cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9656
Views
5
Helpful
6
Replies

vlan numbering and ip scheme

aamercado
Level 4
Level 4

Hope this is the right place for newbie question. Anyways, we have a greenfield new install with tier 2 hierarchy and running ospf L3 to the access switches. In the diagram below and to abbreviate, the 192 net is subnet out which I didn't draw out entirely.

----core1 (192.111/24 and .2/.24)--core2

\

(192.10/24)

\access

172.16.20.0/24 (v1620)

172.16.201.0/24 (v1621)

172.16.30.0/24 (V1630)

172.16.203.0/24 (v1623)

my customer wants to use /24 btwn access and core which doesn't seem to make sense as I would prefer /30 to save ip address space

Also, with 4 digit vlans, it doesn't seem manageable such as using even/odd vlans naming scheme but I am not sure what is best practice with naming, design and management in terms of ip address and vlan numbering.. what is best practice in this scenario?

Thx

6 Replies 6

Hello,

first of all, be careful when creating VLANs with the numbers that you are using, most switches do not support more than approximately 1000 VLANs other than in transparent mode, which means that the VLAN information is not carried across any trunk links, and all VLANs need to be created locally on all switches. Which type of access switches are you using (e.g. 2950, 3500XL) ?

I would suggest to use VLAN numbers such as 20,201,30,203, etc., in order to avoid the above mentioned problem. Also, I would add a description for each VLAN.

Let me know if you need more help, if you are not familiar with configuring VTP and VLANs...

Regards,

GP

Im not really sure what your asking with your IP question, I understand YOU want to use a /30 mask, and your customer wants to use a /24 mask, but what I'm un-clear about is, between what devices? A switch and a router? Since a switch doesn't care about IP addresses (Layer 3) you don't even need to configure an IP address for it, unless you want remote managment access (who wouldnt.)

That being said, putting a /30 mask on a switch to router connection is a waste of IP addresses not the other way around.

Example:

Using a /30 mask you have 2 useable IP addresses

1 Network address, and one Broadcast address.

You just wasted 1 IP address out of 254, every time you VLSM (variable length subnet mask) you waste one useable IP address on a broadcast domain, and for every additional network past that first one, you start wasting 2 useable IP addresses (the network address and the broadcast address)

VLSM CAN save you IP addresses when used properly, IE. between a point to point connection such as a router to router. But an access switch to a router, I wouldn't subnet that out.

I (me personally) would use a high number address such as 172.16.20.254/24, make a reservation in the DHCP pool for that address, and let the users take the rest of the addresses.

This allows for expansion also, because it is easier to engineer a network rather than re-engineer a network.

GP had a good point that I would have overlooked with the high numbered VLAN. Definately name them.

My personal preference with assigning VLAN's would correspond to the Network address, which is what you appeared to do, but honestly if I were to walk on to your network as a new employee, I probably wouldn't have noticed a correlation. I would have labeled them VLAN 20, VLAN 201, etc.

When I VLSM users on a network that is tight on address space, and has requirements that departments be broken up via VLAN, I would use a "major" "minor" approach to the VLAN number, such as VLAN 10 is the accounting department with 124 users, and the remaining 20 users for that department would be on VLAN 11. Total of 144 users, I saved addresses by combining a /25 address for the first group and a /27 address for the second group, leaving the other 110 addresses open for other VLAN groups.

The first digit represents the "major" group, and the second would represent the "minor" group, if I had a 3rd group it would have been VLAN 13.

The networking department would start on VLAN 20, and so on.

Those are my preferences though, I have not seen anything that says there is an actual standard. I hope this helps guide you in the right direction.

Good luck.

CM

HI

Thanks for your reply.. to clarify, my customer is using C6k(core) and 3750(access) and no distribution. Since both are capable of doing Layer 3 routing, he is running ospf on the 3750 access therefore the 3750 are not acting as L2 devise other than when connect to the host pc. In fact, we are not running any stp in the network. I showed the following docs on L3 campus networking:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/cdccont_0900aecd801a8a2d.pdf

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/cdccont_0900aecd801a89fc.pdf

Unfortunately, my specialty is in the voip side which is my responcibility and not r/s while my customer contact is the net eng and a ccie so I did not want to step on any toes here but now, for my own knowledge and base on your responce:

1. Since we are running L3 on the campus and not L2, can VLAN ID still go above 1000?

2. Given the clarification, is it still a good idea to run /30 btwn core and access?

3. CM..thanks for your idea on major/minor vlans but base on the links above, cisco recommends not to span vlans (ie Floor 1 and Floor 2 will not share vlan 100 for voip instead Fl 1 and Fl 2 voice vlan will be 100 and 101 respectively). I am trying to think this through as Cisco also recommends to try to keep your subnet/vlan contiguous for summarization which my Cust doesn't have.

Thanks again

VLAN ID range is from 1 - 4096, with the exception of 1001-1005 are reserved. Im not 100% sure, but I believe the 1-1000 limit might be limited to older IOS's, and possibly certain switches. From personal experiance with 6000 series and 3750, the range is 1 - 4096.

The major/minor is dynamic :) Just as long as you pick a common factor and utilize it throughout a network so it is identifiable to other technicians. In your example of floors, VLAN 100 for floor 1, and VLAN 101 for floor 2, could also be used as Building 2 Floor 1 is VLAN 200, building 2 floor 2 201, and still utilize the same major/minor. I service many different buildings in a small area and this is how we identify network segments is actually by buildings and floors.

Im not sure about the /30, I would have to visualize the setup and Im getting pretty tired :) and Im useless without a whiteboard :)

If the only thing you are going to put in the /30 is the addresses of the point to point connections then a /30 would be your best option, because like you said earlier, it conserves addresses.

|6500(core)|------|switch(3750)|======|multipleVLANs|

where the core's interface to the switch is 192.168.1.1/30 and the switch is 192.168.1.2/30

and the VLAN's are on seperate seperate networks tha the connection, then yes, I would use a /30, because it wouldnt make any sense to waste 252 addresses that cannot/will not be used anywhere else in the network.

Sorry if that doesnt make much sense.

Thanks for the link to those references, I'll have to read through them this weekend.

Thanks for the response, I hope this helps.

CM

1csscctdc
Level 1
Level 1

I just glanced at you net diagram up there, and you have 3 devices on the same network right? core1, core2, and the access switch are all on the same network? If so you would need a /29, /30 provides 2 useable IP's, /29 provides 6.

k4kulwinder
Level 1
Level 1

Hello Sir,

i have just started my career in the field of networking and system administration. i have done CCNA and i m planning to do RHCE. please guide me. is RHCE is the right path to success or i have to do some other certifications in the field of networking.please help me.

Regards

Kulwinder Singh

IET BHADAL

PUNJAB

INDIA