mynet
asked on
VLAN assigments
Hello,
I am new to vlan and I just have a few questions. I have two buildings, each with its own core, distribution, and access. But everything is in vlan1. I am in the process of redesigning the vlan infrastructure. All of layer 2 stop at the distribution layer. From the distribution to the core, it is all layer 3. So I keep the vlan within the building. The two building communicates via MPLS. My questions are:
- For the management vlan, let say vlan 300. Can I use the same management vlan for both building? Or they have to be different?
- Do the vlans have to be unique throughout my two building network? Let say I have a user in building 1 with vlan 20 and and he moves to building 2 but still want to be in vlan 20. How will this work as there is a 1-to-1 mapping with vlan and subnet. In other words, I assign a subnet (vlan 20 = 10.10.10.10/24) in my distribution switch. Now if he moves to building 2, how will I configure the distribution switch in building 2?
Thanks
I am new to vlan and I just have a few questions. I have two buildings, each with its own core, distribution, and access. But everything is in vlan1. I am in the process of redesigning the vlan infrastructure. All of layer 2 stop at the distribution layer. From the distribution to the core, it is all layer 3. So I keep the vlan within the building. The two building communicates via MPLS. My questions are:
- For the management vlan, let say vlan 300. Can I use the same management vlan for both building? Or they have to be different?
- Do the vlans have to be unique throughout my two building network? Let say I have a user in building 1 with vlan 20 and and he moves to building 2 but still want to be in vlan 20. How will this work as there is a 1-to-1 mapping with vlan and subnet. In other words, I assign a subnet (vlan 20 = 10.10.10.10/24) in my distribution switch. Now if he moves to building 2, how will I configure the distribution switch in building 2?
Thanks
ASKER
"Now if you are doing it by department and you have departments split across buildings, you need to decide do you want the departments to be in separate IP subnets based on whcih building they are in or bit the bullet and bridge L2 between the building so that everybody in department X is in the same IP subnet no matter which building they are in"
This is what I am trying to understand. Cisco recommends to keep the vlan local. So if the department A in building 1 has vlan20 (10.20.20.20/24) and some of the users of department A is in building 2. I can then assign vlan20 in building 2 with different subnet, say 10.20.21.20/24. Then I can say that vlan20 is for department A. The users for department A can communicate with each other via layer 3. Does it sound right? Thx
This is what I am trying to understand. Cisco recommends to keep the vlan local. So if the department A in building 1 has vlan20 (10.20.20.20/24) and some of the users of department A is in building 2. I can then assign vlan20 in building 2 with different subnet, say 10.20.21.20/24. Then I can say that vlan20 is for department A. The users for department A can communicate with each other via layer 3. Does it sound right? Thx
How far apart are the buildings? What is the speed of the MPLS network?
this can only be possible if your core layer consist of layer 3 switches.
VLAN sharing is possible with switches(L2or3), they can share VLANs.
routers do not understand VLAN. they can only do routing between VLANs with the help of subinterfaces.
if you are using routers at core layer, this can't be possible.
But if you have router at core layer, then you can use VLAN separately.
VLAN sharing is possible with switches(L2or3), they can share VLANs.
routers do not understand VLAN. they can only do routing between VLANs with the help of subinterfaces.
if you are using routers at core layer, this can't be possible.
But if you have router at core layer, then you can use VLAN separately.
ASKER
The core is doing routing. All L2 is from access layer to the distribution layer. Not sure why you need to know the distance of the building and the speed of the MPLS network. We switch from access to distribution and we route from distribution to core. We also route between building. We can use any connectivity between buildings (fiber, MPLS, frame relay, T1, etc...). My question is if I assign vlan 20 to an access switch port in building 1, can I assign the same vlan 20 to an access port in building 2? If I want to keep my vlan local, I will assign a subnet to vlan20 in building 1 and another subnet to vlan20 in building 2. Is that the best practice?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
giltjr,
Thanks for the explanation. That is exactly what I wanted to find out.
Now by bridging 2 buildings, you meant build the trunk between the 2 building. Correct? If yes then I may as well use a provider that provides ethernet switch technology and build the trunk that way. Correct?
Thanks for the explanation. That is exactly what I wanted to find out.
Now by bridging 2 buildings, you meant build the trunk between the 2 building. Correct? If yes then I may as well use a provider that provides ethernet switch technology and build the trunk that way. Correct?
Now by bridging 2 buildings, you meant build the trunk between the 2 building. Correct?
Bridging is just bridging. It doesn't have anything to do with Trunks,...Trunks are for running more than one L3 Segment over the same cable,...which generally speaking,...is "bad" and a poor way to maximize the bandwidth capacity of the cabling.
If the links between the building is very fast,...and you don't end up with more than 200 machine per L3 Segment combining the building together,.... Bridging is fine,....
If you use WAN Links between the buildings,...or if you end up with more than 200 machines when combining the buildings together,... then you want each building to be a different subnet and use a L3 routed connection between the buildings. Although a hybrid option is to bridge across the buildings but then route into a new L3 Segment as soon as you jump the gap between the buildings. The hybrid is common when you jump the gap between the buildings using a Wireless Bridging technology such as Microwave,...so you jump the gap at L2 and dive right into L3 as soon as you get there.
Bridging is just bridging. It doesn't have anything to do with Trunks,...Trunks are for running more than one L3 Segment over the same cable,...which generally speaking,...is "bad" and a poor way to maximize the bandwidth capacity of the cabling.
If the links between the building is very fast,...and you don't end up with more than 200 machine per L3 Segment combining the building together,.... Bridging is fine,....
If you use WAN Links between the buildings,...or if you end up with more than 200 machines when combining the buildings together,... then you want each building to be a different subnet and use a L3 routed connection between the buildings. Although a hybrid option is to bridge across the buildings but then route into a new L3 Segment as soon as you jump the gap between the buildings. The hybrid is common when you jump the gap between the buildings using a Wireless Bridging technology such as Microwave,...so you jump the gap at L2 and dive right into L3 as soon as you get there.
Yes, setting up a L2 trunk that allows multiple tag'ed VLAN's to extend between the buildings.
It was not meant as a way to maximize bandwidth, as it will NOT do that. If anything it will waste bandwidth because of the extra traffic dealing with broadcasts.
However, if a user needed to be on a specific VLAN/IP subnet and moved from building#1 to building#2 and for some reason had to be on the same VLAN/IP subnet, then the only way to accomplish that is to create a L2 bridge between the two building allow at least that VLAN to extend between the buildings.
In the original question he asked what would happen of a user moved from building#1 to building#2 and wanted to be on the same VLAN. So I provided an option that would allow that, assuming it was really meant to ask if he wanted/needed to be on the same IP subnet.
It was not meant as a way to maximize bandwidth, as it will NOT do that. If anything it will waste bandwidth because of the extra traffic dealing with broadcasts.
However, if a user needed to be on a specific VLAN/IP subnet and moved from building#1 to building#2 and for some reason had to be on the same VLAN/IP subnet, then the only way to accomplish that is to create a L2 bridge between the two building allow at least that VLAN to extend between the buildings.
In the original question he asked what would happen of a user moved from building#1 to building#2 and wanted to be on the same VLAN. So I provided an option that would allow that, assuming it was really meant to ask if he wanted/needed to be on the same IP subnet.
Sounds like we are in complete agreement.
I prefer to talk him out of even allowing a situation of "..if a user wants to move to another building and stay in same subnet....".
It is a domino effect thing,...if you don't create a situation where it matters what subnet the use is in,...then it won't matter if the user is going to end up in a different subnet when they move to another building. Except for Server, printers, and networking hardware,...it should never matter what IP a machine has to start with, therefore it doesn't matter what subnet it is in.
If a person can roll the string of choices back to the beginning and stop the first bad decision from being made then the 2nd, 3rd, 4th, and 5th bad decisions (dominos) will never happen. It is sometimes a fight getting people to change their thinking, but a fight worth fighting,...in all the years I been doing this,...I usually win when it is an "in person" situation,...internet forums not so much.
I prefer to talk him out of even allowing a situation of "..if a user wants to move to another building and stay in same subnet....".
It is a domino effect thing,...if you don't create a situation where it matters what subnet the use is in,...then it won't matter if the user is going to end up in a different subnet when they move to another building. Except for Server, printers, and networking hardware,...it should never matter what IP a machine has to start with, therefore it doesn't matter what subnet it is in.
If a person can roll the string of choices back to the beginning and stop the first bad decision from being made then the 2nd, 3rd, 4th, and 5th bad decisions (dominos) will never happen. It is sometimes a fight getting people to change their thinking, but a fight worth fighting,...in all the years I been doing this,...I usually win when it is an "in person" situation,...internet forums not so much.
However, you can not share IP subnets. VLAN20 in building #1 should be a different subnet than from building #2.
Users should not care what VLAN they are on. Users should not even know what VLAN they are on. All they should know is they can get to the resources they need.
Now what why/how are you grouping people. By floor, by department, or something else?
If by floor, then you could something like:
VLAN10y = 10.x.y.0/24
Where X = 1 or 2 for building 1 or building 2 and Y = the floor they are on.
Now if you are doing it by department and you have departments split across buildings, you need to decide do you want the departments to be in separate IP subnets based on whcih building they are in or bit the bullet and bridge L2 between the building so that everybody in department X is in the same IP subnet no matter which building they are in.