I'm looking for suggestions on breaking up a flat network. My current infrastructure is as follows:
150 Server IPs (approx)
75 Appliance IPs (switches/router/fw/printers)
240 Workstation IPs (90% dhcp)
As you can tell above this doesn't leave us with many available addresses and my group is preparing for additional growth that may use up the rest of the available IPs.
We have 5 network closets that terminate back to our core switch via fiber and gigabit is run to all server and workstations. There are up to 5 departments that terminate in each closet. All switches are VLAN capable, however, only the default is being used. Department will need to communication with one another.
I'd like to keep my servers on the existing subnet if possible, unfortunetly there are several applications (documented and undocumented) that point back to an ip address.
Also, i'd like to implement a separate vlan/subnet for Out of Band management.
Firstly, which device are you proposing to use for routing between the vlans ? Do you have a L3 switch or router available ?
Personally i like to use /24's or /25's for subnets. I would definitely recommend using a separate vlan/subnet for each dept. as this will make it easier to apply policies such as acl's etc to each dept.
Out of band management means you would need extra kit unless you already have it spare. Even if you decided not to do out of band i would recommend having a separate vlan for management of the switches and not vlan 1.
Ideally you don't want to use vlan 1 for anything if you can help it but it's not a disaster if you do.
Don't see any reason why you can't continue to use your existing subnet for servers and other non-DHCP hosts. Just move your DHCP clients into a new address space, which could be further up the 192.168.0.0/16 address block.
Since you have multiple departments that terminate in each closet, you'll probably want to use VLANs, at least within the closet. Whether you want to extend those same VLANs into other closets is debatable. You could, or since you'll be routing, have closet/dept. subnets.
For your core device, a Catalyst 3750G-12S might be a good fit. Assuming your can bond Ethernet channels with your existing closet switches, a dual stack of these devices would provide redundancy. (BTW, the basic software IOS image should be fine.)
We've noticed a significant amount of broadcast traffic on our switches.
#1 Reduce the amount of broadcast traffic
#2 Increase the amount of available addresses
Also, do I need a different subnet per vlan or can i use the same subnet for all vlans?
If I create a unique vlan for each department would i need to create acls to get the different vlans to talk to one another. OR do i create one vlan (aside of vlan 1 for management) for all clients that connect to that switch?
We are in the process of purchasing a catalyst 4500 for our core and catalyst 3560 and/or 2975 for our closets.
Moving from your flat network, to a routed network, is generally the way to contain broadcast traffic.
Normally you have one subnet per VLAN. You can have multiple subnets per VLAN, but usually don't want to have a subnet span VLANs.
No, you shouldn't need to create any ACLs to allow inter-VLAN communication. Their purpose is, generally, to block (some) communication. For instance, you might not permit other depts. to send to an accounting subnet yet allow the account subnet to send to other dept. subnets.
Unclear how you intend to use 3560 and 2975 in closets. If you wanted to route in closets, stack of 3750s likely a better choice. Plus if you route in closet, you'll also likely want an advanced IOS image on the 3560 unless you planned on only using statics or RIP.
The 4500 is a fine box, much depends on what you populate it with. For your size network, you might not need it, but again, it can be a solid choice.
If you have the budget for a hardware upgrades you describe, you might want to carefully consider the core/server relationship. My preference is, besides trying to get servers on the same "fabric", I like maximum bandwidth between them and the core. In smaller networks, this might be accomplished by combining the core/server on the same "fabric".
Since you mentioned gig connected servers, do note the original 4500 only supports 6 Gbps per slot. The -E version is much better at 24 Gbps per slot, but if you do consider combining core/server, you might also consider the 6500 which can provide up to 40 Gbps per slot.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...