readymade
asked on
VLan questions
I am looking to implement vlans on our network soon. I thought of starting by segmenting:
management
servers
dhcp
printing
wireless
Anything else I should separate?
If i'm not worried much about security, can I just allow the switches to be managed on any of the Vlans?
Do I need the dhcp server to be on the dhcp vlan? I'm guessing so.
Do I need the print server to be in the same vlan as the printers? I 'm guessing not. Is there any advantage one way or the other?
Any other useful tidbits on vlans that might be helpful to somebody just starting out?
Thanks!
management
servers
dhcp
printing
wireless
Anything else I should separate?
If i'm not worried much about security, can I just allow the switches to be managed on any of the Vlans?
Do I need the dhcp server to be on the dhcp vlan? I'm guessing so.
Do I need the print server to be in the same vlan as the printers? I 'm guessing not. Is there any advantage one way or the other?
Any other useful tidbits on vlans that might be helpful to somebody just starting out?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I wouldn't label DHCP VLAN as such because you may have multiple VLANs that require DHCP. In my environment I use multiple DHCP VLANs with the following VLAN name types General Users, Guest WiFi, BYOD (for our Account Executives/Sales), Executives, Finance, IT, etc... that are all DHCP VLANs. DHCP server resides on the corporate server VLAN. I use IP helper-address to DHCP relay traffic back to the corporate server VLAN.
For my IP addressing scheme I use a 10.SITE.VLAN.HOST/24 structure, which I then logically group up based on VLAN categories as well as segment the groups based on wildcard masks. Ultimately, grouping the categories in (2, 4, 8, 16, 32, etc..) bit segments. This grouping enables you to streamline your ACLs into single line ACL commands. Also, this architecture allows you to scale your environment from a small group of VLANs to as many as 256 VLANs. FYI... For my architecture I don't use 0 or 255 in the third octet (personal preference). For my WAN connections I use a 10.0.SITE.HOST/30 structure to blend logically with the 10.SITE.VLAN.HOST structure.
FYI... My printer are grouped up on multiple VLANs based on floors and Print Server is located on the corporate VLAN along with other servers (AD (DHCP/DNS), File (DFSR),
Exchange, Print, etc...). In addition, my business specific Production servers reside in their respective VLAN(s). Our purpose for using type of VLAN design is to logically segment traffic based on typical Broadcast Storms and Security scenarios.
For my IP addressing scheme I use a 10.SITE.VLAN.HOST/24 structure, which I then logically group up based on VLAN categories as well as segment the groups based on wildcard masks. Ultimately, grouping the categories in (2, 4, 8, 16, 32, etc..) bit segments. This grouping enables you to streamline your ACLs into single line ACL commands. Also, this architecture allows you to scale your environment from a small group of VLANs to as many as 256 VLANs. FYI... For my architecture I don't use 0 or 255 in the third octet (personal preference). For my WAN connections I use a 10.0.SITE.HOST/30 structure to blend logically with the 10.SITE.VLAN.HOST structure.
FYI... My printer are grouped up on multiple VLANs based on floors and Print Server is located on the corporate VLAN along with other servers (AD (DHCP/DNS), File (DFSR),
Exchange, Print, etc...). In addition, my business specific Production servers reside in their respective VLAN(s). Our purpose for using type of VLAN design is to logically segment traffic based on typical Broadcast Storms and Security scenarios.
ASKER
Good info. What about a management vlan? For management of the switches.
Remember, i'm just starting out with the VLans, so I don't want to get too complicated in the beginning. Can I just make management of the switches possible on any of the VLans at first?
Remember, i'm just starting out with the VLans, so I don't want to get too complicated in the beginning. Can I just make management of the switches possible on any of the VLans at first?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You're getting a little above my head. These are layer 3 switches. So if I, say, wanted to manage the switch on the management vlan while i'm on my laptop on another vlan.....I would just need routing between the dhcp and management vlans, right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Or I can have static routes, right?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We have layer 3 switches. I can do the routing.
DHCP Vlan would be clients. Desktops, laptops. If putting the dhcp server on the dhcp vlan is easier, that is fine I think. I assume I wouldn't need a relay then.
Yes moving all printers to one vlan.
Mostly the reason is to segment broadcast traffic. We are growing rapidly, so that is important, and security will become more important.