need suggestion to create vlan for my network

currently in my environment I have 2 DCs, one is also acting as the DHCP server and VPN server. 1 file server and 2 applications servers. There are 100 work stations and all of them need access files on the file server. I just use NTFS permission for the folder access right.
I just got a layer 3 switch and wondering what is the best approach I can do so I can cut down the traffic and give better security on the network?

I found this useful article
Is the inter-vlan routing approach good for my environment? what will be the situations to use the other 2?
Who is Participating?
SouljaConnect With a Mentor Commented:
There will always be a point in the network that is a bottleneck. This is usually at the edge where the network touches the WAN. That being said, you want to contain most of your internal network routing to the distribution and access layers. This is where L3 switches come into play. It allows most internal routing to stay at the distribution layer (L3 switches usually) and not get routed up the edge router unless it's going to the WAN.

Now on the edge you can implement numerous options in regards to QOS to reduced the chances of congestion and/or prioritize traffic that exits to the WAN or enters from the WAN. You can also implement QOS in your LAN also.

Many options.
What exactly are you looking to accomplish by implementing multiple VLANs on your network?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
VLANs are used to segregate different network and I do it for following scenarios (few out of many we use):

1. Separate production network (PCL and DCS system running sawmill and pulp-mill operations devices) from business network (normal users needing email, etc.).  With this setup, we allow select machines from business network connect to certain machines on the production network to get data.  This is for security reasons to ensure malware, virus, etc do not affect production systems
2.  Create two networks where one network is used for Labs
3.  Create a separate network where users have access to the Internet only (i.e. Ethernet connections for auditors, contractors, etc.)
4.  VoIP (phone systems are on a separate network as they boot off TFTP server)
5  On-demand VLAN for DR purposes only

In your environment, all users will be accessing all the servers, why would you need to create VLANs?
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

You can organize your network in vlans suchs as putting your servers on one, separating your workstations by location or departments, i.e. vlan for 1st or 2nd floor, and for voice. It's pretty much up to you how you would like to design it. The main purpose is to reduce broadcast domain size and the ability to restrict access between the vlans.
okamonAuthor Commented:
what to do with the dhcp, file server and active directory if the workstations in different vlan?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
DHCP works fine as long as you assign IP Helper on the router. File server can be in the different vlan and traffic will be directed to different clan by layer-3 switch.

What Soulja siad can be done and it is done, however, if you one is to do that then one must ensure to use a layer-3 switch, otherwise, performance will suffer as the router would have to rout the traffic to different vlans.  Most routers are not gigabit yet and thus, it will be the bottleneck,.
okamonAuthor Commented:
so what is the best practice to avoid bottleneck?
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Use layer 3 switches
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.