Announcement

Collapse
No announcement yet.

Suggestion on setting up VLAN

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Suggestion on setting up VLAN

    Hi Guys,
    Please find a Network diagram of our present company.

    Our IP Scheme is 10.30.10.xx with Subnet Mask as 255.255.255.0

    We are exploring how to segregate our Operation Department, Sales Department and IT department with the help of 3 VLANs.

    Now the question arises, that do we really make any significant benefit by having 3 separate VLANs.

    If no, then leave as it is as I unnecessarily do not want to make things complicated.

    If yes, please educate me on the following:

    • How does DHCP allocate IP address that is on 3 different logical network.

    • Do we need to buy a router to route traffic between VLANs or can the Firewall do the job of routing as we can setup static routes on the Firewall.

    • The Nortel Switch sitting on the backbone has layer 3 switching capabilities. Can that be used for VLAN routing.


    Many thanks in advance,


    Cheers,
    Pankajb
    Attached Files

  • #2
    Re: Suggestion on setting up VLAN

    Let's start with some questions:

    1. What are you trying to accomplish by segregating the departments via VLAN's?

    2. Is there a security issue that you're trying to address?

    3. What is the reasoning behind wanting to implement VLAN's?

    4. Are you trying to reduce intra-vlan traffic (broadcast and multicast traffic)?

    5. Do the users in all departments access the same backend servers (AD, Exchange, File, etc.)?

    Comment


    • #3
      Re: Suggestion on setting up VLAN

      Thanks joeqwerty for your questions.

      Gave me a chance to scracth my head for a long time, think and pull out few hairs.
      Well here are my replies to your questions:

      Let's start with some questions:

      1. What are you trying to accomplish by segregating the departments via VLAN's?
      Having small groups of manageable LANs and reduce broadcast & multicast traffic.

      One big reason is ----We have Sales users who are bandwidth hoggers as they download heaps of files, videos etc for their presentation to clients. If we put them on a separate VLAN, the other users on different VLANs will not be affected.
      At least that is my assumption. Correct me if I am wrong.

      2. Is there a security issue that you're trying to address?
      Not really at this moment but yes in the long run.
      At times we have contract users come for work for a short period. I am planning to setup few workstations that would be member of a separate guest VLAN. Once we had a user who had Limeware on his laptop and got the network down on its knees.

      3. What is the reasoning behind wanting to implement VLAN's?
      Same as I have answered for Q1.
      4. Are you trying to reduce intra-vlan traffic (broadcast and multicast traffic)?
      Yes.
      However, I donít know how much efficient the LAN would be without Broadcast & Multicast Traffic.


      5. Do the users in all departments access the same backend servers (AD, Exchange, File,
      etc.)?
      All Department users use the same Backend Servers ie AD, DNS, DHCP, File Server. Only IT department has developers who work on Linux Server for Web Development on MySQL and PHP. However, they use the same DHCP and DNS.

      Cheers,

      Comment


      • #4
        Re: Suggestion on setting up VLAN

        I've quoted you and put my responses in bold to try to keep this post unconfusing. Hope you can follow my meandering...

        Originally posted by pankajb View Post
        Thanks joeqwerty for your questions.

        Gave me a chance to scracth my head for a long time, think and pull out few hairs.
        Well here are my replies to your questions:

        Having small groups of manageable LANs and reduce broadcast & multicast traffic.

        One big reason is ----We have Sales users who are bandwidth hoggers as they download heaps of files, videos etc for their presentation to clients. If we put them on a separate VLAN, the other users on different VLANs will not be affected.
        At least that is my assumption. Correct me if I am wrong.
        But all users use the same internet connection so having VLAN's will not help you here.

        Not really at this moment but yes in the long run.
        At times we have contract users come for work for a short period. I am planning to setup few workstations that would be member of a separate guest VLAN. Once we had a user who had Limeware on his laptop and got the network down on its knees.
        A VLAN would help in this case if you didn't allow this VLAN to access any of the backend servers or the internet, which I'm assuming you would not want to do since what would be the point of connecting to the network if you couldn't access anything.


        Same as I have answered for Q1.
        Yes.
        However, I don’t know how much efficient the LAN would be without Broadcast & Multicast Traffic.


        There probably isn't any significant broadcast or multicast traffic that's affecting the network performance, so the benefit of reducing the broadcast/multicast traffic with VLAN's would be minimal.

        All Department users use the same Backend Servers ie AD, DNS, DHCP, File Server. Only IT department has developers who work on Linux Server for Web Development on MySQL and PHP. However, they use the same DHCP and DNS.

        Cheers,
        Based on your answers then IMHO VLAN's won't be of much benefit. You can't really control the internet traffic via VLAN's because you only have one internet connection that is used by all hosts regardless of which VLAN they're in. So someone in Sales could still hog all of the available bandwidth, even if they're in another VLAN. The only way to control the internet traffic via VLAN's is if you didn't route traffic from one VLAN to the internet, which I'm assuming you would not want to do. Also, implementing VLAN's is going to complicate the network, you'll have to set up routing between the VLAN's with a layer 3 switch or your router or firewall.

        Comment


        • #5
          Re: Suggestion on setting up VLAN

          Hi joeqwerty,
          Many thanks for your reply.

          With your questions and replies to my replies, things are much clearer to me about the concept of VLAN and its implementation.

          Cheers.

          Comment


          • #6
            Re: Suggestion on setting up VLAN

            Glad to help.

            Comment


            • #7
              Re: Suggestion on setting up VLAN

              Originally posted by pankajb View Post
              Hi Guys,
              Please find a Network diagram of our present company.

              Our IP Scheme is 10.30.10.xx with Subnet Mask as 255.255.255.0

              We are exploring how to segregate our Operation Department, Sales Department and IT department with the help of 3 VLANs.

              Now the question arises, that do we really make any significant benefit by having 3 separate VLANs.

              If no, then leave as it is as I unnecessarily do not want to make things complicated.

              If yes, please educate me on the following:

              • How does DHCP allocate IP address that is on 3 different logical network.

              • Do we need to buy a router to route traffic between VLANs or can the Firewall do the job of routing as we can setup static routes on the Firewall.

              • The Nortel Switch sitting on the backbone has layer 3 switching capabilities. Can that be used for VLAN routing.


              Many thanks in advance,


              Cheers,
              Pankajb
              1. DHCP will allocate to the machines the correct IP address IF you can utilise the IP Helper command on your Cisco switches. Pretty easy to setup in all honesty. You must also have seperate scopes setup on your DHCP server to handle this.

              2. No you don't need to buy a router to route between VLAN's. If you configure your switches correctly they will handle the routing.

              3. The Nortel switch could handle VLAN routing.

              IMO you don't need VLAN's. You could create VLAN's easily though if you really wanted to. I would prefer to have the same backbone switch as what you are using in the departments. i.e keep Cisco or Nortel but don't mix the 2.

              Comment


              • #8
                Re: Suggestion on setting up VLAN

                Hi,

                Could you kindly help me to get a TEST VLAN setup for me so that I can use MY LAPTOP for office network for my regular Sysadmin job as well as to connect to the Test Server on a TEST_VLAN.

                All office network is on 10.30.10.xx / 24 and on native VLAN 1

                The necessary step required as per my understanding are:

                a) Setup a VLAN called TEST_VLAN on the Nortel Switch
                TEST_VLAN IP - 10.30.20.1

                b) Setup trunking between Cisco 3750 and Nortel with the following command
                (switch)#switchport trunk encapsulation dot1q


                c) Setup Access-list on Nortel Switch to allow MY LAPTOP ie 10.30.10.60 to access TEST_VLAN.

                This is where I am getting stuck. Googled and found various notes on access list and vlan maps but could not understand properly.

                I do not want to mess up the office network by using any access-list that cause interrruption or downtime.

                I have a standby Cisco Catalyst 3750 swtich that I am using for my testing but without success. I am uploading a amended Network Diagram for your convenience.

                Many thanks,

                Cheers,

                Pankajb
                Attached Files

                Comment

                Working...
                X