VLAN and VLSM
Posted on 2009-05-14
I have a network with 600 nodes. It is spread across 3 buildings on a single campus. There is a core switch and a number of edge switches, each of which has either a gigabit optical fibre connection (for linking areas where there is a high-density of PCs) or a copper gigabit line back to the core switch. We have approximately 10 - 12 edge switches all linking back to the core using this hub-and-spoke topology. All switches are various incarnations of managed HP ProCurve switching hardware, with a Layer 3 capable switch at the core.
We are looking at implementing VLANs (the network is currently a flat network, all of which is running on a default VLAN on the core and edge switches).
Prior to rolling out VLANs site-wide, we are going to do a controlled test; all PCs on one particular edge switch will be placed onto their own VLAN (and therefore their own broadcast domain) to separate them from the main network segment. At present, all the devices running from this edge switch are running on DHCP. I need some assistance in the steps to configure this.
The first step is clearly to designate a subnet of IP addresses which this new VLAN will run on. Due to the way in which the network is configured, we have a fixed range of addresses: 10.3.36.0/22 (255.255.252.0) which gives the range 10.3.36.1 through 10.3.39.254.
At this stage, we are unable to change the subnet mask of any other PCs on the network, since the VLANs are not going to be rolled out site-wide. I am therefore hoping I can designate a subnet for the new VLAN (say, 10.3.39.0/27) and have this work via VLSM to the rest of the network. Firstly, is this possible? Can the main network work on 10.3.36.0/22 in the interim, while my new VLAN operates on 10.3.39.0/27 for test purposes?
Second, I need to properly understand where I configure this. Since all devices on the edge switch are going to be members of the same VLAN, I guess I have 2 options? Either: ignore the config on the Edge Switch, and simply set its uplink port on the core switch to be part of the new VLAN. Alternatively, make each port on the Edge a member of the new VLAN, and then assign the port at the core to this VLAN also. Would this be a problem?
I will then re-arrange DHCP so there is a dedicated scope for the new subnet. The address range used will be excluded from the current scope of addresses for the purposes of testing. Where do I configure the IP Helper for DHCP. At the edge switch or the core?
Finally, I have been looking at this and note a requirement for an 802.11Q VLAN ID. What exactly is this? Is it the subnet ID?