Avatar of AnyTech
AnyTech
 asked on

Best Practice: LAN / Network Design (IP Addressing) for 350 User NEW BUILDING.

I am working with a web marketing startup that is transitioning to a larger building and am tasked with designing the network from scratch.  I am more of a hardware guy and do NOT have a background in Network Administration so I am looking for advice on how to proceed with this portion of the project.

I'm looking for the best way to create a scaleable network, that's easily manageable and provides room for things like VoIP and local network services (print servers etc...)

We have now purchased a Layer 3 Blade Switch (modular, 288 ports)

Is this a good plan or best practices???

1.)  Divide office into small networks (subnets?) using VLANs.  This keeps broadcast noise manageable on each VLAN.

VLAN 1 (Servers, Printers etc..) :      192.168.1.xxx
VLAN 2 (Engineering Users):             192.168.2.xxx
VLAN 3 (Sales/Marketing Users):       192.168.3.xxx
VLAN 4 (Management Users):            192.168.4.xxx
VLAN 100 (Phones):                           192.168.100.xxx
VLAN 200 (WiFi):                                 192.168.200.xxx - 192.168.205.xxx

2.)  Setup static routes on the switch to route between VLANS



What IP Scheme do I use?  Do I just stick with 192.168.x.x or do I go with 10.x.x.x ?  I know there are Class A, B and C ip ranges - but I don't really know what that means or when to use which...

Looking to be pointed in the right direction...  Experts-exchange-example.png
Network ArchitectureNetwork ManagementNetwork Security

Avatar of undefined
Last Comment
ArneLovius

8/22/2022 - Mon
remixedcat

Many go with 10.x.x.x (and I do as well) however 192.x.x.x is a standard internal networking IP range. VLANs are a good idea too.
AnyTech

ASKER
I guess what I am wondering is if VLANs are the RIGHT way to accomplish what I am looking for?

Being a tech oriented company users are currently complaining that they can't reliably make VoIP calls from their workstations... Often getting notifications of "Network congested".  That is why I wish to break down the entire office into smaller groups (using VLAN).

BUT --  Are there consequences to VLANs?  i.e. I know a router will stop broadcast traffic. So if I had a user on 192.168.3.x (VLAN 3) and another user on 192.168.5.x (VLAN 5) -- Would they be able to see each others machines in "network neighborhood" or similar utilities WITHOUT specifically having to punch in their IP Address?

Would either of these users still be able to print to a printer on 192.168.1.x (VLAN 1)  (assuming routing on the switch was setup properly).

remixedcat

yes they should be still able to print, however you may want to have your subnets divded into floors of the building (if there are not too many users per floor) and have the printers on each floor part of the subnet if printers and other devices have been evil enough to you LOL.

I would go with the 192.x.x.x IP range as well becuase some applications are configured, be default to use this and you'd have to change the IPs in the applications to reflect a new IP range.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
raysonlee

use a separate VLAN for a particular type of devices / applications may not be a good design
e.g. u put all file servers and printers in 192.168.1.x, all users from different departments have to access those resources. traffic will be centralized rather than distributed.
for a large organization, usually each division/department will have their own applications and printers. i'll separate the VLAN accordingly so that most of their traffic will be localized to their own VLAN. It is also easy to physically move a division/department away from the main office and connect via VPN.
If u anticipate no more than 254 devices on a VLAN, just stick to Class C subnet, i.e. 192.168.x.x. However if there is a high chance that u will go beyond that, u may use Class B as start.
P.S. putting all VoIP traffic in the same VLAN is also not good. if you have a lot of agents using VoIP in Sales/Marketing, u may want to further divide that into multiple VLANs to avoid network congestion.
ASKER CERTIFIED SOLUTION
ArneLovius

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
AnyTech

ASKER
ArneLovius,

This is helpful, exactly what I was wondering about bonjour not being routable.

I was trying to keep the network happy by keeping the machine count down.  All our users are heavy with their inernet usage...
AnyTech

ASKER
ArneLovius,

This is helpful, exactly what I was wondering about bonjour not being routable.

I was trying to keep the network happy by keeping the machine count down.  All our users are heavy with their inernet usage...
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
AnyTech

ASKER
Continued...  

I was trying to keep machine count down per segment of network as users using voip desktop clients (softphones) were experiencing frequent congestion.

We are running Apple Servers and are using a HP 5400 series blade switch.  The apple servers are LDAP, Print, and File services
 
Another thought to break up the network:
Previously I was running out of IPs on a single class c /24 with 100 users as each user gets 2 IPs on their laptops (one for wired eth, and a 2nd for wifi), then they typically have a iphone and ipad so some users were taking 4 IPs.

With this said, what's the best way to set this up?  What about the wifi as wifi users will still need access to LDAP Print and file services...

If you need more information let me know...
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.