Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
5
Helpful
3
Replies

VLAN Segmentation - Need suggestion on best possible way

Go to solution
Siva Mantri
Level 1
Level 1

‎10-20-2015 12:48 AM - edited ‎03-08-2019 02:17 AM

Hi,

Scenario - All the servers are in single VLAN - 172.16.0.0/16 - SVI (172.16.0.1)

However IP range is used to assigned based on their environment. 

Devlopment            -  172.16.0.1/16 - 172.16.0.255/16
SALES                    -  172.16.1.1/16 - 172.16.1.255/16 

MANAGEMENT      -  172.16.2.1/16 - 172.16.2.255/16

Account                   -  172.16.3.1/16 - 172.16.3.255/16 

Finance                   -  172.16.4.1/16 - 172.16.4.255/16

Requirement - Now i want to perform VLAN segmentation with creation of additional VLANs -  172.16.0.0/24 (VLAN-5) & 172.16.1.0/24 (VLAN-6) & 172.16.2.0/24 (VLAN-7), 172.16.3.0/24 (VLAN-8) & 172.16.4.0/24

I know it requires maintenance window as server wont be reachable during the change of current VLAN. I am NOT ALLOWED to change IPs of the servers, however subnet mask & gateway can be altered. 

So what are the concerns or challenges to be considered to minimize the downtime & also any chance to perform phase by phase ? 

Thanks in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-20-2015 04:58 AM

It depends on whether your existing vlan is vlan 5 or not.

If it isn't then be aware that for the vlan 5 subnet the mac address of the default gateway will change.

So you may see issues with the arp cache on those servers.

The other vlans should be okay  ie. you are going to change the default gateway anyway so it shouldn't matter.

In terms of migration you can use the interface range command to move all servers into the correct vlans and you can use a phased approach ie. you can do a vlan at a time and then make sure that you have full connectivity before moving on to the next one.

Probably a good idea at least for the first vlan to make sure all your routing etc. is setup correctly.

The only thing you need to be sure of is that no servers from different vlans need to communicate with each other at L2.

It is unlikely and they should all work with L3 but you need to be sure because obviously if you move them into separate vlans it isn't going to work.

Jon

 

View solution in original post

3 Replies 3

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎10-20-2015 01:39 AM 

I am NOT ALLOWED to change IPs of the servers, however subnet mask & gateway can be altered.

This statement contradicts itself.  

 

You can't change the IP address(es) of the servers (makes sense) but you can change the subnet mask?  

0 Helpful

Go to solution
Siva Mantri
Level 1
Level 1
In response to Leo Laohoo

‎10-20-2015 05:57 AM

Yep. Suppose for a server with IP setting 172.16.1.115 subnet mask 255.255.0.0 default gateway 172.16.0.1 at present. 
Will change to 172.16.1.115 subnet mask 255.255.255.0 with default gateway of 172.16.1.1 which will be a SVI of newly created VLAN.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-20-2015 04:58 AM

It depends on whether your existing vlan is vlan 5 or not.

If it isn't then be aware that for the vlan 5 subnet the mac address of the default gateway will change.

So you may see issues with the arp cache on those servers.

The other vlans should be okay  ie. you are going to change the default gateway anyway so it shouldn't matter.

In terms of migration you can use the interface range command to move all servers into the correct vlans and you can use a phased approach ie. you can do a vlan at a time and then make sure that you have full connectivity before moving on to the next one.

Probably a good idea at least for the first vlan to make sure all your routing etc. is setup correctly.

The only thing you need to be sure of is that no servers from different vlans need to communicate with each other at L2.

It is unlikely and they should all work with L3 but you need to be sure because obviously if you move them into separate vlans it isn't going to work.

Jon

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card