Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4312
Views
16
Helpful
3
Replies

Server on separate Vlan

Go to solution
jhonrosas
Level 1
Level 1

‎09-11-2017 01:59 PM - edited ‎03-08-2019 11:59 AM

Greeting,

 

I have next question about network desing. Today I have network around 400 pcs use services from local servers place in the Datacenter. Some guidelines as Cisco recommend split ther Servers Farm on separate vlan from the pcs, is it useful? o maybe could go in throguh bottleneck on the gateway tha perfomr routing  o there is another better option?.

Other subject, cause the high pcs I would like split the network into few subnets(Vlans), the option the subnet  on the Direectory Active will work or just  that I should be on devices networks?.

In advance for you help.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-12-2017 05:57 AM

The two main reasons to subdivide a flat network are:  first large L2 networks tend to have performance issues.  This mainly due to broadcast packets being generated by hosts which every other host has to process even though most of the time those other hosts aren't interested in the broadcast packet's contents.  As a general rule of thumb, you want to segment a network once you have more than 256 or 512 hosts.  (Your 400 is boarderline.)

 

The second main reason is, as the other posters have already noted, there are often admin reasons to split up hosts, often security related.

 

To your question about performance, and gateway device, on a LAN using a L3 switch is often not a bottleneck.  In some cases, the extra "hop" will very minimally slow your traffic, but in some cases, the segmentation will improve the performance of your traffic.

View solution in original post

3 Replies 3

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎09-11-2017 02:12 PM

Hi,

Other subject, cause the high pcs I would like split the network into few subnets(Vlans), the option the subnet  on the directory Active will work or just  that I should be on devices networks?.

Active directory will work fine with the sever being in the subnet as the user or not.

As for separate vlans between severs and the users, having separate vlans gives you the ability to make changes to one vlan which can effect only the users and not the servers and vice versa.  For example; You can apply QOS to user vlan and usually that is not needed on the server vlan.. Also, users and/or servers going through the gateway should not create any bottleneck unless the gateway device is very old.

HTH

Go to solution
Julio E. Moisa
VIP
VIP

‎09-11-2017 06:15 PM - edited ‎09-12-2017 06:05 AM

Hi

By security and network performance reasons the servers and users must not be on the same network and sharing switches either. The recommendation is always separate networks through VLANs it includes the server farm, the communication between VLANs will be accomplished if there is a Layer 3 devices. Cisco has also designed an entreprise campus model, where it displays the best location/connection for each device. 

 

Image result for cisco enterprise model

 

You can protect your servers using ACLs, VACL or other security methods, in most cases there is a firewall and behind the servers. A good network design includes: scalability, security, easy management, flexible, etc. 

 

The following links could be useful:

http://www.ciscopress.com/articles/article.asp?p=2202410&seqNum=6

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/vlans.html

http://www.ciscopress.com/articles/article.asp?p=102157 

 

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎09-12-2017 05:57 AM

The two main reasons to subdivide a flat network are:  first large L2 networks tend to have performance issues.  This mainly due to broadcast packets being generated by hosts which every other host has to process even though most of the time those other hosts aren't interested in the broadcast packet's contents.  As a general rule of thumb, you want to segment a network once you have more than 256 or 512 hosts.  (Your 400 is boarderline.)

 

The second main reason is, as the other posters have already noted, there are often admin reasons to split up hosts, often security related.

 

To your question about performance, and gateway device, on a LAN using a L3 switch is often not a bottleneck.  In some cases, the extra "hop" will very minimally slow your traffic, but in some cases, the segmentation will improve the performance of your traffic.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card