Best Practice:  LAN / Network Design (IP Addressing) for 350 User NEW BUILDING.

AnyTech
AnyTech used Ask the Experts™
on
I am working with a web marketing startup that is transitioning to a larger building and am tasked with designing the network from scratch.  I am more of a hardware guy and do NOT have a background in Network Administration so I am looking for advice on how to proceed with this portion of the project.

I'm looking for the best way to create a scaleable network, that's easily manageable and provides room for things like VoIP and local network services (print servers etc...)

We have now purchased a Layer 3 Blade Switch (modular, 288 ports)

Is this a good plan or best practices???

1.)  Divide office into small networks (subnets?) using VLANs.  This keeps broadcast noise manageable on each VLAN.

VLAN 1 (Servers, Printers etc..) :      192.168.1.xxx
VLAN 2 (Engineering Users):             192.168.2.xxx
VLAN 3 (Sales/Marketing Users):       192.168.3.xxx
VLAN 4 (Management Users):            192.168.4.xxx
VLAN 100 (Phones):                           192.168.100.xxx
VLAN 200 (WiFi):                                 192.168.200.xxx - 192.168.205.xxx

2.)  Setup static routes on the switch to route between VLANS



What IP Scheme do I use?  Do I just stick with 192.168.x.x or do I go with 10.x.x.x ?  I know there are Class A, B and C ip ranges - but I don't really know what that means or when to use which...

Looking to be pointed in the right direction...  Experts-exchange-example.png
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Many go with 10.x.x.x (and I do as well) however 192.x.x.x is a standard internal networking IP range. VLANs are a good idea too.

Author

Commented:
I guess what I am wondering is if VLANs are the RIGHT way to accomplish what I am looking for?

Being a tech oriented company users are currently complaining that they can't reliably make VoIP calls from their workstations... Often getting notifications of "Network congested".  That is why I wish to break down the entire office into smaller groups (using VLAN).

BUT --  Are there consequences to VLANs?  i.e. I know a router will stop broadcast traffic. So if I had a user on 192.168.3.x (VLAN 3) and another user on 192.168.5.x (VLAN 5) -- Would they be able to see each others machines in "network neighborhood" or similar utilities WITHOUT specifically having to punch in their IP Address?

Would either of these users still be able to print to a printer on 192.168.1.x (VLAN 1)  (assuming routing on the switch was setup properly).

yes they should be still able to print, however you may want to have your subnets divded into floors of the building (if there are not too many users per floor) and have the printers on each floor part of the subnet if printers and other devices have been evil enough to you LOL.

I would go with the 192.x.x.x IP range as well becuase some applications are configured, be default to use this and you'd have to change the IPs in the applications to reflect a new IP range.

use a separate VLAN for a particular type of devices / applications may not be a good design
e.g. u put all file servers and printers in 192.168.1.x, all users from different departments have to access those resources. traffic will be centralized rather than distributed.
for a large organization, usually each division/department will have their own applications and printers. i'll separate the VLAN accordingly so that most of their traffic will be localized to their own VLAN. It is also easy to physically move a division/department away from the main office and connect via VPN.
If u anticipate no more than 254 devices on a VLAN, just stick to Class C subnet, i.e. 192.168.x.x. However if there is a high chance that u will go beyond that, u may use Class B as start.
P.S. putting all VoIP traffic in the same VLAN is also not good. if you have a lot of agents using VoIP in Sales/Marketing, u may want to further divide that into multiple VLANs to avoid network congestion.
Just a few notes

don't use /8 no mater how tempting it is, it will cause problems later, do use 10.x.x.0/24

As you are over 254 hosts I would probably 10.x.0.0/16 and have all computers (and internal WiFi)  in one VLAN and have the phones on a second VLAN. This is particularly of use if you run Apple devices as Bonjour is not a routable protocol.

If you want to split it up into different VLANS, then I would do it by department or floor not by device type (apart from phones)

Layer 3 switches can be fast, but don't let them be a bottleneck between users and servers.

Using "IP Helper" addresses works for getting DHCP across routers (or layer 3 switches), but many routers (and layer 3 switches) can only take a single IP helper address if you multi-home your DHCP servers then you can have multiple DHCP servers for each VLAN/subnet.

If you are on Windows 7, then just use DNS for name resolution, if you have XP machines, then running WINS can be useful (and painful at the same time:-)

If you have Network Congested issues with softphones, then you certainly have network issues, but splitting it up into VLANS will not resolve your issues, working out where your bottlenecks are is where you need to start.

What make/model is the new switch ?

Author

Commented:
ArneLovius,

This is helpful, exactly what I was wondering about bonjour not being routable.

I was trying to keep the network happy by keeping the machine count down.  All our users are heavy with their inernet usage...

Author

Commented:
ArneLovius,

This is helpful, exactly what I was wondering about bonjour not being routable.

I was trying to keep the network happy by keeping the machine count down.  All our users are heavy with their inernet usage...

Author

Commented:
Continued...  

I was trying to keep machine count down per segment of network as users using voip desktop clients (softphones) were experiencing frequent congestion.

We are running Apple Servers and are using a HP 5400 series blade switch.  The apple servers are LDAP, Print, and File services
 
Another thought to break up the network:
Previously I was running out of IPs on a single class c /24 with 100 users as each user gets 2 IPs on their laptops (one for wired eth, and a 2nd for wifi), then they typically have a iphone and ipad so some users were taking 4 IPs.

With this said, what's the best way to set this up?  What about the wifi as wifi users will still need access to LDAP Print and file services...

If you need more information let me know...
HP 5400zl are quite nice, I'm lookign at a pair of 5412's and another pair of  5406's :-)

I would certainly suggest applying QoS on every "desktop" port

I'd be happy with a  network of that size on a /16

You need to educate your users to not leave WiFi switched on on their laptops, Gigabit Ethernet is "always" quicker, and the more stations on the segment, the worse it is for everyone.

If you split up the network into multiple VLANS, even with routing between them (5400 series is okay for static routing) bonjour is "broken"...

If iPad users need to use airprint, the your internal WiFi _must_ be on the same VLAN as your printers.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial