Solved: VLAN re-design help, dropping VTP

Matt Roberts · ‎04-30-2014

We are currently using VTP client/server and spanning all our vlans to all switches. I was told this was a bad design and to create the VLANS on each switch and do more routing at the edge/access layer.

We mostly have an access to core design with a couple of distribution points at two specific sites. I'm struggle a bit with how to configure this.

I'm going to break out each site and each site have multiple VLANS.. It would look something like this (not complete just a quick example)

Site 1
10.1.2.x - Data
10.1.3.x - Voice

Site 2
10.2.2.x - Data
10.2.3.x - Voice

I know how to create vlans but how would the routing be setup and how would the machines get DHCP from the windows DHCP server? Would I have to enable routing on each switch so 10.1.2 knows who to talk to 10.1.3? What would the routing look like on the core?

Rolando Valenzuela · ‎04-30-2014

I agree with Joseph, just because you are using VTP is a bad design, I like to think that VTP is a "necessary evil" :)

How many vlans do you currently have?

less than 5, you can live without VTP, more than 5, uses VTP with autentication, also if you are concern about security, if possible you can disable cdp.

View solution in original post

Joseph W. Doherty · ‎04-30-2014

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I wouldn't consider usage of VTP, alone, makes for a "bad" design.

Even if your network is all (switched) L2, that too, alone, may not make for a "bad" design. Would need to see a diagram of your current topology, number of active hosts and typical traffic patterns to provide possible suggestions.

However, to answer you questions. . .

On Cisco (routed) gateways you add IP helper addresses, which "pick up" local subnet host dhcp broadcast requests for an IP and directs them to the IP of a DHCP server.

Yes, normally you need routing to move traffic between networks.

What you core routing would look like depends on your logical L3 topology.

Matt Roberts · ‎04-30-2014

We have over 50 VLANS, one for each department and others for different type of traffic. The goal is to shrink this down to maybe 10 at each site. I'm just not sure how to decentralize the VLANs from the core out to the access/distribution layer.

Each site would have the same set of VLANs (data, voice, security, management, etc) but each site would be a different subnet.

Site 1
VLAN2 10.1.2.x - Data
VLAN3 10.1.3.x - Voice

Site 2
VLAN2 10.2.2.x - Data
VLAN3 10.2.3.x - Voice

Rolando Valenzuela · ‎04-30-2014

I agree with Joseph, just because you are using VTP is a bad design, I like to think that VTP is a "necessary evil" :)

How many vlans do you currently have?

less than 5, you can live without VTP, more than 5, uses VTP with autentication, also if you are concern about security, if possible you can disable cdp.