Solved

Vlan Consideration in respect to all printers on one Vlan distributed between 4 buildings in campus environment

Posted on 2008-10-13
7
450 Views
Last Modified: 2012-05-05
I started a new job with a company where I got to install all new Cisco Equipment.  I am in the final phases of my future design proposal.  Currently all of the printers are on a 10.0.2.x subnet.  It would be a lot of work to move all of the printers.   Would it be a bad design to have a certain VLan and subnet be the same between four different buidings?  Currently the big problem is they have a flat design with no layer 3 devices at all.   There will be mainly 3 buildings that I want to introduce ether-channel layer 2 to get to the core.  The core I have chosen to be in one building where the Firewalls and the internet egress out of.   The plan is to go with full redundant model.  The company is pretty good size but we may have a collapsed core design in which the core does dual functions of distribution and Core.    I am concerned it is a good idea to have your vlan broadcast stop at the closets between buidlings and route from their.   If I did this then I would not be able to have the Vlan for the printer subnet 10.0.2.x be a vlan in almost every switch within the three buildings.   That is I have to have vlan representation for the 10.0;2.x subnet in all three buidlings if the printers will all share the 10.0.2.x subnet.   Hopefully this makes sense.
0
Comment
Question by:asmusjer1
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:kdearing
ID: 22708824
VLANS are normally organized in one of two different ways:
1. geographically; by floors, buildings, etc.
2. functionally; i.e. accounting, sales, engineering, etc.

So the short answer is, yes.
Grouping your network devices by function is one of the 'best practices' of network design.
0
 

Author Comment

by:asmusjer1
ID: 22711686
The problem I have is you would want to keep your Layer 2 traffic confined to the closet or within one building.  You will use layer 3 to route to the Core from there.  If I have an IP subnet range 10.0.2.x that represent all printers I can only use that Vlan at one location or building.   I would be forced to not use Layer 3 between buildings and let the Vlan's traverse out to the core.   The confusing part for me there is collpased core for smaller enterprise solutions.  The cofusing thing is the Print Server will be represented by the Server IP subnet scheme.  The users will all have to be routed to first get to the print Server which then passes the information where the actual printer is.  It acts like a DNS Server and does routing.  I am looking for best practical design that is scalable.  The scalable solution is always routing between buidlings.  I am just looking for feedback.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22712258
Okay, it sounds like you have already decided on a geographical-type VLAN structure.
But the printers all in one VLAN throughout 3 buildings is your concern.

A couple of questions...
What type of inter-building connections do you have?
What are you planning to use for Layer3 routing?
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:asmusjer1
ID: 22712655
There is Fiber between the buildings and they will be connected between 3750 stacked switches via Etherchannel or I am confused how he Redundancy works as far as Layer 3.   If we are doing layer 3 between buildings then I would not be able to use etherchannel.  Correct?   A routing protocol would load balance.

EIGRP.   I have never setup a Layer 3 design before

Three buildings.
TMV = Core
T-INC = Distriibution
T-Inc East = Distribution

The fiber goes between buidings but T-Inc is in the middle of the Fiber Runs.  T-Inc East has to go through T-inc to get to TMV Core.

Phase I :  I can only purchase 9 switches.and the gbics.   I am forced to use the old 3com switches for Access Layer for a few months.   I might not be able to pull off layer 3 for a few months.  I might have to go with layer 2 out to the Core and route from there via 3750 G stack layer 3.   I am trying to design my model in phases with full redundancy as my final goal.   Two switches each are for connecting between buildings and the final three switches are for a Server Farm.  The Server Farm is in the same area as the Core Switches at TMV.  In essence they are an extension of the Core.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 22713885
Ah, I understand now.

If you plan to use a Layer3 Etherchannel, then you cannot trunk the ports.
This means you'l have to change the IP addresses of printers in at least 2 buildings.

If you do not want to change the printer IP addresses, the use a Layer2 Etherchannel.
This will allow you to trunk the VLANs across the buildings.

It all comes back to a design preference of whether you carve up the VLANs geographically or functionally.

Most of the time, I prefer functional VLANs. With carefully selected ACLs, you can enhance the security of your network.
For example:
    denying access to accounting and HR resources
    maybe some group of users don't require internet access
    easier policy-based routing if you have multiple ISPs
    etc.

0
 
LVL 13

Accepted Solution

by:
kdearing earned 500 total points
ID: 22713907
0
 

Author Comment

by:asmusjer1
ID: 24453998
Thanks
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now