Setting up VLANS
I know there are many posts on this topic, but all seem to be a little confusing and seem to be a million and one different answers to the same kind of questions, so appologies up front for another post on this topic...
Half Term is here so I am wanting to setup some VLANS in our school to try and reduce the amount of broadcast/network traffic going around the place... whee should I start?!?
The majority of our network switches are the D-Link DGS Series (1248T/1224T and 1216T)
We have one flat vanilla network at the mo...
We have Network Data Projectors in the classrooms, that allow the staff to connect their tablet PC's wirelessly (Some projectors have Cat5 Network leads connected to them, some are wireless, they are all the same type of projector, all staff access the network wirelessly using Ruckus Wireless)
We have 4 main IT rooms, a 6th Form study room and a library suite.
We have an admin server that has SIMS installed on it and, Curriculum server which does all the Grou Policys/Print Server/DNS/DHCP etc etc for everybody and a storage server that has all the home drives/share drives etc for Staff and Pupils
How should I plan for a VLAN with this setup?
Should I create a VLAN for each IT Room? Should I create a VLAN for all IT Rooms together?
Should I create a VLAN for all the Network Projectors? How would this work if some were on the wireless network?
Any pointers would be great... and please let me know if you require any further info about our setup for this to work...
Staff would need access to, Curriculum Server/Admin (SIMS) Server and Storage Server...
Pupils only need to be able to see Curriculum and Storage Server...
VLAN based on servers and IP ranges, not based on rooms, otherwise that will get too confusing. If you do it based on IP ranges, you can set your wireless to have VLANS based upon the SSID they connect too :)
We did that with our Ruckus and 3COM stuff :D Works a treat
I created VLANs for each IT room, then one for wifi, one for our phone system, one for servers, one for admin machines and then a final one for general machines - so any random ones floating around.
They're assigned by MAC address, rather than manually setting up ports, and it works quite nicely.
There you go...2 examples of how different vlan systems work well :-)
start with a topology diagram (enclosed our example)
then configure the DHCP, then the core switches, then the edge switches, add the vlans to you AD and jobs a good'un.
I believe its better for create VLANS based on devices not rooms, I did this at my place:
CASHLESS (CANTEEN SYSTEM)
VOIP (PHONE SYSTEM)
VID (IP TV SYSTEM)
We have a nice layer 3 HP ProCurve Switch 5406zl (J8697A) core.
Problem there is, you still end up with a massive number of 'clients' in your wired area... If we did that at our place, whenever we did a ghosting, the entire vlan would crawl due to it.
Originally Posted by IanT
We don't have that problem at all.
Originally Posted by localzuk
depends on the size of the establishment i would suppose
It really does depend on your organisation and there is no right or wrong way of what to use VLAN's for but work out what you want the VLAN's to achieve. Definetly one for VOIP though.
There are two types of VLAN implementation:
Local VLAN's- Local to that switching closet.
End-to-end VLAN's- organisation wide.
Cisco now recommend using Local VLAN's there are advantages and disadvantage to both along with best practices. One reason for the change is Layer 3 distribution.
I tend to go for the functionality route.
VLAN for IT roos
VLAN for Library
VLAN for administration and staff room
VLAN for sixth form
VLAN for humanities
VLAN for .....
Anyway hope it helps.
Thanks for all the replies soo far... I'm still at a slight loss of what to do!
I've printed out the manual tonight for the switches to see what it says... I might try with one area of the school first (or one IT Suite) and see how I get on.
Do I need to do anything special to the servers/printers as I would need all VLANS to be able to see and connect to these machines.
Note the L3 core switch will become the default gateway. You need to set this to set default gateway on the switch to 0.0.0.0 0.0.0.0 192.168.1.254 where the internet router is 192.168.1.254
Where you should start is doing some analysis on your network using Wireshark to find out what are causing the problems. VLANS aren't the whole solution, you need to clear out any unnecessary traffic first as you'll still have loading on your switches from this, even if you implement VLANs.
How do you do that?
Originally Posted by localzuk
Use RADIUS Authenticated Device Access (RADA) ie you can authenticate devices based
Originally Posted by K.C.Leblanc
on their MAC address against a RADIUS server, and then automatically assign VLAN ID's and ACL's