an "IP-Helper" facility so what do you recommend as a router for this cause??

    Thanks for the help thus far :-)

  4. #4

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VLAN Clarification Required

    Ok ALL are set to untagged so this needs to be changed, i'll look into this as part of my plans.
    Yes, there's no reason to have untagged packets floating around on your uplinks. Hopefully the switch at other end is configured to throw them away. But you can't count on that. So you might end up with untagged packets ending up somewhere they shouldn't. eg, crossing VLANs. This can be especially amusing if it's DHCP.

    Each switch can have a number of dedicated admin (VLAN2) ports and curriculum ports (VLAN3). Looking at one switch in particular the VLAN2 port are set to have thier PVID = 2 and the VLAN3 ports are set to PVID = 3 and then the ports are simply set to untagged.
    Yes, that's sane.

    The Backbone feed ports that link the switch to the backbone are set to tagged on all 3 VLANS with the primary VLAN ID set to 1
    What I'd expect is the primary VLAN would be the least dangerous network. So for most of us that'd be the curriculum network.

    what do you recommend as a router
    Me, I'd just get an old box and stick Linux on it. If you don't fancy that option, there's lots of nice second hand Cisco kit on ebay.

  5. #5
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    Geoff,

    What I'd expect is the primary VLAN would be the least dangerous network. So for most of us that'd be the curriculum network.
    I agree but how does that affect the admin ports on that switch?? for example ports 1 - 12 are admin and set to PVID = 2 and all port are untagged, ports 13 - 24 are curriculum and set to PVID = 3 and all ports are untagged, if the BB feed is then set to PVID = 3 and set to tagged on each of the 3 VLANS what effect does this have on ports 1-12??

    Me, I'd just get an old box and stick Linux on it. If you don't fancy that option, there's lots of nice second hand Cisco kit on ebay.
    OK, i have a fair bit of old kit lying around what would need to be setup on linux for the routing and how many would I need, I currently has 10 Backbone switches and 40ish room switches all layer 2, with regards to the cisco kit got any models in mind??

  6. #6

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VLAN Clarification Required

    I agree but how does that affect the admin ports on that switch?? for example ports 1 - 12 are admin and set to PVID = 2 and all port are untagged, ports 13 - 24 are curriculum and set to PVID = 3 and all ports are untagged, if the BB feed is then set to PVID = 3 and set to tagged on each of the 3 VLANS what effect does this have on ports 1-12??
    None.

    OK, i have a fair bit of old kit lying around what would need to be setup on linux for the routing and how many would I need, I currently has 10 Backbone switches and 40ish room switches all layer 2, with regards to the cisco kit got any models in mind??
    Even a creaky old Pentium 2 can keep up with gigabit traffic. So nothing amazing.

    with regards to the cisco kit got any models in mind??
    Again, nothing amazing, a bare bones 2600 series router will the apropriate Ethernet module will be fine for example.

  7. #7
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    OK I seem to have a much clearer view of how this needs to be setup and will put together a plan for the end of term.

    With regards to the routers where would these need to be placed?? and how many would I need <- I suppose this wouild depend on where the placement would be, I guess ;-|

  8. #8

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VLAN Clarification Required

    One should be sufficient, where ever you 'core' network is.

  9. #9
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    OK will plan on getting a 2600 as these seem to be realtively cheap (approx £20 - £30).

    What configuration changes to exisiting network setup will need to be made in order for the routing to be done correctly, as you may gues VLANS and routing are not my strong points.

    Obvoiusly backbone switches will need to be told to forward all requests to the router and I guess this is changing the gateway IP to reflect the new router.

    I am not going to go into router configs here but will need to hit that at some point.....

  10. #10

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: VLAN Clarification Required

    You need to look at your IP subnets. Really, you want a 1 to 1 mapping of IP subnets over to VLANs. This'll make your routing easier. What IP range(s) have you got to play with?

    You will need to change your gateway IP on all networking devices to reflect the new router. Otherwise they will be unable to communicate outside their VLAN.

  11. #11
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    I am planning on putting in a new DHCP scope altogether.

    Currently running 192.168.49.x -> 192.168.51.x with 192.168.0.x thrown in on a 255.255.0.0 subnet.

    The plan is to setup a new super scope starting with 192.168.49.x on a 255.255.248.0 subnet giving 8 IP ranges with a total of 2048 addresses to play with.

    This will allow for IP ranges to be allocated to set rescources i.e. 1 range for ThinClient, 1 range for Admin PC's etc.

  12. #12
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: VLAN Clarification Required

    I had written a few paragraphs about cisco routers and the appropriate configurations etc. Then the site refused to post anything or do anything so it lost it *anger*

    Anyway...if you are going to get Cisco kit then the 2600 series is good. The 2610s are what i've got for doing testing on for CCNA. You can forward DHCP i believe, although i've never done it.

    Beware of the difference between ethernet and fastethernet when buying them from ebay and whether they're single or dual ports. Also whether they come with the IOS or any WICs.

  13. #13
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    @joedetic: I am currently looking at a 2610 with an IOS version of 12.3 which I beleive will handle in the inter VLAN routing that I need, I am awaiting a reply on the network interfaces and such so lets see what happens.

  14. #14
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    22

    Re: VLAN Clarification Required

    Are you familiar with configuring via the cisco IOS?

    You've reminded me to power mine up to get some practice seeing as i've not done it in a few weeks and resume my CCNA in september.

  15. #15
    ICTNUT's Avatar
    Join Date
    Jul 2005
    Location
    Hereford
    Posts
    1,419
    Thank Post
    196
    Thanked 249 Times in 122 Posts
    Rep Power
    62

    Re: VLAN Clarification Required

    Yes to a degree, I used to have a couple of ISDN 800's at home bundling my ISDN lines prior to broadband and have since upgrade those for the ADSL equivalents.

    Have not done any VLAN / DHCP routing but hey how can we learn if we don't play ;-)

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 17
    Last Post: 25th October 2007, 08:03 AM
  2. VLAN creation
    By localzuk in forum Wireless Networks
    Replies: 19
    Last Post: 1st October 2007, 10:29 AM
  3. How secure is a VLAN?
    By Ben_Stanton in forum Wireless Networks
    Replies: 5
    Last Post: 26th July 2007, 09:15 AM
  4. MAC based VLAN
    By NetworkGeezer in forum Wireless Networks
    Replies: 6
    Last Post: 2nd March 2007, 10:12 AM
  5. VLAN's And DHCP
    By barryfl in forum Wireless Networks
    Replies: 1
    Last Post: 7th December 2006, 11:08 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •