Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3067
Views
0
Helpful
1
Replies

Subnet design / Multi-building VLAN?

Jellyman_4eva
Level 1
Level 1

‎04-01-2011 03:28 PM - edited ‎03-06-2019 04:24 PM

Hi,

Just a quick question... looking to carry on designing a new network and have come up with a few questions! I have identified a number of VLANs which I would like but am confused as to their implementation...

For example I would like a network management VLAN for switches etc.... I would like this VLAN to be available for all buildings... so should this VLAN be a separate VLAN per building or a single stretched VLAN across the entire site?

Making it a separate VLAN per building seems to make the config easier as I would not need to stretch the VLAN, however this means having separate subnets per building for each VLAN... e.g.

Building 1

VLAN 20 (Network Management) 172.16.1.0/24

VLAN 30 (Clients) 172.16.2.0/24

Building 2

VLAN 20 (Network Management) 172.16.3.0/24

VLAN 30 (Clients) 172.16.4.0/24

Which leads me nicely to my next question!

When designing the IP ranges, do people really pick a range like the Cisco books say and then VLSM it all the way down?? This seems to be a potentially limiting way of doing things? I was thinking as I was using a private address range what does it matter if I just use a load of class c addresses? Why is wasting address space in this case an issue? It seems like VLSM is more appropriate if you want to use an allocated range of public addresses?

Finally a stupid question I am sure... but using the 3 tier layer that Cisco recommend, assume that I have 1 access layer switch linked to two distribution layer devices... on some diagrams I have seen a link between the two distribution layer devices, whilst on other diagrams the two distribution layer devices are not connected to each other?

Labels:
0 Helpful
1 Reply 1

Jon Marshall
Hall of Fame
Hall of Fame

‎04-01-2011 03:46 PM

Mangement vlan - restrict to each building and don't span across all sites.  Main reason is STP. If you accidentally create a loop in youtr mangement work then any broadcast storms would be limited to that building rather than spanning the entire campus setup.

Private addressing. To be honest it's more important to summarise effectively than worry about using every bit of a subnet with VLSM. As you say it's not as though you are going to run out. Allocating a block of subnets to each building and then summarising out is worth doing though.

dsitribution switches - depends on how you want to do it. Usually they are interconnected either with L3 or more commonly L2 link. Assuming your distribution switches are doing the inter-vlan routing for the access-layer then a L2 link is the most common for HSRP. Note though if all access-layer switches are uplinked to both switches then you can use a L3 interconnect between your distribution switches and the HSRP messages simply go via the access-layer switches.

Like i say L2 is more common still, but L3 can be useful for the interconnect if your distro switches support GLBP. Reason being that with L2 interconnect one of the uplinks has to block per vlan. With L3 interconnect both L2 uplinks from the access-layer switch can be forwarding because there is no STP loop and both distro switches can share the load from clients.

Where they are not connected i would guess the routing for the vlans would either -

1) be per distro switch which would mean each distro switch is independant. Never really seen this though and the switch would need to be running redundant sups etc. in my opinion

2) routing for vlans takes place at core. This would also mean distro to core would need to be L2. Again haven't really seen this nowadays and not recommended.

3) routing for vlans in access-layer which means distro switches really just act as routers. Not really seen that setup either but i can see how it would make sense ie. again each access-layer switch would have dual uplinks and they could both be forwarding traffic. If a distro switch failed then the other link is there anyway. Like i say, they really become routers to all intents and purposes.

This also supposes that any other devices beyond the distro switches such as routers are connected to both distro switches. If the router was only connected to one distro switch how would the other distro switch ever get the routes ? Suppose they could peer via the access-layer switches but you really don't want to do that, very bad design.

So in summary haven't really seen many examples (in real networks)  of non-interconnected distribution switches

Jon

0 Helpful
Customers Also Viewed These Support Documents