LAN Design

de1denta · ‎02-14-2012

Hi,

I'm looking at a LAN design to support 600 users and IP phones. I will be using Cisco 4500E switches. All switches will provide access ports

The switches will be installed in a single comms room which will have structured cabling to the buidling. I'm looking to install the switches as shown in the attached diagram

I dont want to have 1000 devices in the same voice or data VLANs so I need to split the VLANs into smaller sizes (510/254). What is the best way of doing this? For example to split the voice vlan into 2 x 510 networks, is it best to configure SVIs and HSRP on the core switches and prefer the first voice VLAN on core1 and second voice VLAN on core2 and then configure the access switches with half the ports in one voice VLAN and the other half of ports in the other VLAN? I assume I can then maniplaue PVST to balance the load? Or how about using routed access and a seperate subnet on each switch and an IGP?

Thanks,

JohnTylerPearce · ‎02-14-2012

Well if I were in your shoes I would do the following.

1) I would add at least another link between your core switches for redundancy and run them as an Etherchannel. You

could run EIGRP between them with a L3 port-channel and thus prevent L2 loops from occuring on your core.

2) I would run RPVST as your spanning-tree instead of just regular PVST+.

3) I would configure HSRP for your VLANs as required.

4) I'm not too farmiliar with setting up voice, but from your original post you said you will have 600 users, and 600 IP Phones, That would be at least 1200 network devices. I would split up the 600 users in two vlans, while allowing some room to grow if you add users in the future. I would do the same with the IP phones.

For instance if you could use the following networks as your user vlans.

VLAN1: 10.10.0.0/23 (510 Hosts)

VLAN2: 10.10.2.0/23 (510 Hosts)

You can do the same for voice VLANs if you like.

simionov.adrian · ‎02-14-2012

I would not split the 600 users in two vlans, I would create one vlan for data and one for voice. I know it is tricky, but from a support perspective it is easier to support one vlan than two, users are moving from time to time, and this will help a lot to keep firewall access.

lucentmoon · ‎02-14-2012

I agree with John on his recommendations. This is a straightforward and solid design

For Vlan size though. no larger than a /24 is recommended best practice. This keeps broadcast traffic from being propogated everywhere. Imagine the load on your switches from 1 host sending a broadcast & it being propogated to 600 hosts. Now imagine 600 hosts doing this at the same time.

Leo Laohoo · ‎02-14-2012

What is the best way of doing this? For example to split the voice vlan into 2 x 510 networks

If possible, I'd split each voice and data on a "per floor" method.

de1denta · ‎02-14-2012

Each switch will be servicing a different floor so the "per floor" method sounds logical.For this I will need to assign a different set of voice and data VLANs to each switch and then configre trunks back to the core limiting each trunk to the required VLANs.

Is using a L3 link between the core switches recommended in this design? I understand the benefits but are there any disadvantages or problems with doing this?

Leo Laohoo · ‎02-14-2012

Each switch will be servicing a different floor so the "per floor" method sounds logical.For this I will need to assign a different set of voice and data VLANs to each switch and then configre trunks back to the core limiting each trunk to the required VLANs.

So far, I've never seen a "con" regarding routing on a "per floor" basis.

ebarticel · ‎02-14-2012

What about security? Usually for unused ports I create a vlan and add them to that vlan.

What about users/department needs privacy from other network users? Easy way is create a vlan for them.

In the end the users, and the level of security you need to implement will dictate how many vlans you need to create.

Hope this helps

Eugen

JohnTylerPearce · ‎02-15-2012

I agree leolaohoo. Routing by floor is a good practice. It can be of great help when it comes to troubleshooting.