Feedback on our new network design

mtehonica · ‎06-02-2012

I'm looking for feedback and constructive criticism on our network redesign project for our company.

We are currently on a 192.168.1.x/24 and running out of addresses. We are looking to move to the following design and implement VLANs as well for segregation and security. We are probably going to use a few SG300s for switches.

IP Scheme

Default Gateway

192.168.254.254

Subnet Mask 255.255.0.0

Servers 192.168.15.x (VLAN 15)

Development 192.168.16.x (VLAN 16)

Sales 192.168.17.x (VLAN 17)

Front Office / HR 192.168.18.x (VLAN 18)

Department x 192.168.20.x (VLAN 20)

Department y 192.168.21.x (VLAN 21)

Department z 192.168.22.x (VLAN 22)

DHCP Scope 192.168.250.x (VLAN 250)

Any advice or criticism would be appreciated. We don't want to have to do another redesign anytime soon.

Thanks!

Sent from Cisco Technical Support iPad App

Reza Sharifi · ‎06-02-2012

It looks good. Just a couple of notes:

The default gateway will not be 192.168.254.254 rather will be defined per subnet

for example

Servers 192.168.15.x (VLAN 15) default gateway 192.168.15.1

Development 192.168.16.x (VLAN 16) default gateway 192.168.16.1

What happened to vlan 19?

Also, I am not clear what you mean by DHCP Scope, the DHCP Server will have any subnet that you are trying to use with dynamic addressing.

Also, usually the default gateway (as I noted above) is .1 per subnet and if you are planning to use DHCP for any of these subnets, make sure to reserve the first 5 IPs for admin use and not part of DHCP address hand off.

reserve 192.168.15.1-5

DHCP scope 192.168.15.6-254

HTH

mikull.kiznozki · ‎06-02-2012

I would definitely use a nice L3 swtich to do all your inter vlan routing, policing, shaping and securing and keep the router out of the scene(creating subinterfaces on a router i.e router on a stick has kinda become old school now with all the powerful l3 switches available)

with this design the IP addressing scheme can also be modified quickly(just on the switch and not worrying about the router) and can be expanded at anytime.

obviously you have to trunk the downstream switches from the upstream l3 switch for transperency. the default gateway for each vlan would be the l3 vlan interface and that gives you the power of controlling intervlan traffic on the sw. qos-ing can be done at this level as well(eg, voice, video etcc..)

mtehonica · ‎06-03-2012

Thanks for the feedback guys.

We typically use .254 for our gateways so I'll use that for each VLANs default gateway. As far as DHCP goes, I guess I'll end up using a central DHCP server and configure IP helper addresses for each VLAN that point to the central DHCP server.

When you say a "nice" L3 switch, what would you recommend? Is the small business SG300 not in that category? We also have multiple comm closets so I'd need a managed switch that can handle VLANs in each closet and trunk them together right? All switches would also need to support VTP unless I wanted to have to configure all the VLAN information on each switch independently right?

Sent from Cisco Technical Support iPad App

Jeff Van Houten · ‎06-03-2012

You probably need a map with the wiring closets and expected number of users at each closet as well. I'm not familiar with the sg series but enterprise switches start with the 2960s in the closet and the 3750s as aggregation points (or higher). Also if you need to run VoIP or video over this network, I'd double check the switch specifications as well as the uplinks.

Sent from Cisco Technical Support iPad App