How to reduce the number of VLANS by consolidating subnets into fewer VLANS.

andyruh11 · ‎09-30-2015

Hello all, this is my first post.

We are using 2 Nexus 7010 machines as routers with HSRP.

We have about 300 active VLANs and we really don't need that many. A significant number of the VLANs have very small subnets and could easily be consolidated into one VLAN.

Our current setup is like this:

int vlan1

hsrp 1

ip address 10.0.1.1/25

int vlan2

hsrp 2

ip address 10.0.2.1/26

int vlan3

hsrp 3

ip address 10.0.3.1/27

etc

From what I can tell, I think we would do this:

int vlan1

hsrp 1

ip address 10.0.1.1/25

ip address 10.0.2.1/26 secondary

ip address 10.0.3.1/27 secondary

I can do this during an outage window, so uptime shouldn't be a problem.

Is this the correct way to handle the situation? I can provide more details if necessary.

Thanks.

John Blakley · ‎09-30-2015

"Is this the correct way to handle the situation?"

Personally, we're trying to get off of this model with using secondary addresses. Think about how you'll be able to control traffic after you implement this. You'll have to take into account multiple subnets on a single svi instead of a dedicated subnet. I wouldn't recommend moving from vlans to secondary addresses just to reduce the amount of vlans that you have.

HTH,

John

HTH, John *** Please rate all useful posts ***

andyruh11 · ‎09-30-2015

Thanks!

There's another aspect to this, all of these smaller subnets will eventually move to a /22 so they are all within the same subnet. I was going to put that subnet on the single vlan as well so people could move at their convenience. Does this change the answer?

John Blakley · ‎09-30-2015

Actually, that would change the answer :) The only issue that you would have is that your /22 cannot conflict with the smaller ranges that you already have on the interface. As long as you take that into consideration, this won't be an issue.

Here's the other thing that you need to consider. Let's assume that your servers are on vlan120 with a subnet of 10.10.120.0/24. The default gateway for those servers is 10.10.120.1 (your vlan svi). The issue is that when you move the the address to, say vlan 1, as a secondary (10.10.120.1 secondary), you will lose access to the server. The reason is that the server is either being tagged for vlan 120 via its NIC, vSwitch in the case of vmware, or an access port. When moving devices over, you just need to take into account that you're not only changing the subnet, but you're also breaking their communication until the server is moved over into the vlan that the gateway they were once using moved to. Does that make sense?

HTH,

John

HTH, John *** Please rate all useful posts ***

andyruh11 · ‎09-30-2015

Yeah, this is why we would take an outage while I straighten out the vlan setup on all of the access switches. I've got the new vlan pushed down all of the trunk ports, just have to flip the access ports to the new, single vlan once the gateway addresses are moved into the single vlan.