Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
827
Views
15
Helpful
8
Replies

VLAN

pdenableetoavit19698
Spotlight
Spotlight

‎01-16-2023 03:01 PM

Hi all,

Trying to setup a new system with DHCP controller/firewall, new switch L2/L3 48 ports and wondering generally what is the best approach in designing VLANs, when do you normally need/recommended to create them and when to avoid unnecessary complications.

Should you create a VLAN for exemple for your APs, one for your AV, one for your PC/Laptops etc and one for the guest? or what should be the criteria in general?

And should you set VLANs etc at the DHCP controller/firewall level or at the switch (if L3) level?

In a standard situation ideally what should be configured at the DHCP/firewall level and what left on the switch?

thank you!

thank you so much!

Labels:
0 Helpful
8 Replies 8

Kasun Bandara
VIP
VIP

‎01-16-2023 06:26 PM

Hi VLANs, using for many purposes. first you need to understand where to use VLANs and not. normally VLANs using to segment broadcast domains in same physical broadcast domain. you can create separate VLANs for department, functionality or floor locations. this is depends on business requirement. DHCP for each vlan can configure at gateway device or server and use helper address to point server. you can check below guides to get understanding about VLAN designing and architecture.

https://www.cisco.com/c/en/us/support/docs/smb/routers/cisco-rv-series-small-business-routers/1778-tz-VLAN-Best-Practices-and-Security-Tips-for-Cisco-Business-Routers.html

https://www.ciscopress.com/articles/article.asp?p=2181837&seqNum=11

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

pdenableetoavit19698
Spotlight
Spotlight

‎01-17-2023 12:31 AM

Thank you @Kasun Bandara !

And generally is there a best order to proceed with? setup new DHCP controller/firewall etc first, then the switch or viceversa? Will have a good read through your links, thanks!

0 Helpful

Kasun Bandara
VIP
VIP
In response to pdenableetoavit19698

‎01-17-2023 01:57 AM

first identify your business requirement to use VLANs. for ex. you can create different VLANs for different departments. then create VLAN plan (vlan name, ip address subnet, DHCP range, etc) . after theat you can create those VLAN gateways on firewall/router and configure switches with VLANs. then map relevant switch ports to required VLANs.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi
Hall of Fame
Hall of Fame
In response to pdenableetoavit19698

‎01-17-2023 02:02 AM

You need to spend sometime and prepare or planning before you deploy

when you plan you need to plan how your network you looking to deploy what what is the future growth, so that will have VLAN information and IP Segment

So Make a Design how your network - Once that is approved - then plan WAN Router - since it requirement internet is must for you to test.

Then LAN Switches, DHCP Scopes, Firewall with default rules what need to go outof network.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pdenableetoavit19698
Spotlight
Spotlight

‎01-17-2023 02:33 AM

Thank you!

Are there Cisco or general templates to use that help drafting a plan in a clear/not missing anything way?

0 Helpful

Kasun Bandara
VIP
VIP
In response to pdenableetoavit19698

‎01-17-2023 03:50 AM

this gives good insights to check and tables to plan

https://mail.employees.org/univercd/Feb-1998/cc/td/doc/product/rtrmgmt/sw_ntman/cwsimain/cwsi_1/cwsi1_ug/vldug/design.htm

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to pdenableetoavit19698

‎01-17-2023 06:29 AM

You can find many check on google.com

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-17-2023 08:48 AM

Other posters' posts have much more detail, but in short we use VLAN/subnets for network scalability and/or for some kind of access control.

If you only have a single 48 port switch and/or similar number of wireless clients, you shouldn't have scalability issues.

When you mention "guests", wireless or wired, for those you may very much want them in their own L2/L3 segment where you control access to/from that segment.

L2/L3 separation of users from servers often is used, but not really needed, so much, for "tiny" networks (again, assuming, you don't want to add specific access control between users and servers).

As you mention a FW, if you create a DMZ, that too is often its own L2/L3 segment.

Oh, and you're quite correct in using multiple VLANs often adds additional complications, or as I like to call it, "care and feeding" needs.

0 Helpful
Customers Also Viewed These Support Documents