Results 1 to 6 of 6

Thread: Vlan Help Please...

  1. #1
    Junior Member
    Join Date
    Oct 2006
    Posts
    4

    Question Vlan Help Please...

    Hello... I am a network administrator trained in Windows Server administration... My knowledge of advanced networking techniques is limited... So my company has recently been reaching the limits of their choosen subnet (192.168.200.x/24)... So I am working on moving them to a class A (10.0.0.0/8)... We have 3 buildings each conntected via a fiber backbone... Each with their own switch stack... My plan was/is to have each building on their own subnet...

    My question is this... What configutation will need to be done to make sure that each vlan can communicate with the servers (all located in one building, could be setup on their own vlan) and the internet (in the same room as the servers, again could be on it's own vlan or even same as servers)...

    Hopefully someone can help me with this I just need some basic direction... No step-by-step is needed...

    Thanks to all in advance...

    Joe S....

  2. #2
    SG Enthusiast koldchillah's Avatar
    Join Date
    Apr 2002
    Location
    Orlando, FL
    Posts
    4,608
    Did somebody forget how to subnet? ( I always hated subnetting in school )

    Instead of changing every IP address for every device why not just stay with your existing address scheme and just subnet it so that you have more host addresses available?

    192.168.200.x/24 (or subnet mask: 255.255.255.0) has an address range of 192.168.200.0 - 192.168.200.255

    By simply dropping an extra bit from your subnet you have 192.168.200.x/23 (subnet mask: 255.255.254.0) which makes your new address range 192.168.200.0 - 192.168.201.255

    Find out how many host addresses you need and then subnet accordingly.

    No need to completely change your entire address scheme. You can go with 10.x or 172.x or 192.x they are all private classes that can be subnetted into Class A, B, or C structure all by tweaking the subnet mask.

    If you've forgotten how to subnet, check out this site: www.learntosubnet.com

    Good Luck!

    EDIT: What type of VLAN's you trying to setup? Port-based using managed switches? IP based? Just make sure your servers are a member of all VLAN's that will need access to them and then you can divide up your network however you want.
    "Nobody's invincible, no plan is foolproof, We all must meet our moment of truth." - Guru

  3. #3
    Junior Member
    Join Date
    Oct 2006
    Posts
    4
    Thanks for the reply...

    But no I did not forget how to subnet... You see this is only one of 7 locations... Each location has it's own subnet.. Starting with HQ (here 192.168.200.0/24) and moving out (192.168.201.0/24 - 192.168.207.0/24) each office runs on their own subnet... So you see simply changing the subnet mask would force me to re-work the entire network instead of just the one location.. This would not work for me... But thanks anyway....

  4. #4
    SG Enthusiast koldchillah's Avatar
    Join Date
    Apr 2002
    Location
    Orlando, FL
    Posts
    4,608
    Quote Originally Posted by jsherman
    Thanks for the reply...

    But no I did not forget how to subnet... You see this is only one of 7 locations... Each location has it's own subnet.. Starting with HQ (here 192.168.200.0/24) and moving out (192.168.201.0/24 - 192.168.207.0/24) each office runs on their own subnet... So you see simply changing the subnet mask would force me to re-work the entire network instead of just the one location.. This would not work for me... But thanks anyway....
    I see. You made it sound like one LAN spread over 3 buildings, rather than a larger multi-site network. How are your sites joined? Site-to Site VPN?

    How many host addresses do you need at HQ? 10.x.x.x/8 opens up the address range quite a bit, thats why it struck me odd. Sorry if my tone offended you.
    "Nobody's invincible, no plan is foolproof, We all must meet our moment of truth." - Guru

  5. #5
    Junior Member
    Join Date
    Oct 2006
    Posts
    4
    No ofense taken... Don't worry...

    Honestly I could get away with a class b... But who really uses that?? I figured that going strait for the largest made the most sense... So we wouldn't end up like this in another 5 years... This company has seens it's network grow 3 fold in the last 2 years... I only expect it to get worse...
    As for the branch offices... We have 6 each with a slew of different internet connections... All have a watchguard firewall and we use their built in "brnach office vpn" function to connect the offices... It works quite well and the domain controllers all communicate with no problems at all (yes we are in 1 single active directory domain split into 7 sites)... All together we have about 40 printers, 150 clients, 20 network devices, 10 servers, and some other odds and ends on the network... Basically it's come down to running my DHCP scope with about 10 addresses free at any 1 given moment... And during our openhouses we have actually run out... So before our next one I would like to move to a larger IP scheme...

    Again my basic question is what vlan settings would I be putting on my servers and internet connections... So if I do like this...

    Building 1 = VLAN 1
    Building 2 = VLAN 2
    Building 3 = VLAN 3

    Do my servers get tagged with VLAN 1, 2, and 3... Or do I put them in there own and setup a router in the switch (yes my switches can route)...

    I guess another question is what do I do with the printers and network devices in each of those buildings... If a printer is in Building 3 does it get put on VLAN 3 or should there be a printer VLAN and have only the servers talk to that vlan...

    These are all the wierd questions I can't seem to get answered....

  6. #6
    SG Enthusiast koldchillah's Avatar
    Join Date
    Apr 2002
    Location
    Orlando, FL
    Posts
    4,608
    Well, from a security standpoint, you want your IP scope to be just large enough to handle all your projected network growth, but never so large that you'll have 1,000's of available IP's that you'll never use. Having all those extra IP's is a huge security risk. All you really have to do is pick the number of addressable hosts you want to have available, and then subnet accordingly.

    A full Class B will give you 65,534 IP addresses. Do you really even need that many? Going back to my original post, it really only sounds like you need to borrow an extra bit from your current subnet class just to expand a bit. If you planned on switching to a 10. class, you were going to have to reconfigure your entire address scheme anyways.

    For VLAN's, yes you just want your servers to be members of each VLAN that will need access to those servers. So it will look something like this:

    Building 1 hosts = VLAN 1
    Building 2 hosts = VLAN 2
    Building 3 hosts = VLAN 3
    Servers and other shared nodes = VLAN 1, 2, 3

    If your printers are installed on the server and shared out that way, then you should be fine with the above setup, otherwise the printers will need to be added to any other VLAN that will need access to that resource, so you may end up with a shared printer that is a member of more than 1 VLAN.
    "Nobody's invincible, no plan is foolproof, We all must meet our moment of truth." - Guru

Similar Threads

  1. VLAN vs. network address ?
    By net_guest in forum Networking Forum
    Replies: 4
    Last Post: 03-16-12, 02:05 PM
  2. VLAN and Domain Controller
    By zdawg in forum Networking Forum
    Replies: 6
    Last Post: 06-22-06, 10:49 AM
  3. single dhcp on multiple vlan
    By mimi_ren in forum Wireless Networks & Routers
    Replies: 0
    Last Post: 05-26-06, 04:02 AM
  4. A routing query
    By dileepviswa in forum Wireless Networks & Routers
    Replies: 1
    Last Post: 02-22-06, 11:26 PM
  5. should each vlan have its own link to edge router?
    By Beholder in forum Networking Forum
    Replies: 2
    Last Post: 01-11-06, 09:49 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •