I have a project coming up where we will be setting up our network to utilize VLANs, and would like to get some advice and or recommendations on how to set this up correctly. First I will describe our network and then I will try to describe what we want to accomplish. Hopefully, someone has done it before and can shed some light on what I need to do.
Currently we have a basic network consisting of two physical segments, 10.10.4.0 /22 and 10.10.8.0/22. Between both segments we have about 55 Cisco switches (3550 and 2950) one of these switches is being used as a default Gateway for both segments. We also have two other Routers, but they are managed by our parent company. We also have two ISP connections, one for segment 1 and the other for segment 2 we setup the default gateway with PBR to send wan traffic to the WAN 1 Router and internet traffic to one of the firewalls depending on what segment the traffic is coming from. Every port on either segment is using the Default VLAN1, this is what we want to Change.
What we want to do is subnet both segments and starts using VLANs. Eventually we would like to have one segment broken up by VLAN?s instead of what we currently have which is 2 segments split by a router. For starters, in each segment we would like to have a separate vlan for servers, conference rooms, wireless, DMZ, and departments, so a total of about 8 vlans in each segment. We would also like to subnet without affecting our parent companies routers routing table.
I have attached a diagram of our network. From looking at the diagram, would it be a good Idea to create the VLANs on the switch that we are using as the gateway? I would appreciate any advice and recommendations, hope I described everything well, if not let me know.
If I was you, I would redo that network totally. If that is the actual physical network then you dont have any reduandant paths for each network. What I mean is what happens if R2_BB or R1_Bb goes down ? All those users are down ?
Will Vlans span different 3550 switches ?
I think you need to look at a reduandant Core/Distribution/Access Layer design. You can use your exisitng equipment, it wont be great but its doable.
i agree with previous statements from our friend here.
i think, it's better for you to re-designing the network first. refer to the enterprise campus network model, or safe blueprint.
besides rendudancy, you need to use the concept of hieararchy of switches. you must define, which switch is the access switch, which is the distribution, and which is the core. from here, then you need to redundant the link, or the device itself.
try this one,
my 2 cents,
I agree with both of you. I would like to redesign it; I have brought it up on a few occasions, but unfortunately I don't get to make those decisions, atleast not yet. But i would shirley welcome any design ideas. for now, this is what I have to work with. The higher ups concern at this time is setting up vlans and breaking up the broadcast domain on each segment. Can it be done with what?s in place now?
I agree with the other posts. You could collapse the distribution and core layers. You would need at least two multilayer switches in the core/distribution area configured with redundant router interfaces (with your current switches would be active/passive - HSRP). Or use the R1, R2 and R3-BB switches as the distribution layer running a routing protocol and add another switch to backup intrarouter with L3 links back to each BB switch and let the routing protocol load balance to the Core switches while also providing high availability. With your current setup the BB switches look like the perfect place for distribution aside from redundant links.
If I am understanding the diagram correctly, I would move the ISP links into the two core routers, intrarouter 1 and 2 to centralize them.
My concern would be the horsepower of your multilayer switches in the core and or distribution layers. This will be dependant on the amount of traffic, and shaping.
Hope this helps.
I will look into doing that, but in the mean time I still have to see about setting up the vlans. from looking at the diagram, redundency aside, which switch should be the VTP server? if anyone has any recomendations, advice, or sample diagrams on how to make this network better i would really appreciate it.