network redesign - VLAN/Subnetting

Posted on 2012-08-27
Last Modified: 2016-01-04
I'm in the process of building out a new facility and would like some input on the redesign of our network.  Currently we have 2 buildings with a very flat network design:
Building A: /24
Building B: /24
The buildings are connected via point-to-point T1 routing traffic via older Cisco 1700 on Gateways and

Our new layout is a bit more complex and I would appreciate some assistance.
Building A:
 - Primary Network on 192.168.1.x
 - IP Phone on 192.168.2.x
Building B:
 - Primary Network on 192.168.10.x
 - Call Center Network on 192.168.11.x
 - IP Phone on 192.168.12.x
 - Misc equipment DMZ on 192.168.13.x
 - IP CCTV on 192.168.14.x
Both buildings are now connected via point-to-point DS3, plus Internet, and was planning on having our firewall act as the primary gateway between the buildings and the subnets.  There is not a ton of traffic between the two buildings, but there are users at each building that need access to other's networks.

I have never really played with VLAN's before and I'm not sure of the benefit of VLAN over subnetting--at least in this scenario.  I would like to keep our network as flat and simple as possible, if there is such a thing anymore.
Question by:jeffcohen
    LVL 7

    Assisted Solution

    Your redesign sounds reasonable to me.

    If you understand your current setup, your new setup isn't that much different.  But instead of just a single subnet/LAN at each building, you have multiple 'virtual' LANs and multiple subnets.

    From a layer 3/routing perspective, this is what your current network looks like:-
    This is what you want it to look like (I haven't drawn all the vlans - you get the general idea):-
    Building B has 5 vlans/subnets.  Chances are your firewall isn't going to have that many interfaces.  So you will need to use a vlan trunk (a fancy way of saying 1 wire carry several vlans), and then create 5 logical 'sub-interfaces' in the firewall config (one for each vlan/subnet).

    To understand vlans and subnets will need some reading.  I'm sure wiki will do a much better job of explaining such things than I can here.
    LVL 8

    Accepted Solution

    The purpose of VLANs are for security purposes and to segment broadcast storms.

    What is your user and network device count for each building?

    What is the distance between building?

    Do you have users on multiple floors at each building?

    Where and what are your server resources for each building?

    Was an Ethernet Private Line or other type of fiber connection considered between buildings vs DS3?

    Do you have layer 3 switches in your network?

    Does each building have its own Internet connection via what type if circuit (DS3 or T1)?  What other circuits does each site have?

    Ultimately, if possible you want to run fiber if possible between the building depending on the distance or an Ethernet Private Line w/ Q-in-Q, which will allow you to span layer 2 between the buildings.  This of course depends on the answers to the above questions.  Preferably, you want to Ho from a decentralized architecture to a centralized architecture.  Typically, the corporate office has all of the server resources with a much smaller foot at the remote sites.  This way as the business grows its more dynamic.  A decentralized network and server infrastructure can be very costly and harder to support and manage overtime as the business grows.

    Also, VLANs are important to secure certain networks from eachother and to isolate other broadcast traffic from impeding other network traffic.  Traditionally, in a multi-protocol environment you don't want your network segments larger than 200+ network devices per segment.  However, IP only networks can be larger, but from a design perspective I keep my networks no larger than /24.  In my infrastructure, I use a 10.SITE.VLAN.HOST/24 architecture, which can scale out however you need.

    Author Comment

    Currently most, if not all of our switches are Dell PowerConnect 28xx series. I believe they are Layer 3 aware only.  However, due to the nature of our business, we will be replacing the majority of our switches in our new Building B.  
    In answer to the questions about our network, and size...  We are not very large in that we have around 30-40 employees in each building plus all the related gadgets like printers and such.  Probably totalling less than 90-100 devices in each building -- plus the new IP phone system which will add around 50 devices per building on their own network.  
    Each building has their own servers for file serving/print serving as well as applications.  However we have one Exchange server for the enitre organization at Building A.  Finally one of our goals is to provide remote site data storage and disaster recovery at each facility.  
    Our dedicated pipe is actually an OC3 SONET Ring that is broken into 2 DS3 for network plus multiple DS1 for PRI, T1, Internet, etc.  By having our Firewall act as a router we bridge the two buildings via the DS3's and then have failover via Internet T1 (one at each location) via VPN.
    LVL 68

    Expert Comment

    I've requested that this question be deleted for the following reason:

    The question has either no comments or not enough useful information to be called an "answer".

    Featured Post

    Netscaler Common Configuration HowTo guides

    If you use NetScaler you will want to see these guides. The NetScaler HowTo Guides enable administrators to get NetScaler up and running by providing instructions for common configuration scenarios and some not so common ones.

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    Asymmetric Routing (Firewall) 3 40
    asa failover 3 30
    Terminating connections by ip address 2 25
    My smart TV isn't so smart 14 37
    AWS has developed and created its highly available global infrastructure allowing users to deploy and manage their estates all across the world through the use of the following geographical components   RegionsAvailability ZonesEdge Locations  Wh…
    Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now