Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Advice Creating VLANs

Options
  • 01-12-2011 10:11am
    #1
    BobTheBeat
    Registered Users Posts: 1,048 ✭✭✭


    Im hoping you could be of assistance in helping me to draw up and implement a design for a small network I have in place at my work office.


    Currently, everything is spread across two buildings, B1 and B2.
    B1 has its own subnet (192.168.0.0/24), and has a Sonicwall NSA2400 as its gateway/Router/Firewall, into which a standard internet connection is also terminated.
    B2 also has its own subnet (192.168.3.0/24), and has a Cisco 1801 (RTR2) as its primary gateway and router.
    B1 and B2 are interconnected via an ipSec VPN, by means of two Cisco Aironet 1200 series AP’s in bridged mode. B2 has one AP connected to FA 0/2. B1 also has an 1801 (RTR1), into which the other AP is terminated, on FA 0/2.



    Traffic bound from B1 to B2 is routed to B1’s LAN interface on RTR1.
    Traffic bound from B2 to B1 is routed out the AP interface on RTR2.


    Currently, both subnets host a mix of Servers, PC’s, Phones and Wireless Clients (Both Corporate and Guest) with Laptops/Smart Phones. There is no separation between any of these devices, and all are in the same broadcast domain within their respective subnets.

    My plan is to create a number of VLANs into which these device groups would be placed. The way I see it they can be broken down into the following:-

    1. Corporate LAN PCs/Peripherals(printers etc),

    2. Servers

    3. Phones

    4. Corporate Wireless Clients,

    5. Visitor Wireless Clients.



    Traffic flow should only take place between:-
    1. Phones to each other, LAN interface of PABX
    2. PCs to one another, Network peripherals, Servers, Internet
    3. Corporate Wireless Clients as per PC’s above
    4. Visitor Wireless Clients only to internet
    5. Servers to each other ,Corporate PC’s and Wireless Clients

    My knowledge of VLAN implementation is limited, so please bear with me on any suggestions you might have. I do have working knowledge of the CLI.
    Equipment I currently have a 2960 switch at both locations. I also have two Aironet 1042’s, upon which it is possible to configure per SSID vlan ID’s. Anything else that needs to be purchased can be considered.


    As I am relatively new to this side of things, can you advise what is the best way to conceptually proceed with this?


Comments

  • Options
    #2
    rolion
    Closed Accounts Posts: 3,362 ✭✭✭rolion


    Nice one...
    Are you internal IT Support staff member OR external IT Consultant ?

    Few Qs,thanks in advance :

    how many users
    how many PCs
    how many servers
    how many phones
    how many printers
    how many wifi users
    how many wifi guests


    what IOS v on 2960 and warranty
    2960 switch - how many ports
    what IOS v on 1200 WAP and warranty
    NSA2400- i expect Enhanced OS and what warranty left on it

    Can you list the servers and their use/functionality/quick network specwise

    IP Phones - type and connection to wall / to PC

    What vintage of PCs,what type of NICs in them (100/1000)

    In which building(s) are located servers
    The speed between buildings on Wifi link
    Can you run cabled / wired link between B1 and B2

    Why do you have two internet routers,internet access points !?
    Who is the primary internet gateway for internet traffic inside
    Who is the primary internet gateway for VPN traffic

    How many departments,their logical and physical layout map
    Where are located "Senior" People on this map
    What budget you have in mind /available
    What business type,what kind of expected level of service,failure and recovery time
    What data volume,traffic type,data usage / login time per users,per building,per server
    What time frame do close the install


  • Options
    #3
    NullZer0
    Registered Users Posts: 1,629 ✭✭✭NullZer0


    Looks like you just want some routed VLAN's (or that basic concept at least).
    Given that you are using a 2960, you'll need to do router on a stick to achieve that.
    http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml

    Don't know much about the wireless.


  • Options
    #4
    BobTheBeat
    Registered Users Posts: 1,048 ✭✭✭BobTheBeat


    Hi Rolion, thank you for your interest! Internal Support staff member here.
    See My answers inline.
    rolion wrote: »
    Nice one...
    Are you internal IT Support staff member OR external IT Consultant ?

    Few Qs,thanks in advance :

    how many users 100+ between the two buildings
    how many PCs 60+
    how many servers 30 physical (actual 50, inclusive of VM's)
    how many phones 20+
    how many printers 10+
    how many wifi users <20 at any one time
    how many wifi guests At most 10


    what IOS v on 2960 and warranty Dont have this info to hand,wont be back in the office until mid week, purchased just 6 months ago
    2960 switch - how many ports 24
    what IOS v on 1200 WAP and warranty Again, dont have it to hand, but it would be bog standard
    NSA2400- i expect Enhanced OS and what warranty left on it Enhanced OS, out of warranty

    Can you list the servers and their use/functionality/quick network specwise
    Without going into too much detail, approximately 10 SQL servers, 5 Terminal Servers, 10+ Mixed role (Sharepoint etc), 5+ Web Servers, 3 Mail, 2 Storage. Servers are generally Gigabit enabled
    IP Phones - type and connection to wall / to PC Nortel i2002/2004 - Generally connected to the infrastructure on separate wall jacks to pc's

    What vintage of PCs,what type of NICs in them (100/1000) 95% of the pcs are <2 years, HP mostly, Mixed 10/100, 1000

    In which building(s) are located servers B1 hosts all the production servers
    The speed between buildings on Wifi link Licensed 2.4/5Ghz band, running at 54Mb
    Can you run cabled / wired link between B1 and B2 There is an option to build a circuit through Fibre.

    Why do you have two internet routers,internet access points !?
    There are two routers, but only one internet access point per sé. We have a secondary internet access point in B2, but its for testing/future use/backup
    Who is the primary internet gateway for internet traffic inside B1 and accordingly R1 is the primary internet gateway
    Who is the primary internet gateway for VPN traffic R1 is the primary internet gateway for VPN traffic

    How many departments,their logical and physical layout map 8 Departments, Majority in B1, 3 in B2
    Where are located "Senior" People on this mapSenior People in B2
    What budget you have in mind /available Up for discussion
    What business type,what kind of expected level of service,failure and recovery time Manufacturing environment, not heavily IT dependant, but hosted services such as Email/Web Sites/Sales and Order entry all require maximum uptime.
    What data volume,traffic type,data usage / login time per users,per building,per server Data Volume/Usage I wouldnt have to hand, Traffic type is nothing hefty 100Mbit Fibre at B1 avgs around 20-30% on any given week. Login time for local users is standard 8-5, Certain Hosted services accessed from 1am onwards.
    What time frame do close the install No time frame established, as of right now initial approval to explore the project has been given


    Hopefully that fills in some of the blanks. Let me know if you need more info. Im hoping to do as much of the work as possible, and wouldnt really be open to bringing on a contractor/consultant until I have explored whats involved.

    Thanks again!


  • Options
    #5
    BobTheBeat
    Registered Users Posts: 1,048 ✭✭✭BobTheBeat


    iRock wrote: »
    Looks like you just want some routed VLAN's (or that basic concept at least).
    Given that you are using a 2960, you'll need to do router on a stick to achieve that.
    http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml

    Don't know much about the wireless.

    Thanks iRock, Im familiar with the concept of router on a stick. If the 2960 was replaced with a device with layer three capability, would I be in a better position?
    Is what Im planning doable with just the 2960 (s) ?

    Edit: I was having a think about the Wireless part, and like you I was also unsure. It then occurred to me that perhaps it would be setup like a trunk port, where the switch would be setup to expect multiple VLAN incoming from the Access point. ?


  • Options
    #6
    UDP
    Closed Accounts Posts: 1,188 ✭✭✭UDP


    BobTheBeat wrote: »
    Thanks iRock, Im familiar with the concept of router on a stick. If the 2960 was replaced with a device with layer three capability, would I be in a better position?
    Is what Im planning doable with just the 2960 (s) ?
    You would because you would get higher bandwidth when routing between VLANs but Layer 3 switches are a fair bit more expensive than Layer 2 switches. You could get a Cisco 3560 to do the job. Cost about 2-3k. Ideally you would have 2x 2960 and 2x 3560 for redundancy.


  • Advertisement
  • Options
    #7
    rolion
    Closed Accounts Posts: 3,362 ✭✭✭rolion


    Router on a stick works fine when you do training,playing in your home lab or in a simulator...

    We have to get switches around logical/physical/traffic level layout...
    I was thinking,from behind a cup of coffee,that one/two 48p 1G L3 switch(es) dedicated to servers ONLY ,linked to two/four 24/48p 1G L2 switched for cabinet / desktop access level will make more sense.
    Also,Two/Four Channels from servers to main core switch,then a trunking from core switch to desktop's switch with possible etherchannels boundled too.

    All servers (or some,based on access,function,traffic,physical) might need dual/quad nic cards installed or enabled if present already to create NIC Teams.
    We have to analyse the physical against virtual servers layout.


    i'm working on a logical map,a phyical layout map...hope to have it done quick


  • Options
    #8
    NullZer0
    Registered Users Posts: 1,629 ✭✭✭NullZer0


    rolion wrote: »
    Router on a stick works fine when you do training,playing in your home lab or in a simulator...

    You mean not in the real world?
    Why not? - Service providers and large enterprises use it.


  • Options
    #9
    BobTheBeat
    Registered Users Posts: 1,048 ✭✭✭BobTheBeat


    rolion wrote: »
    Router on a stick works fine when you do training,playing in your home lab or in a simulator...

    We have to get switches around logical/physical/traffic level layout...
    I was thinking,from behind a cup of coffee,that one/two 48p 1G L3 switch(es) dedicated to servers ONLY ,linked to two/four 24/48p 1G L2 switched for cabinet / desktop access level will make more sense.
    Also,Two/Four Channels from servers to main core switch,then a trunking from core switch to desktop's switch with possible etherchannels boundled too.

    All servers (or some,based on access,function,traffic,physical) might need dual/quad nic cards installed or enabled if present already to create NIC Teams.
    We have to analyse the physical against virtual servers layout.


    i'm working on a logical map,a phyical layout map...hope to have it done quick

    Thank you very much rolion, I look forward to reading your plans!
    iRock wrote: »
    You mean not in the real world?
    Why not? - Service providers and large enterprises use it.

    Good question. I would imagine it is entirely related to bandwidth and processing power of the Router. I wonder what the real world throughput figures are in correlation to the number of VLANs being routed?


Advertisement