03-16-2010 10:20 AM - edited 03-06-2019 10:10 AM
We are currently creating all our VLANS on our core (6513 sup2 720). One of our VLANS has over 19 class c subnets on it. Last week after a power outage, the core's processor went up to 92% until I looked on the wire and saw that DHCP was going mad! We restarted the DHCP service and all was well again.
The DHCP server is in the VLAN that has all those subnets. I'm trying to convince my boss that it is wise to move all the vlans out to the edge onto the distribution switches and have a set of VLANS per building.
I'm sure my preferred scenario would have stopped this problem, which I think was a massive broadcast storm.
Would you all agree?
Jamie
Solved! Go to Solution.
03-17-2010 04:43 AM
ahh, that makes more sense now, I read it that you were allocating 1 vlan per floor and not 1 subnet.
Makes perfect sense, wish me luck!
Jamie
03-17-2010 04:47 AM
I think Jon is saying that you allocate a /24 block to the floor, then cut it in half and assign the /25 mask to the users
So if he decided to use 192.168.1.x then it would look
192.168.1.0 network
192.168.1.1 - 192.168.1.126 hosts
192.168.1.27 broadcaset
192.168.1.28 network
192.168.1.29 - 192.168.1.254 hosts
192.168.1.255 broadcast
I have a question, and sorry to hijack a little Jamie! I thought a vlan to ip subnet was always a 1-1 correlation? I guess I never thought about it as being anythign else but you obviously mention having 19 ip subnets per vlan?
03-17-2010 05:01 AM
colinkiely1 wrote:
I have a question, and sorry to hijack a little Jamie! I thought a vlan to ip subnet was always a 1-1 correlation? I guess I never thought about it as being anythign else but you obviously mention having 19 ip subnets per vlan?
Colin
The recommendation is to have one subnet per vlan but there is nothing to stop you having multiple subnets per vlan and using secondary IP addresses on the vlan interface. Secondary IP addresses were more common before L3 switches came along and before 802.1q trunking because with routers there was a physical limit to the amount of interfaces available. So with a L3 switch there really is very little reason to use secondary IP addressing these days.
Just for completeness you can also have one IP subnet with 2 vlans. You would see this when you use devices such as the FWSM (Firewall Service Module) and ACE (Application Control Engine - load-balancer basically) in transparent mode. With transparent mode the device acts as a L2 device so you need to the same subnet on both sides. But you can't use the same vlan on both sides as you would get an STP loop so you use 2 vlans and effectively "join" the vlans together with the transparent device.
Jon
03-17-2010 05:07 AM
Great to know, thanks a lot Jon!
03-17-2010 05:21 AM
I guess you have your DHCP servers in the server farm and use IP HELPER on the
vlan interface to get over the broadcast boundary?
Jamie
03-17-2010 05:29 AM
jhancockuwic wrote:
I guess you have your DHCP servers in the server farm and use IP HELPER on the
vlan interface to get over the broadcast boundary?
Jamie
Jamie
Yes you do. You really only need 2 DHCP servers for redundancy and then on each L3 vlan interface you would configure an ip helper-address.
Key to doing this well is to get the planning correct. Take your time planning it and look for any gotchas. Key things to be aware of
1) do any of the devices in your vlan at present need L2 adjacency ie. they need to be able to broadcast to each other for an application to work. This is rare these days and it can be worked around but something to check.
2) Hardcoded IP addresses. Hopefully you haven't got them but it needs checking ie. some device has a hardcoded IP so it knows which server etc. to talk to. Again, rare these days but still needs checking.
Having said that if you stick with the current addressing but just split it up most of the IP addresses could stay the same on the devices. The only issues you may get is where the IP address of an existing device suddenly becomes the broadcast address for example of your new smaller subnet. If you make sure when you get these that it is a PC rather than a device with a hardcoded address you should avoid problem 2 above.
Jon
03-17-2010 04:33 AM
Jamie
So I guees in your privious job you created the /24 VLANS on the 6500's? To splint the address int /25's I guess you configure the clients with a /25 subnet depending on what side of the building they were on?
Yes exactly. The vlans were created on the 6500 switches and these switches were VTP servers. The access-layer switches were VTP clients. The L3 SVI's were on the 6500 switches.
DHCP scopes were setup for /25's and so the client would get an IP from the /25 with the correct subnet mask and default-gateway.
I appreciate that it is never easy to try and make big changes when you are new as others may see your recommendations as critcisms of the current network but it really would benefit your network administrators and more importantly your users if you could do this.
Jon
03-17-2010 04:35 AM
Sorry Jon I changed my post last minute
So, 1 /24 VLAN per floor, then you split that VLAN into 2 /25. I missing something again here, if you create the vlan on the 6500 "ip address 192.168.1.1 255.255.255.0. How are you then splitting this up into 2 /25?
Sorry to be a pain.
Jamie
03-17-2010 04:36 AM
Oh I see from the DHCP server, is that correct?
Jamie
03-17-2010 04:38 AM
jhancockuwic wrote:
Oh I see from the DHCP server, is that correct?
Jamie
Jamie
Not sure what you mean. The DHCP scope IP range and subnet mask must match the L3 SVI on the 6500 in terms of an IP from that range and the same subnet mask.
Jon
03-17-2010 05:48 AM
Ok, thanks Jon.
I want you to know that I really appreciate your help with this. Giving up you time to help other people (me) is rare these days.
Kind regards,
Jamie
03-17-2010 05:52 AM
jhancockuwic wrote:
Ok, thanks Jon.
I want you to know that I really appreciate your help with this. Giving up you time to help other people (me) is rare these days.
Kind regards,
Jamie
Jamie
No problem, glad to have helped.
That's what good about NetPro and why i continue to use it in that there a lot of people on these forums with great knowledge and experience who are only too happy to share that with other people.
Any other questions/problems don't hesitate to come back.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide