No announcement yet.

VLAN Planning

  • Filter
  • Time
  • Show
Clear All
new posts

  • VLAN Planning

    Need to finally break up our network into VLAN's. We do have 3com/HP managed switches throughout the network, just never implemented VLAN's. Here's my first crack at a plan:

    Our organization occupies (1) 7 story building with an IDF on each floor. Cable runs all go back to the main data center to the core switch, which also has all of our servers. Users on each floor do not need to "see" or access resources on any other floor other than the data center.

    Was planning on breaking up each floor into it's own VLAN, ie VLAN100 for 1st floor, VLAN200 for 2nd, etc. However I'm not quite sure how to provide access to the servers. Do I just add each server port to each VLAN I create or do something else.

    Sorry for the basic question, just don't have enough practical experience and trying to read some of the tutorials out on there have given me headache.


  • #2
    Re: VLAN Planning

    I would put all your servers in their own vlan. Are these layer 3 switches? If so you may have to lock down those SVI's with access-lists to prevent traffic from going between hosts. If there is a route in the routing table on the switch it will route it. If your using a router as a gateway with subinterfaces then you would need to put your ACL's on those interfaces. A good option would be to use VACL's (Vlan Access Lists) or private vlans. Im sure 3com and hp switches have this feature. You want to do most of your filtering at the access layer or in case of a collapsed core access/distribution layer. Your core should have very little filtering as its job is to route/switch as fast as possible.
    Last edited by auglan; 23rd March 2012, 17:17.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)


    • #3
      Re: VLAN Planning

      Subnets for printers, workstations and servers is definitely a must. How many of each are we talking about?