Question

VLAN, DHCP, Cisco Wireless LAN Controller Network

Asked by: sharwani

I am designing/installing a network for a client.  They require a Office VLAN (192.168.1.0/24) and a Guest VLAN (192.168.2.0/24) which get IP addresses from 1 DHCP server.  They also require a wireless LAN primarily for guest access (Guest VLAN), but if need be, it should also be able to connect to the Office VLAN.  I will be using Cisco routers, switches, WLC, and APs.  I've attached a network diagram that lays out my current proposed design.

I was wondering if this design would work?  From what I have read, I know that I would have to enable IP helper-address on the router, but is that something I can enable through Cisco SDM?  I am not very familiar with the CLI.  Also, are there any drawbacks to this approach or a better design?  Any feedback would be greatly appreciated.

Thank you.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2008-09-03 at 04:09:01ID23698769
Tags

Cisco

,

network

Topics

Networking Hardware

,

Wireless Local Area Network

,

Dynamic Host Configuration Protocol (DHCP)

Participating Experts
2
Points
500
Comments
16

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Cisco - IP helper for a specific vlan
    I have a Cisco 6509 running 12.1 IOS - its the core switch on the network. It has multiple ultiple Gigabit Ethernet ports on it, each of which is connectect to 3550 switches located on each floor of our building. Each of the gigabit eithernet ports has two VLANs configured ...
  2. Guest wireless on VLAN seperate from LAN network on Ci…
    Our company just got a Cisco 1231 AP. I know it has extensive VLAN options and would like to setup a 'less' secure SSID for company guests to use to access internet/email through our internet connection. Is there a way to setup an SSID that can only pass traffic to our inte...
  3. Multiple vlans
    I am trying to setup my home network and seperate a guest network from my private network. The problem I am having is my 3524 switch is not seeing the second vlan. Here is a rundown on my home setup. Private Network Cisco UBR905 cable modem router --> Cisco PIX 520 -->...
  4. Cisco WAP Install with Guest VLAN
    I have been tasked with implementing a wireless network using Cisco equipment and need a little guidance as this has to be done by next week. Background: We have two sites, connected to a data center via MetroE. I am implementing the WiFi in our local offices, but our inter...
  5. Creating Guest VLAN for wireless Cisco 1100
    I have a Cisco AP1100 with one SSID and puts all users onto VLAN 1of the 2950 switch to which it is connected. I would like to create a guest VLAN that would put guests onto another VLAN - say VLAN 111. I am seeking the basic steps required at the switch and AP to add a gue...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: TreyHPosted on 2008-09-03 at 19:36:18ID: 22383986

Design looks good. One thing you might consider is using a layer 3 switch for the routing instead of the stub router in the drawing. The stub router (router on a stick) could be a bottleneck. I would use a layer 3 switch and a Cisco Pix or ASA for a firewall.

 

by: sharwaniPosted on 2008-09-03 at 21:25:34ID: 22384288

If I do use a layer 3 switch, do you know if it is possible to setup IP helper-address and Inter VLAN routing through the Web GUI or the Cisco Network Assistant?

Thanks for your help.

 

by: TreyHPosted on 2008-09-04 at 03:54:40ID: 22385858

Honestly, I've never used the GUI configs except to set up Cisco wireless gear so I'm not sure if you can or not.  If you're going to be using Cisco gear, I would strongly advise learning to use the CLI. There's lots of examples out there and older Cisco routers can be had off Ebay pretty cheap for testing/learning with.

 

by: dkarpekinPosted on 2008-09-04 at 06:01:48ID: 22386708

If there would no more, than100 boxes, bottleneck will not happened.
Switch on middle is totally extra( unless it will be PIX), and  it is better  use bigger Class B, for example.
This way, everything will be on same subnet, so will be no problem to access "central resources"  from "clients", regrdless of clients been separated by VLAN.
Every "logical group"- officce/servers and routers/contractors and so on better place in blocks by 255 IP in each block, for example.
In larger environments better use single subnet with size of your need, and separate them by VLAN's.
192.168.x.x is not recommended- it is for home/small company use.
172.16.0.0 on 255.255.0.0 will give you ~65000 addresses.
And you can use them by block
172.16.0.1-172.16.255 -servers/routers
172.16.2.1-172.16.255 -office users
172.16.3.1-172.16.255 -remote users
172.16.4.1-172.16.255 -other building users
172.16.5.1-172.16.255 -contractors

This way separation on usage can be easy achieve by ACL, on top of use VLAN's.
It is easy to manage enable firewalls, base on those "blocks", where is one logical group within certain range of IP .
Other advantage using blocks, that you can very easy to allow access of the non-trusted users, only to the particular range of IP - 172.16.10.1-172.16.255  shared equipment for contractors to test.
Cisco 2800 should be the edge router. Does have WebVpn allows max. flexibility for external users.

 

by: dkarpekinPosted on 2008-09-04 at 06:23:17ID: 22386904

 

by: sharwaniPosted on 2008-09-04 at 20:37:55ID: 22395074

Thanks for all of the input.  I've updated my diagram according to the suggestions of TreyH and I will most likely be adjusting my IP scheme as recommended by dkarpekin.

This network will be installed in a medium sized hotel and I am trying to fulfill these requirements:
1) Guest VLAN for Wireless/Wired Internet access for hotel guests
2) Office VLAN for the front office network with possible Wireless Access
3) Security VLAN for IP cameras and storage
4) From what I've read on the forums, seems I will also need a Management VLAN
5) The Office and Security VLANs should be able to fully communicate between each other
6) The Guest VLAN should have no access to the other VLANs and only connect to the internet

I've attached the diagram of what I am currently thinking.  I will enable IP helper-address on the Layer 3 Switch to the DHCP server on each subnet interface so that every client can get IPs from separate scopes.  And I will use an ACL that allows routing between the Office/Security VLAN and only allows Guest VLAN traffic to access the internet.

Does all this seem right?  And is this a good solution?

Thank you again for all of the help.

 

by: dkarpekinPosted on 2008-09-05 at 05:29:22ID: 22397978

I don't see nessaty of using Layer3 (sorry TeryH), you do usialy need layer3, when you have  a lot of routers on network, or it is really large network (campus type) to simply/orgonaized/of load CPU usage routs within structure.
In new diagram you have 4!!!! switches............should be only 1, maybe 48 port switch, but if there is need have extended distance-above 300 feet, then you use 2 switches conected over fiber backbone.
If you'll use Cisco2800 serias router, then you can add into 16 port switch module-use for "main" LAN, use FE0/0 port for WAN, and FE0/1 for additional subnet , diffrent than your "main" LAN.

 

by: dkarpekinPosted on 2008-09-05 at 05:33:05ID: 22398005

P.S.
In your current configaration, you can have only 1switch (layer2 , instead of layer3) in "cental", and perefiriar switches replace with $30 8-16 "unmanaged" switches...................
Layer 3 is more expencive, than layer 2, and looks like total "overkill" in this scenario.

 

by: dkarpekinPosted on 2008-09-05 at 05:37:30ID: 22398034

Please remember, not to "desy chain" switches, like you did layer3-vlan2-vlan3 link..................
It is not recomended go above 3 switches in chain (and you got close to it).
It is always adviced used star topology to minimaze switches in a link, connect them "backbone ports"

 

by: sharwaniPosted on 2008-09-05 at 06:01:51ID: 22398312

The only reason I was thinking to use a Layer 3 switch was due to possible bottlenecks mainly when connecting from VLAN 2 to VLAN 3.  VLAN 3 produces very large video files and from my understanding most decently priced routers only have 10/100 switch ports which could possible create a bottleneck.  Am I correct to assume this?  

Thus, I was thinking to use the Cisco Catalyst 3560-8PC (which is fairly inexpensive) as the Layer 3 switch which has 1 10/100/1000 port to Trunk to VLAN 2 and then possibly buy a Cisco 1800 series router.  


 

by: dkarpekinPosted on 2008-09-05 at 06:13:21ID: 22398446

Catalyst 3560-8PC is really powerfull switch, good to use in large networks.
It is defently better use 1GB, Cisco 2960-48port will be just fine, and I'd advise to use Cisco2800 router, 1800 not so flexible, as 2800.
2800 do have tremendous set of the futuries.
It is very good to use devices in groups, but have them connected to "unmaneged" 1GB switches- like netgear.
All perefiriar "unmanaged" switches will be connected "in star topology" to 2960 48 port 1GB, which will beheive as "agregation" backbone point.
This will be most effecient, but powerfull set up, capable to handle intence video traffic.
Other thing - you should considere use of CAT6 and 1GB rated plugs and patchpanel, 1GB is very sencative to cabling structure.
Test your peerformance after all , you can use PC-to-PC,across diffrent part of network:
Iperf 2.0.2 installer for Windows from
http://dast.nlanr.net/Projects/Iperf/                       Look for kperf_setup.exe

This will help narrow down problem, find "bottleneck",cable problem, diffrents in file transfer type, and so on.

 

by: sharwaniPosted on 2008-09-05 at 06:19:35ID: 31492682

Thank you again for all of the input!  

 

by: dkarpekinPosted on 2008-09-05 at 06:41:23ID: 22398776

P.S.
Placing everything on single subnet ( portions is still seperated by VLAN- so itis totaly save), will take away nessaty use "IP routing calculation", therefour reducing load on router (it is not going to be big anyway, but that was idea behind of using layer3).

 

by: dkarpekinPosted on 2008-09-05 at 07:20:30ID: 22399228

Maybe not relitive but come across "HD ip camera" would be intersting to see how it will work/bandwith use of all 16, if you'll decide get one.....
http://www.sourcesecurity.com/new-products/listing/1/product-profile/cctv/image-capture/ip-cameras/indigovision-hd-fixed-ip-cameras.html

 

by: sharwaniPosted on 2008-09-05 at 08:10:08ID: 22399787

I'll keep that in mind when I redo the IP scheme.

As for the IP Cameras, current bandwith usage, for a similar camera you linked to, is between 6.4-11 Mbit/sec per camera using the MPEG4 codec which requires more then 100Gb of storage per day again per camera (without compression).  Newer cameras, like the one you linked to, have started using the H.264 codec which reduces bandwith/storage requirements by as much as 50%.  The new codec is changing the industry, but very few H.264 cameras are available today.  The vendor we are using, Axis Communications, who is the leader in the IP camera industry, has only 2 H.264 cameras so far which became available only 10 days ago.  So as of right now, I am reluctantly having to use the MPEG4 codec, and having to deal with the higher bandwith/storage server costs.


 

by: dkarpekinPosted on 2008-09-05 at 08:16:09ID: 22399856

yep, thats the downside............HD IP should start go backward , recording on old-fashing tape, unless storage cost will drop dramaticly..........

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...