09-08-2015 09:04 AM - edited 03-08-2019 01:41 AM
I have just started a new job where the infrastructure is overly complicated for what it needs to be here is a brief overview -
There are currently 57 VLAN's in place although not all of them span the entire network. VTP is currently being used and the Core Switch is the VTP server with the rest being clients. The network at the head office has been subnetted so each department has its own separate VLAN which is extremely over kill in departments where there are only 3 machines for example.
So my question is how hard would it be to back out of using VTP as I know the pitfall of using VTP is that if a new switch is installed without proper configurations it can erase all the VLAN's and bring the entire network down. Is it possible for VTP to be removed from the infrastructure as a whole? If so how much work is roughly involved in this process and what would the impact be to the business in doing something of that scale?
A secondary question would be if it is not possible to remove VTP is it fairly easy to back out the super nets and VLSM to go back to simplified networking and split the building into groups of floors per network as there are only roughly 250 users at Head office so could for arguements sake split into 2 class C networks instead as certain departments are running out of IP addresses on their smaller networks at the moment. If anybody can shed some light on which would be the best solution I would massively appreciate it?
Thanks.
09-08-2015 10:01 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
". . . I know the pitfall of using VTP is that if a new switch is installed without proper configurations it can erase all the VLAN's and bring the entire network down."
Yes, that's true, and I've seen in happen within a large scale prod LAN too. However, it can be mitigated by using a named VTP domain and also by using VTP passwords. Further, it might not be possible for it to happen by accident if using VTP v3.
"Is it possible for VTP to be removed from the infrastructure as a whole? If so how much work is roughly involved in this process and what would the impact be to the business in doing something of that scale?"
Sure, it can be deactivated. You need to change each switch's VTP mode to transparent or (if a later IOS) off. Then, though, you need to manage VLANs (and VLAN pruning) on every switch. Generally maintaining VLANs via VTP, in a larger L2 topology, is simpler with VTP.
Regarding you questions about number of VLAN and subnettings, it would also depend on whether you switches are L2 or L3.
09-09-2015 12:28 AM
Hi Thanks for the reply that is good to know that it could be backed out if needed is there a command that I can run to check the version of VTP being used by the core?
Most of the switches here outside of the core are 2960's we have a couple of 3750 stacks and the core which is a 4510 I believe. I know that 3750's and 4510 are L3 not sure on the 2960's though?
09-09-2015 03:49 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Show VTP (or some variant with options).
Some (later) 2960 versions support very limited L3 features.
09-09-2015 03:59 AM
Thanks for this I was able to confirm that VTP is version 3 at present and the 2960's are operating in switch mode so basically L2 for the most part.
Essentially my question regarding the subnets is effectively could i pick one VLAN that services the start of the network that is subnetted then change the DHCP scope range on our DC and then deactivate the other scopes and check the port configs on the switches to make sure that the VLAN I want to pick up for say the first two floors is listed against every port and then in effect everybody should still work correctly right?
Probably goes without saying that a change like that would have to be done at the weekend though correct due to outages to the business whilst making the changes? Or is it easier just to create a brand new network on a new VLAN and then create a dhcp scope for that network and then add the new VLAN to all of the ports on the switches for the first two floors and then start de-commissioning the older networks and VLAN's?
Would creating the new network be the safer option there? I'm assuming also that with the creation of the new network I would have to create new NAT rules on the firewall to allow traffic from the new network out through it and likewise for anything incoming?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide