Results 1 to 6 of 6

Thread: Should I bother with VLANS?

  1. #1
    Junior Member
    Join Date
    Jul 2009
    Posts
    2

    Should I bother with VLANS?

    Hi all,

    I am currenty putting in place a new network, there are around 80 users here and around 7 departments, currently everything is on a flat 192.168.1.0 range all connected together via normal layer 2 switches with a default gateway of a firewall with 2 interfaces (inside/outside)

    I am putting in place 2 layer 3 switches (1 for each building we have) i have configured a port on the layer 3 switch for each department, something like this:

    marketing: 10.39.20.1
    sales: 10.39.21.1
    admin: 10.39.22.1

    and so on and so forth. By doing this i have split each department into its own broadcast domain and ive cut all the broadcast traffic on the network right down.

    My question is, with this setup is there any benefit for me to setup vlans aswell? i.e a vlan for each department.

    Many thanks

    Cyrus.

  2. #2
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,907
    I use port based VLANs when I want to isolate parts of the network..so that computers that are members of 1 VLAN cannot access computers that are part of another VLAN.

    Example...schools networks, where the entire school shares one internet connection, it's desired to keep the "office" network separated from the general student body/classroom network...to keep those kids from hacking into the office PCs and giving themselves good grades.

    Other scenarios..when you have an open/guest wireless network...where unknown visiting laptops may be able to access the internet, but you desire to keep them away from your primary network. I use port based VLANs for that too.

    So in your situation...where you have sales/marketing/management...do they need to access any common line of business applications? Or share any data at all in between the 3 networks? If so, then port based VLANs will not allow that, and not be an option for you.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  3. #3
    Junior Member
    Join Date
    Jul 2009
    Posts
    2
    Hey thanks for the reply.

    I see what your saying, I have setup an 'IT' subnet aswell which hosts all the servers etc and this is the only subnet that each department will need to access, the departments themselves will not need access to the other departments. My idea was that if I do create vlans i would create a vlan for each department and put the IT port into each vlan so they can all access it, and also put the gateway port into the vlan (the port that is linked to the isp router)

    I guess really im looking to see if doing this is going to give me any performance benefit?

    thanks

  4. #4
    Moderator YeOldeStonecat's Avatar
    Join Date
    Jan 2001
    Location
    Somewhere along the shoreline in New England
    Posts
    50,907
    For under a 100 nodes (class C generally)...nah...I don't see any performance gain in going through all that.
    MORNING WOOD Lumber Company
    Guinness for Strength!!!

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Posts
    1

    Hi

    i am very new to posting on forums so please be gentle.

    i work at a school with around 1700 kids and around 300 teachers, we have 1000 devices on the network (laptops, desktops etc) located in many different places across the school campus we have mini data cabinets with fibre/copper links back to our main computer room. this is a pain but the site is very old and over time new buildings have been added, class rooms have expanded etc, as the site is very large there has always been a distance problem, so hence the cabinets everywhere. in all the cabinets we have a mixture of HP procurve 2650, 2525, 2626 switches. in the past there has never been any management done with the switches, just unbox and plug in (before my time) i have since been to all the switches, labeled them, given them an IP address, turned on multicasting and spanning tree. by just doing this our network speed has increase as we are in the middle of doing large amounts of ghosting and rebuilds.

    anyway getting way off the point, would it be an idea to create a few different VLANs, would this tidy/speed up the network up and be good house keeping on a network our size? if so how would i go about starting to do this, how many VLAN etc etc etc???

    many thanks

  6. #6
    Regular Member
    Join Date
    Jan 2009
    Posts
    112
    i setup vlans on my client networks so desktops/laptops can not talk to each other .. but can talk to the server vlan.

    This prevents one desktop from getting a virus, and infecting other desktops ... it also stops rogue dhcp servers from being setup.

Similar Threads

  1. Windows 2003 as Router/Creating VLANS
    By Bazza84 in forum Networking Forum
    Replies: 0
    Last Post: 05-06-09, 09:47 AM
  2. VLANS and throttling
    By buuuug in forum Wireless Networks & Routers
    Replies: 0
    Last Post: 08-02-08, 07:30 AM
  3. T1 and VLANS
    By isukatdancing in forum Networking Forum
    Replies: 11
    Last Post: 06-06-08, 02:01 PM
  4. 2 NICS, 1 PC, VLANS and Internet - Not working
    By MikeMCC in forum Networking Forum
    Replies: 0
    Last Post: 05-13-08, 11:56 AM
  5. How to implement dynamic Vlans assignment Using Nortel?
    By fida33 in forum Networking Forum
    Replies: 0
    Last Post: 05-04-07, 10:47 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •