Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3935
Views
10
Helpful
2
Replies

Best practices for VLANs implementation

Go to solution
pep87
Level 1
Level 1

‎01-30-2018 12:01 PM - edited ‎03-08-2019 01:37 PM

Hi everybody. TI am studying a Engineer Networking degree on Collage. I would like to know best practices for implementing VLANs. I am  newbie. Some questions:

 

1- Shoud i create a independent vlan for IT department or i can integrate it with Administration vlan?

2-In case of Administration vlan, i know this vlan is used to manage network devices like switches and routers, but i need to design a small corporate network, i should create an administration vlan for the HQ and for each branch or i can use the same administration vlan on all locations?

3- i am going to use layer 3 switch for LAN intervlan routing on each branch and on HQ, I know i have to define the gateway of the administration vlan on the layer 3 switch of each location but how i have to setup the router of each location  for assigning an ip which belongs to the administration vlan?

4- In my design, branches and HQ wil have some common departments like IT department, Finance department, Sales department, etc. How i shoud setup vlans for each departments? can i extend vlans over the corporate WAN ? or i shoud create these vlans on each site?

5- If i i shoud create these vlans on each site,  can i use the same number and name of vlan on each site for example vlan 10 for Finance department on HQ and vlan 10 for Finance department on the branches? and how these vlans will communicate between them (for example how i will communicate Finance vlan 10 of HQ with Finance vlan 10 of the branches)?

 

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP

‎01-30-2018 03:03 PM - edited ‎01-30-2018 03:04 PM

Hi,

1- Shoud i create a independent vlan for IT department or i can integrate it with Administration vlan?

 

A best practice is create a VLAN ID for each department, it will separate the broadcast domains and it will provide logical security. 

 

2-In case of Administration vlan, i know this vlan is used to manage network devices like switches and routers, but i need to design a small corporate network, i should create an administration vlan for the HQ and for each branch or i can use the same administration vlan on all locations?

 

Each VLAN is assigned to a network (most of the cases) so if you are using L2 dedicated links between HQ and branches, you can use the same VLAN with same network but in the most of cases HQ and branches are connected with L3 links, in this situation you can use the same VLAN but with different network. 

 

3- i am going to use layer 3 switch for LAN intervlan routing on each branch and on HQ, I know i have to define the gateway of the administration vlan on the layer 3 switch of each location but how i have to setup the router of each location  for assigning an ip which belongs to the administration vlan?

 

You cannot have 2 gateways with the same network unless you are using VRF, this is the same like the previous question, you can use the same VLAN ID but with different network so for example:

 

HQ router will have:

VLAN 100 with gateway 172.16.100.1

 

Branch Router will have

VLAN 100 with gateway 172.17.100.1

 

 

4- In my design, branches and HQ wil have some common departments like IT department, Finance department, Sales department, etc. How i shoud setup vlans for each departments? can i extend vlans over the corporate WAN ? or i shoud create these vlans on each site?

 

It depends, like the question 2. 

 

5- If i i shoud create these vlans on each site,  can i use the same number and name of vlan on each site for example vlan 10 for Finance department on HQ and vlan 10 for Finance department on the branches? and how these vlans will communicate between them (for example how i will communicate Finance vlan 10 of HQ with Finance vlan 10 of the branches)?

 

Yes, you can use the same VLAN ID but remember they will be assigned to different network, they will be able to communicate using routing protocols between Branch and HQ. 

 

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

2 Replies 2

Go to solution
Julio E. Moisa
VIP
VIP

‎01-30-2018 03:03 PM - edited ‎01-30-2018 03:04 PM

Hi,

1- Shoud i create a independent vlan for IT department or i can integrate it with Administration vlan?

 

A best practice is create a VLAN ID for each department, it will separate the broadcast domains and it will provide logical security. 

 

2-In case of Administration vlan, i know this vlan is used to manage network devices like switches and routers, but i need to design a small corporate network, i should create an administration vlan for the HQ and for each branch or i can use the same administration vlan on all locations?

 

Each VLAN is assigned to a network (most of the cases) so if you are using L2 dedicated links between HQ and branches, you can use the same VLAN with same network but in the most of cases HQ and branches are connected with L3 links, in this situation you can use the same VLAN but with different network. 

 

3- i am going to use layer 3 switch for LAN intervlan routing on each branch and on HQ, I know i have to define the gateway of the administration vlan on the layer 3 switch of each location but how i have to setup the router of each location  for assigning an ip which belongs to the administration vlan?

 

You cannot have 2 gateways with the same network unless you are using VRF, this is the same like the previous question, you can use the same VLAN ID but with different network so for example:

 

HQ router will have:

VLAN 100 with gateway 172.16.100.1

 

Branch Router will have

VLAN 100 with gateway 172.17.100.1

 

 

4- In my design, branches and HQ wil have some common departments like IT department, Finance department, Sales department, etc. How i shoud setup vlans for each departments? can i extend vlans over the corporate WAN ? or i shoud create these vlans on each site?

 

It depends, like the question 2. 

 

5- If i i shoud create these vlans on each site,  can i use the same number and name of vlan on each site for example vlan 10 for Finance department on HQ and vlan 10 for Finance department on the branches? and how these vlans will communicate between them (for example how i will communicate Finance vlan 10 of HQ with Finance vlan 10 of the branches)?

 

Yes, you can use the same VLAN ID but remember they will be assigned to different network, they will be able to communicate using routing protocols between Branch and HQ. 

 

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎01-30-2018 03:26 PM

Do you want an answer to help you understand or an answer to submit for grades?
The answer to this question will depend entirely upon the nature of the industry to apply it to. Most of the time a VLAN-per-department is generally the "rule of thumb" when dealing with administrative sites, like offices and such.
The minute the boundary crosses over to manufacturing or health, this idea is thrown out the window.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card