Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
19675
Views
5
Helpful
5
Replies

VLAN DESIGN BEST PRACTICE ?

unleashed333
Level 1
Level 1

‎09-11-2012 12:39 AM - edited ‎03-07-2019 08:48 AM

Dear All

I have two sites which are connected via ISP MPLS link,currently total network is flat .I have to implement VLAN design,what should be th best practice for it.,user of SITE A  authenticates from server of SITE B.

we have altogether of 200-250 user

Large VLAN contains 50 user

small VLAN contains 5-10 user

any iP schemening will work...Please have alook at attachment and kindly share your experience

Labels:
Preview file
51 KB
0 Helpful
5 Replies 5

Bilal Nawaz
VIP Alumni
VIP Alumni

‎09-11-2012 02:16 AM

You could consider the following:

Group devices by traffic patterns - Devices that communicate extensively between each other are good candidates to be grouped into a common VLAN.

Group devices for security - It is often a good practice to put servers and key infrastructure in their own VLAN, isolating them from the general broadcast traffic and enabling greater protection.

Group devices by traffic types - VoIP quality is improved by isolating VoIP devices to their own VLAN. Other traffic types may also warrant their own VLAN. Traffic types include network management traffic, IP multicast traffic such as video, file and print services, email, Internet browsing, database access, shared network applications, and traffic generated by peer-to-peer applications.

Group devices geographically - In a network with limited trunking, it may be beneficial to combine the devices in each location into their own VLAN.

It all depends on what the requirements are.

Routing can take care for users in Site A authenticating from a server in Site B if theyre on another subnet/vlan if needed.

hth

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-11-2012 02:39 AM

250 users and you want to segment them?  My question is WHY?

The size is enough to fit neatly in a /24 subnet.

If you have to, then subnet them per "department":  Finance, marketing, engineering, etc.

0 Helpful

Bilal Nawaz
VIP Alumni
VIP Alumni
In response to Leo Laohoo

‎09-11-2012 02:49 AM

Remember 250 Users + Network devices + Servers (if any) in that /24 Will that be enough? Is it following best practice? Is the company likely to expand?...

I agree, many instances have been segregated based on dept. too

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Sakun Sharma
Level 1
Level 1

‎09-11-2012 03:14 AM

You can divide traffic based on departments, servers and voice.

For example you can have one set of VLAN's for Departments, One for Servers, One for Management - Managing Devices, And one Dedicated to Voice for  using QoS service.

Authentication etc can be handled by Inter-VLan routing.

So it would be like this:

VLAN xx - Accounts

VLAN xx - other Departments

VLAN xx - Voice

VLAN xx - Management

VLAN xx - Servers

For futher expandability I suggest to use bigger subnet, because soon or later your network will grow, and changing complete IP addressing at that time will be big headache, so better is to keep margin now only by using /16 network.

--

Regards

Sakun Sharma

0 Helpful

chamara siyambalapitiya
Level 1
Level 1
In response to Sakun Sharma

‎05-09-2013 03:35 PM

Hi,

Please look into Network foundation design reference under

http://www.cisco.com/en/US/docs/solutions/Enterprise/Education/SchoolsSRA_DG/SchoolsSRA-DG.html

it will help you to understand

Chamra

Please rate helpfull posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card