network redesign - VLAN/Subnetting

I'm in the process of building out a new facility and would like some input on the redesign of our network.  Currently we have 2 buildings with a very flat network design:
Building A: /24
Building B: /24
The buildings are connected via point-to-point T1 routing traffic via older Cisco 1700 on Gateways and

Our new layout is a bit more complex and I would appreciate some assistance.
Building A:
 - Primary Network on 192.168.1.x
 - IP Phone on 192.168.2.x
Building B:
 - Primary Network on 192.168.10.x
 - Call Center Network on 192.168.11.x
 - IP Phone on 192.168.12.x
 - Misc equipment DMZ on 192.168.13.x
 - IP CCTV on 192.168.14.x
Both buildings are now connected via point-to-point DS3, plus Internet, and was planning on having our firewall act as the primary gateway between the buildings and the subnets.  There is not a ton of traffic between the two buildings, but there are users at each building that need access to other's networks.

I have never really played with VLAN's before and I'm not sure of the benefit of VLAN over subnetting--at least in this scenario.  I would like to keep our network as flat and simple as possible, if there is such a thing anymore.
Who is Participating?
gsmartinManager of ITCommented:
The purpose of VLANs are for security purposes and to segment broadcast storms.

What is your user and network device count for each building?

What is the distance between building?

Do you have users on multiple floors at each building?

Where and what are your server resources for each building?

Was an Ethernet Private Line or other type of fiber connection considered between buildings vs DS3?

Do you have layer 3 switches in your network?

Does each building have its own Internet connection via what type if circuit (DS3 or T1)?  What other circuits does each site have?

Ultimately, if possible you want to run fiber if possible between the building depending on the distance or an Ethernet Private Line w/ Q-in-Q, which will allow you to span layer 2 between the buildings.  This of course depends on the answers to the above questions.  Preferably, you want to Ho from a decentralized architecture to a centralized architecture.  Typically, the corporate office has all of the server resources with a much smaller foot at the remote sites.  This way as the business grows its more dynamic.  A decentralized network and server infrastructure can be very costly and harder to support and manage overtime as the business grows.

Also, VLANs are important to secure certain networks from eachother and to isolate other broadcast traffic from impeding other network traffic.  Traditionally, in a multi-protocol environment you don't want your network segments larger than 200+ network devices per segment.  However, IP only networks can be larger, but from a design perspective I keep my networks no larger than /24.  In my infrastructure, I use a 10.SITE.VLAN.HOST/24 architecture, which can scale out however you need.
Your redesign sounds reasonable to me.

If you understand your current setup, your new setup isn't that much different.  But instead of just a single subnet/LAN at each building, you have multiple 'virtual' LANs and multiple subnets.

From a layer 3/routing perspective, this is what your current network looks like:-
This is what you want it to look like (I haven't drawn all the vlans - you get the general idea):-
Building B has 5 vlans/subnets.  Chances are your firewall isn't going to have that many interfaces.  So you will need to use a vlan trunk (a fancy way of saying 1 wire carry several vlans), and then create 5 logical 'sub-interfaces' in the firewall config (one for each vlan/subnet).

To understand vlans and subnets will need some reading.  I'm sure wiki will do a much better job of explaining such things than I can here.
jeffcohenAuthor Commented:
Currently most, if not all of our switches are Dell PowerConnect 28xx series. I believe they are Layer 3 aware only.  However, due to the nature of our business, we will be replacing the majority of our switches in our new Building B.  
In answer to the questions about our network, and size...  We are not very large in that we have around 30-40 employees in each building plus all the related gadgets like printers and such.  Probably totalling less than 90-100 devices in each building -- plus the new IP phone system which will add around 50 devices per building on their own network.  
Each building has their own servers for file serving/print serving as well as applications.  However we have one Exchange server for the enitre organization at Building A.  Finally one of our goals is to provide remote site data storage and disaster recovery at each facility.  
Our dedicated pipe is actually an OC3 SONET Ring that is broken into 2 DS3 for network plus multiple DS1 for PRI, T1, Internet, etc.  By having our Firewall act as a router we bridge the two buildings via the DS3's and then have failover via Internet T1 (one at each location) via VPN.
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.