Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Vlan understanding

Posted on 2010-11-14
6
535 Views
Last Modified: 2013-11-05
I am a newbie to vlan's, and I am just looking to get the Vlan 101 overview. We have always used a big flat network, everyone on a 192.168.x.x 255.255.0.0 network. As we start to look at making the network cleaner, I am just looking for a simplistic reply. We would have an outside company coming in to set this up for us, but I just want to see if I can take what I know about vlan's, and the answer I get here, to at least have a little better understanding. I am going to use a simplistic example, loosely related to our overall setup.

Example:

We have 2 Buildings, Building A, and Building B. In Building A, we have 10 staff in Group 1 and 20 staff in Group 2. In Building B we have 20 staff in Group 3 and an additional 15 staff in Building B that belong to Group 1 from Building A.   The buildings are connected with fiber, both buildings have 2 3com 48 port 5500G POE switches, and Building B connects to the Internet gateway that comes into Building A. I would want each group to be in their own Vlan, say Group 1 in Vlan 2, Group 2 in Vlan 4, Group 3 in Vlan 6. Internet connection goes into a firewall device in Building A that all users share. So, all users in Building B would route their Internet requests through Building A. Feel free to assign your own IP address ranges to all devices, etc..  

I appreciate your replies! Thank you!
0
Comment
Question by:heydude
  • 3
  • 2
6 Comments
 
LVL 5

Expert Comment

by:Ahmed Ezzat AbuRaya
ID: 34133796
If you want communication to happen between users from different VLANs then you need a layer 3 device (e.g. a router) to implement basic routing between them, because without a layer 3 device, the users in the VLANs have no connectivity and are isolated.
0
 

Author Comment

by:heydude
ID: 34133803
The 5500g is a layer 3 switch
0
 
LVL 32

Expert Comment

by:aleghart
ID: 34133823
VLAN1 - default 192.168.101.xxx
VLAN2 - inter-switch VLAN 192.168.102.xxx
VLAN3 - IP phones - 192.168.103.xxx
VLAN4 - public wireless - 192.168.104.xxx
VLAN11 - Group 1 - 192.168.11.xxx
VLAN12 - Group 2 - 192.168.12.xxx
VLAN13 - Group 3 - 192.168.13.xxx
VLAN14 - Group 4 - 192.168.14.xxx

The internet router would go on the default VLAN1.
VLANs 4, & 101-104 would all have routes to the internet via the router on VLAN1, but not to each other.
VLAN 3 would have route to the internet if necessary (external PBX/servers), or not.

I've had recommendations to create a separate VLAN for switch-to-switch communication.  This could be used to keep the management interface and logging off the normal networks.  I've not done it in practice, but it's there.

I've never liked using 192.168.1.x or 192.168.0.x because there are constant conflicts with remote users' LAN when they connect with a split-tunnel VPN client.  The client can't tell the difference between local LAN addresses and remote network addresses.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:aleghart
ID: 34133830
I have user devices (iPhones, etc.) and visitors, contractors that want wireless access.  A wireless access point that handles VLANs is great...I can connect them to their own LAN and even block communications between devices on that LAN.  Give them no routes except to the internet.

At the router/firewall level you can implement bandwidth throttling or a different set of filters based on the VLAN.  Depending on your router, you also have the option to route them through a specific WAN interface, such as an ADSL circuit, instead of sharing your T1/DS3 or campus network.

Multiple VLANs on the WAP also allows users to connect a printer or laptop and still see the rest of their workgroup...the WAP will give them an IP on their appropriate VLAN.
0
 

Author Comment

by:heydude
ID: 34133852
aleghart,

The network setup you are describing is very similar to our network currently, but not separated into Vlans yet.  I just cannot get the routing straight in my mind with the Vlan's. The stuff that I have been reviewing has had different ip ranges setup for each Vlan. Say one range was 192.168.x.x, another was 10.x.x.x, and another was say 172.x.x.x for the different Vlan''s. I guess that is where I am getting confused. Once it clicks, it will be fie, I just can't seem to get it all to click though.
0
 
LVL 32

Accepted Solution

by:
aleghart earned 500 total points
ID: 34133889
192.168.11.x  can never see traffic from 192.168.12.x .  They are completely separate networks, even though they are "one number" different.  As a matter of fact, neither could see the public internet without your router connecting them to the outside world.

All you're doing is using a router to connect 192.168.11.x (Group 1) to your internet router on 192.168.101.x, then it can hop out to the internet.

Group 2 would have a similar route.  But, no route between 192.168.11.x and 192.168.12.x, so they are blind to each other.

The numbering, as you see, is arbitrary.  10.x.x.x just allows for more nodes on a flat network.  192.168.x.x is limited to 254 devices in a flat network.  The similar appearance of "192.168." does not make routing between networks any easier or harder.  Each network has a subnet mask of 255.255.255.0 - which means that only traffic with the same 3 of the address can talk.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Network Devices Audit Log 2 32
switch design question 6 42
Non Distrubtive Core Switch Repacement 8 32
Switched virtual interface on layer 2 switch 2 35
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question