Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1374
Views
0
Helpful
17
Replies

Subnet Question

Go to solution
Lakeram Harrypersaud
Level 1
Level 1

‎08-11-2011 12:54 PM - edited ‎03-07-2019 01:40 AM

We have two 3750 core switches which will have six 2960 edge switches connecting it. We have three vlans:

vlan 1 - 10.1.1.1 255.255.254.0

vlan 2 192.168.2.0 255.255.255.0

vlan 3 192.168.3.0 255.255.255.0

My servers are using 10.1.1.x

My workstations are using 10.1.0.x

I am just wondering if i should use 10.1.1.1 255.255.255.0 for vlan 1 instead of the above?

Any help will be greatly appreciated?

Thanks,

Lake

Labels:
0 Helpful
7 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-11-2011 12:59 PM

Lake,

If you only have 254 devices on vlan 1 or fewer then for consistency use /24 (255.255.255)

also try not to use vlan 1.  That is the native vlan and it is mostly used for controll traffic.

so use vlan 2,3,4, or 10, 20,30 instead

HTH

Reza

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-11-2011 01:01 PM

Lake

Firstly you shouldn't use vlan 1 if at possible for any client traffic whether that be clients or servers.

Secondly it's not a good idea to have servers and clients in the same vlan. It is better to have servers in their own vlan as you can then control access to and from them with standard router acls on the L3 vlan interfaces.

If you separated out the clients from the servers then yes it may make more sense to use /24's for each subnet. If you want to leave the clients and servers in the same vlan then whether to use a /24 or as you are currently using a /23 depends on whether you have enough addressing.

If you can adopt a consistent subnet size it just makes everything a lot clearer in my opinion.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-11-2011 01:15 PM

Lake

Yes it will work. You could always leave the servers temporarily in vlan 1 and move the clients to another vlan.

What is not entirely clear is why you are asking specifically about the subnet size ie. 255.255.255.0 or 255.255.254.0. Your L3 vlan interfaces do not have to have the same subnet mask ie. vlan 1 can have a different subnet mask/size to the subnet allocate to another vlan for example.

When you choose the subnet mask you simply choose it based on how many hosts/end devices you need in the subnet although generally speaking most people do not go above a /23 ie 255.255.254.0 because of potential broadcast issues.

255.255.255.0 is a common sized subnet. We used 255.255.255.128 in the last place i worked.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:04 AM

Lake

I'm assuming that your floor switches are connected to your core switches with L2 trunks ?

If so then yes vlan 1 will be on all switches so you can connect the printers to different switches on different floors into vlan 1.

Jon

View solution in original post

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:15 AM

Lake,

I would move the printers to vlan 4 (workstation vlan).  This way, you have one vlan (vlan 1) for all your servers and one vlan (vlan 4) for all your workstations and printers.  Or am I missing something here?

HTH

Reza

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:20 AM

Yes that is a trunk configuration.

Note that you are not allowing vlan 1 across the trunk link however vlan 1 cannot be blocked off a trunk link (unlike all other vlans) so you should be fine.

Reza, as for moving the printers it could prove difficult if for example some clients have hardcoded printer IPs. They shouldn't but i have been bitten by this before.

Jon

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 11:40 AM

Lake

Yes, simply include all the vlans you want allowed across the link.

Jon

View solution in original post

0 Helpful
17 Replies 17

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎08-11-2011 12:59 PM

Lake,

If you only have 254 devices on vlan 1 or fewer then for consistency use /24 (255.255.255)

also try not to use vlan 1.  That is the native vlan and it is mostly used for controll traffic.

so use vlan 2,3,4, or 10, 20,30 instead

HTH

Reza

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-11-2011 01:01 PM

Lake

Firstly you shouldn't use vlan 1 if at possible for any client traffic whether that be clients or servers.

Secondly it's not a good idea to have servers and clients in the same vlan. It is better to have servers in their own vlan as you can then control access to and from them with standard router acls on the L3 vlan interfaces.

If you separated out the clients from the servers then yes it may make more sense to use /24's for each subnet. If you want to leave the clients and servers in the same vlan then whether to use a /24 or as you are currently using a /23 depends on whether you have enough addressing.

If you can adopt a consistent subnet size it just makes everything a lot clearer in my opinion.

Jon

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Jon Marshall

‎08-11-2011 01:11 PM

We will design it like you guys mentioned but if we do that now we will have to change ip address on all the server including vmware. My boss wants to do it this way for now.

But will my setup work for now?

Thanks,

Lake

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-11-2011 01:15 PM

Lake

Yes it will work. You could always leave the servers temporarily in vlan 1 and move the clients to another vlan.

What is not entirely clear is why you are asking specifically about the subnet size ie. 255.255.255.0 or 255.255.254.0. Your L3 vlan interfaces do not have to have the same subnet mask ie. vlan 1 can have a different subnet mask/size to the subnet allocate to another vlan for example.

When you choose the subnet mask you simply choose it based on how many hosts/end devices you need in the subnet although generally speaking most people do not go above a /23 ie 255.255.254.0 because of potential broadcast issues.

255.255.255.0 is a common sized subnet. We used 255.255.255.128 in the last place i worked.

Jon

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Jon Marshall

‎08-12-2011 06:57 AM

Thank you very much Jon.

I never thought about moving just the workstations to another vlan but i really like your idea. I will let my boss know and hear what he says.

I will leave the servers and printers in vlan 1 temporarily. 10.1.1.0. I will make the vlan 1 ip address 10.1.1.1 and change the ASA inside interface to another IP Address. In this case i won't have to change the servers default gateway.

I will create another vlan for example, vlan 4, and move the workstations there and i will assign ports on the 3960 edge switches to vlan 4.

All the servers will be connected to the core switch. Since we have two floors the printers won't be connecting to the core switch and they will be connecting to the edge switches. I think i can connect the printers to any switch because vlan 1 is assigned to all ports, is this correct? Trunking has been setup.

Thanks,

Lake

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:04 AM

Lake

I'm assuming that your floor switches are connected to your core switches with L2 trunks ?

If so then yes vlan 1 will be on all switches so you can connect the printers to different switches on different floors into vlan 1.

Jon

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Jon Marshall

‎08-12-2011 07:18 AM

Jon,

I suppose the example below is a layer 2 trunk? Is this correct?

interface GigabitEthernet2/48

description xxxxxxxxxxx

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 2,3,5,10

channel-group 1 mode on

interface GigabitEthernet2/48

description xxxxxxxxxxx

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 2,3,5,10

Thanks,

Lake

channel-group 1 mode on

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:20 AM

Yes that is a trunk configuration.

Note that you are not allowing vlan 1 across the trunk link however vlan 1 cannot be blocked off a trunk link (unlike all other vlans) so you should be fine.

Reza, as for moving the printers it could prove difficult if for example some clients have hardcoded printer IPs. They shouldn't but i have been bitten by this before.

Jon

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:15 AM

Lake,

I would move the printers to vlan 4 (workstation vlan).  This way, you have one vlan (vlan 1) for all your servers and one vlan (vlan 4) for all your workstations and printers.  Or am I missing something here?

HTH

Reza

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Reza Sharifi

‎08-12-2011 07:32 AM

I would love to move the printers but that will cause too much down time. We will schedule that for another time. My boss like the idea which Jon suggested. I guess we will go ahead with it.

Thanks guys,

Lake

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 07:41 AM

I agree with you and Jon,

If it is too much work, then don't worry about it.  But if the printers are using DHCP then a reboot should take care of it.

either way, you have to keep the boss happy

Good luck

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Reza Sharifi

‎08-12-2011 07:46 AM

Printers are using static ip

Thanks,

Lake

0 Helpful

Go to solution
Lakeram Harrypersaud
Level 1
Level 1
In response to Lakeram Harrypersaud

‎08-12-2011 08:40 AM

Now i have to change my allowed vlans across all the trunk ports:

interface GigabitEthernet2/48

description xxxxxxxxxxx

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 2,3,5,10

channel-group 1 mode on

Change to commands:

interface GigabitEthernet2/48

switchport trunk allowed vlan 2,3,5,10,11,12,13

Is this correct?

Thanks,

Lake

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Lakeram Harrypersaud

‎08-12-2011 11:40 AM

Lake

Yes, simply include all the vlans you want allowed across the link.

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card