Core Switch & VLANNING

Unanswered Question
Feb 21st, 2008

Hi folks - don't flame me too bad butsome questions rolling around I have to ask on how you do this in the real world.I know how to create vlan etc. But my question is this I have a 4507 Core switch, with 3500XL's as edge devices within the company's IDF's. The network is basically flat but I would like to change that. I have one other vlan that Ihave our wireless ap1220's on that have two SSID's one is an internal SSID to get on the corporate infrastructure and the other is VLAN for a DSL connection for outside our corp network. What I want to do is put our server say on VLAN2 our printers on VLAN10, Wireless Barcode readers on VLAN17 etc etc. What I am really curios about is how do the seperate vlans get thour own IP subnet?

DSL modem dishes out IP address via DHCP. So this means for other VLANS IP addresses I will need to do some work on my DHCP Server on my Windows box. My intenral address scheme for example is 10.10.0.0/16. So my servers IP address are static and I want those on 10.10.1.0/16 then my DHCP for client pc's are 10.10.10.0/16 and my wireless for internal would be 10.10.20.0/16 and the barcode wireless guns as 10.10.17.0/16 and the printers on 10.10.2.0/16

So for wireless I need DHCP,

The printers are static

the client pc's would be dhcp. So can this be pulled off with a 16 bit mask also how does the client know what vlan it belongs to? Would this be some sort of dynamic port setting? Also what other things I need to do in my switch and dhcp server? Also should I make the vore VTP server and the edge devices as VTP clients? I hope that was somewhat clear.. ;)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
planzone Thu, 02/21/2008 - 13:30

Thanks for the docs. Much appreciated however I guess the real task is that from what I see my 16 bit mask will NOT work int his scenario

I would have to go with a 22 bit mask. Thing is currently all the clients are essentially on the native vlan of 1. How do I perform all this with minimal disruption to change the masking? Hmm looks like a bit more research needed from my end

..

bmcginn Thu, 02/21/2008 - 15:24

Hi there,

I think you will need to renumber your VLANs to a somewhat manageable size. /24 VLANs are usually a good size, but what you can do to be more specific is work out how many hosts that require each VLAN and size your VLANs accordingly. Eg, if you have 79 hosts for a VLAN you may want to use a /25 or /24 network for that VLAN. The choice is yours.

In regards to how the separate VLANs get their own subnet: I assume you will have the core 4507 switch as your gateway for all of the VLANs? Likewise it will be your VTP server and STP root? If you configure all of the VLANs on the 4507 and create the VLAN interfaces on the 4507, you can give the VLAN interfaces IP addresses which will be the gateway addresses for the VLANs. On the VLAN interface on the 4507 you can define an ip-helper address which tells the VLAN where the DHCP server is.

Configure VTP on all of your edge switches and plan where you will have VLAN access ports. The edge switches will know what VLANs are available through VTP. They will know what VLANs to use because of the access ports configured on the switch. The hosts will get the correct IP address from the DHCP server if it is connected to a switchport interface with the correct VLAN accessport configured. eg, connect host A into switchport 40 on a 3500XL. Switchport 40 is configured as an Access port (switchport mode access, switchport access vlan XX). The 3500XL switch will need to have a trunk back to the 4507 (switchport mode trunk, switchport trunk encapsulation dot1q) and VTP configured on it. VTP will know to send VLAN XX traffic to the 3500XL because of the access port configured on it.

I strongly advise against using a 16 bit mask primarily due to the size of the broadcast domain you have. Minimising that, or keeping the amount of hosts on that network small will help you in the future.

'How does the client know what vlan it belongs to'? The actual client won't know that (in saying that, there are NICs out there that do understand dot1q and can tag frames but just assume that's not the case). The client will have no idea of what VLAN it is in. It will send untagged packets to the switch. The switchport (which is configured as an access port for that VLAN) tags the packet as belonging to its VLAN.

eg host B connects to port 24 on 3500XL. port 24 is configured as access port for VLAN 30. port 1 on the 3500XL is a trunk port connecting to port 1/2 on the 4507. Port 1/2 on the 4507 is a trunk port also. VLAN 30 interface is configured on the 4507 and has IP address of 10.10.30.254 255.255.255.0. IP helper address of 10.10.1.15 is set on the VLAN 30 interface. (10.10.1.15 is the DHCP server). Host sends DHCP enquiry packet out, the VLAN interface sees it and forwards along to the DHCP server which understands (from the IP address of the VLAN interface) that it belongs to the 10.10.30.0/24 range. DHCP sends back a valid IP for the host.

Obviously I've left a few steps in the DHCP process out, but you get the drift.

In short, An Access port tells the network what VLAN the client connected to that access port is in. The ip helper address that is configured in the VLAN interface tells the subnet what DHCP server to use. You won't be able pull it off while all of them are using a 16 bit mask.

Just a note: The whole idea of VLANning is to minimize a broadcast domain. If you have your servers on 10.10.1.0/16, your clients on 10.10.10.0/16, wireless for internal on 10.10.20.0/16, barcode wireless guns on 10.10.17.0/16 and printers on 10.10.2.0/16; they are all on the same network.

To VLAN them all, you will need to break them up. Eg

Servers: 10.10.1.0/24 VLAN

Clients: 10.10.10.0/24

Internal Wireless: 10.10.20.0/24

Barcode wireless: 10.10.17.0/24

Printers: 10.10.2.0/24

Hope that helps a little.

Actions

This Discussion