What type of Network....
Are people running ? -
Where I work we are running a core network of 3760 Cisco Switches with access 2950 switches around the buildings and we run a small wireless setup for building over the road which we use a Cisco Aironet 1200, we have a couple of old SMC unmanaged switches which we use for testing.
All cabling is Gigabit Cat5, all the core switches are trunked and have redundancy and we have VLANS running for Students, Clients, Staff and Admin.
It's a vanilla network, server 2003 as DC.
We are a secondary school with about 500 PC's and 150 laptops.
We have a similar amount of machines but have never explored the use of VLANS, we have one flat physical network. To me security can be accomplished especially in a school via permissions to resources. All my switches are capable of vlans and have recently merged the admin and curriculum network on to the same physical network but don't really see why I should use a vlan. I can understand in a business environment where you say have a group of different companies sharing the same physical network you would want to implement a vlan infrastructure for security reasons.
Currently have a Cisco 3560 as a core on one site and a Cisco small business 540 gigabit switch on the other, the rest of the switches are Allied Telesyn(brought before I started). Currenlty have 2 VLANS used to join two recently joined networks on separate sites(via Gbit FSO/radio backup).
Currently have towards 150 machines spread accross 2 sites.
VLAN's are useful for segmenting broadcast domains/generally splitting networks up. Typical VLAN setups are per floor VLAN's or per department vlans.
But why would staff and pupils in a school need to be on different networks. I could understand the admin/accounting office perhaps being on a different network as we had before.
Generally you wouldn't but once you have 600+ pc's you need really to consider segmenting broadcast domains and generally splitting the network into routed subnets. On our network it also helps as I can immediatly identify a packet coming from 192.168.3.x as having come from a pc on our preprep site etc
Its not so much about security although it can be, it just limites the broadcast domains so that each segment is quieter and more of the bandwidth can be used for actual data rather than retransmitting broadcast packets to every station. This also helps to limit the impact of doing something like pushing an image over multicast as only the VLANS involved are saturated by the traffic.
HP 8206ZL core switch
A wide range of 2650s, 2610s the odd 6108 and the odd 1800 HP switches dotted around, Every building or section is on a seperate Vlan, wireless on a seperate vlan, video traffic, print traffic etc all on their own vlans (equates to about 14 Vlans in total), Trunking in place between most main fibre connections, network is capable of running 10GB, all we need is compatible end switches and one addition to the 8206, but that's for the future.
Vanilla network running Server 2008R2 pretty much accross the board (only 2 server 2003 boxes left now), about 650 desktops and 200 laptops in total, about 75% currently on windows 7, will be 100% by the end of next week :)
Just about to roll out a new Juniper network consisting of 2 x EX8208's in the core with EX4200's at the edge (24/48 port full + partial PoE versions). Redundant links back to both core switches from each of our cabinets with VLANs for each floor, wifi, printers, servers and various other things. All running with a vanilla server 2008 R2 domain, and by the end of the summer a fully W7 site with about 500 desktops + laptops.
Also rolling out Ruckus wireless this summer together with a complete recable thanks to Net-Ctrl :D
VLANs are also handy if you're giving visitors limited network / Internet access - you can give them an Internet feed without having their festering laptops (I'm looking at you local gov) on your production network.
2 x 3Com 5500G-EI as cores
3Com 4400 / 4500G edge
Vlans per building/floor
3Com 7700 core
3Com 3870 edge
Vlans per building
3Com 5500G-EI core
3Com 3870 edge
Vlans per floor
3com 5500 core
vlan per function
2 x Juniper EX4200 cores
Juniper EX2200 edge
vlan per function
All site have a LES 100 back to site 1.
Netgear all the way for me, small school so can't justify expensive switches and they have never let me down.... oh and I like the blue.
Just put in a couple of GSM7224s with fibre modules to start vlanning... if I can get my head round it.
have one in my office ready to play with.
Dual Cisco 3550-12G's running HSRP at the core, feeding out via redundant 3508's to 26 x 3524/3548's at the access layer through 4 x optical fibres in a dual redundant PVST config for 'poor mans' load balancing.
The Campus is spread over 25 acres so I have a mixture single mode and multimode fibre. The longest run is just over 4000ft.
Server/SAN switches are Dell 5224's, which are surprisingly good for the money.
All areas are VLANed to minimize broadcast traffic across the network. ACL's to restrict student access to appropriate VLANs.
40 x 3Com 2620 dual radio AP's controlled by a WX5002 controller. Staff, student, guest and mobile device wireless VLAN's for QOS policy enforcement.
Our own managed ADSL2+ direct access conection through a Cisco 878 and firewalled/filtered/managed by a Sonar appliance. (Its nice having control over your own DNS records!)
We host our own mail server, LMS's, terminal server and staff portals which are all available externally. The remote management access is a godsend!
A mixture of 5 physical and 24 virtual servers on 3 x ESX hosts running S2003R2/S2008R/Ubuntu 9.04
Pre-school to 12 with 250 PC's, 40 Mac's, 48 Netbooks, 150 student laptops, 80 student iPhones (and growing!), and shortly 45 iPads.
The 3524/3548's are old school, but the have the features I require and I can buy them for $60 each. When they die I just replace them. I'll start replacing them shortly with 3550/3560 POE's if we decide to go VOIP.
As all the switches are end of life I carry spare units, and also a small stock of PSU's and fans.