VLAN's vs non-VLAN's

Hi All

I'll try to keep this as simple as I can but with as much info as possible so bare with me

I inherited my work network about a year ago and its something that has just grown organically over time with every single switch being simple unmanaged units - currently its a flat network. I have recently introduced a Cisco 2960 as a core device connecting all the servers into it along with uplinks to all the other main switches in the main building, the firewall and links to other sites.

An opportunity has arisen (due to an office move) to get some budget to improve the network and also to purchase an IP Phone system to replace our ageing digital system. My plan is to purchase 2 more 2960 switches and stack them with the existing unit to improve connectivity between desktop pc's and servers.

At present we're running a addressing scheme and have the following ranges in use - Servers
10.0.1.x. - Desktops (no internet access)
10.0.2.x - Desktops (Full internet access)
10.0.3.x - Desktops (limited internet access)
10.0.4.x - Printers
10.0.5.x - Wireless Infrastructure
10.0.6.x - Time management devices (clock machines)
10.0.7.x - IP Phones on our current digital system
10.0.8.x - IP CCTV Cameras
10.0.9.x - Mobile phones

My plan is to subnet things off and go for - PC's, printers, wireless, time management, mobile phones (VLAN1) - IP CCTV (generates HUGE amounts of data) (VLAN5) - NEW VoIP System (VLAN10)

The idea is to run the VoIP on a physically seperate network (seperate switches) from the rest of the network as we dont have QoS switches anywhere on the current LAN and use a Layer 3 switch to route between VLAN's

The VLAN1 and VLAN10 will need to have some crossover due to desktop apps that coexist with the phone system but no traffic from VLAN5 and 10 should ever meet.

To save money the management are not keen on buying in 2 x 2960 devices but just the one and reusing one of our current unmanaged devices on an uplink from the 2960 stack.

This obviously means that I'll have a mixture of VLAN tagged and non-VLAN tagged traffic at the network core, I'm not worried about outside of the core where there are only a couple of devices per switch etc... but I'm concerned that I wont be able to guarantee a service level .

I know that there will be flaws in the way I've thought about moving forward but in the absence of anybody with any knowledge at work to bounce things off, I need some help in getting the best possible network design based on replacing a few key switches

If anybody is still reading, thank you very much!!! :) Any and ALL suggestions are very welcome.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Aaron TomoskySD-WAN SimplifiedCommented:
Don't set anything as vlan1 as that's the default for untagged traffic. Most setups use vlan10 vlan20 vlan30 etc...
Check out netgear smart switches as a lower cost alternative since your 2960's cost way more.

Yes don't use vlan 1, I'll call it vlan 20.  I don't understand how the traffic from vlan 10 will get to vlan 20.  We have 2960s and they are just layer 2 switches so I think you'll need a router.  A coworker was telling me that newer 2960s do intra-vlan routing but I've never seen it.  We use 3750s for that.  
scartwrightadminAuthor Commented:
I was planning on using a 3560x to do vlan routing, would that work if I set the IP if the 3560 as default gateway on the 2960's? Would the unmanaged switches have a problem with the tagged traffic? Will I run into qos issues with the voip traffic?

I realise the issue with vlan1 and it just means I need to reconfigure my current device
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

scartwrightadminAuthor Commented:
Also @aarontomosky I was looking at 2960's to stack to get the benefit of more bandwidth between desktop and servers. I'm sure that would mean better performance than switches uplinked over 1Gbps?
Some things you need to think about if adopting IP telephony, especially if you are going to keep it physically separate;
What will you be using to power the handsets? The usual solution is to use a switch that provides Power over Ethernet or you could use a multi port midspan power injector- which is yet another device.
You will need two ethernet connections for each desk, one for the PC and another for the phone i.e. double the number of network points, double the number of cables, double the number of switches and more work for you.

More generally, you need to look at what issuses you have with the current network design and what can be done to make your job easier. Personally, unmanaged switches can be used for casual use but don't offer the features like quality of service and protection needed in a corporate environment.
scartwrightadminAuthor Commented:
I'm planning on Cisco small business PoE to power the phones and have provisioned for 2x Ethernet points per desk.
When you say Cisco small business PoE, is this the Cisco Small Business Smart switches? Will the port PoE restrictions be a problem? - 12 ports for 7.5W, 6 ports only for the 24 port model should you need the full 15.4W.
scartwrightadminAuthor Commented:
@frabble, yes those are the ones. The phones we're looking at only draw 4.8w or thereabouts so I don't anticipate any issues. The 48 port units have a total power output of 375w
IMHO - some points tho throw out:
1. having separate networks for voice and data is a total waste of money. A simple VLAN segregation is more than adequate. Segregating your current single network into multiple vlans is absolutely the right thing to do.
2. 2960S can do basic layer3 routing (yeah, I know and I lost a bet on that one). don't waste money on the 3560. You get full QoS on the 2960S stack as well
3. Stack module is best feature of the 2960S's
4. As long as you have Gig uplinks to all the other switches, Qos really doesn't come into play much anyway.
5. you can put that entire low-end switch on a vlan access port and still segregate the traffic on that switch into any vlan
6. I hope you can convince the purse sting holders to loosen up and give you the tools to do it right. Yes, it may cost a little more $$ up front, but the increase in production, decrease in problems, and less of your time to "manage" it will more than pay for itself rather quickly. Be sure to add that the 2960S switches have a limited LIFETIME warranty.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
scartwrightadminAuthor Commented:

1. Our thinking was that we have no QoS on the network now and only 2 switches that are even capable of QoS and VLAN's etc... Keeping the traffic completely seperate until it gets to the "core" gives the VoIP data a clean network to run over
2. Apparently they can be configured for it but its not working at the moment Cisco Forums
3. I love the stacking feature!!
4. So 1Gbps should be enough bandwidth even under heavy loads with no QoS? I'm split on whether this will be the case or not
5. Can you elaborate? If I connect it to an access port, on say VLAN10 - wont the Cisco expect all traffic to be VLAN10 or will it also pass untagged traffic using VLAN1? Am i understanding this correctly?
6. Me too! Fingers crossed. The good thing is that if the next IOS release fixes the routing bug on these devices, then I can scrap the 3560X idea and use that saving to purchase another 2960S :)
5. If I set a switchport to access vlan 10 and connect an unmanaged switch to it, then everything connected to that switch will be on Vlan 10, even though that unmanaged switch does not tag anything.
Hope that makes sense..
scartwrightadminAuthor Commented:
So if I was to follow the above but mix the traffic on an unmanaged switch, I would see problems wouldn't i? Could I set the port as a trunk port?
Yes, if you mix traffic on one unmanged switch, it all ends up on the same VLAN in the rest of the network.
No. Trunk ports are only viable when connecting to another VLAN-aware switch.
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.