I inherited this network that I think is way too flat. They only have 2 vlans (users and Servers). I am not concerned with the users vlan, but the Servers vlan is way too flat. I am trying to break it up without causing major issues (also , trying to keep it so I don't need to hit every server to change mask, etc.)
The Server vlan layer 3 interface is configured with 10.50.0.1 /16. When they were assigning IP to the various Servers, Printers, etc.. on this vlan, they actually used a decent numbering scheme, but unfortunately, it's all on the same vlan using /16 for the mask
For example: 10.50.10.0 for server, 10.50.20.0 for printers, etc.. However, all have /16 mask and all on the same vlan.
Any ideas how to incorporate more VLAN's without destroying the whole environment? Another question, If I reconfigure the layer 3 interface with /24 subnet, would a machine with /16 subnet still communicate with the gateway?
If you want it to work right then you will have to change all the masks to a /24 otherwise leave it like it is . I don't know why people use like a /16 must be a complete lack of undertanding of addressing and masking .Make a project out of it , don't know how many total devices you have but to do it right you need to break it up into /24's ,make /24 SVI's on your layer 3 switch , put the ports in the right vlans and then address and mask the devices correctly.
>> If I reconfigure the layer 3 interface with /24 subnet, would a machine with /16 subnet still communicate with the gateway?
yes if you have proxy-arp enabled on the L3 interface
you can check if proxy-arp is enabled by using
sh ip interface type x/y
looking at the Proxy ARP line to see if it is enabled.
the device with /16 mask will ARP for an ip address it considers in same subnet: L3 interface of network device receives it and answers with its own MAC address in an effort to help the device with /16 mask.
Actually you need to increase the number of L3 interfaces and of L2 broadcast domains.
I inherited a decent sized infrastructure a year and a half ago with the same issues, they assigned /16's everywhere, in fact if they didn't have 70 remote sites T1 connected they would have had a giant /16 for everything I'm sure.
The only place I didn't break up the /16 was in my datacenter, the complications with trying to migrate the IP address of a Domain controller on a production network generating several billions a year was not something I wanted to do, so I actually built my network around the Datacenter. Luckily for me they used 10.64.0.0/16, the 64 makes an excellent boundary for summarization.
Honestly, most places don't have thousands of servers, leaving your servers in a /16 probably isn't that big of a deal unless you do actually have thousands of servers. The biggest thing is to reduce the size of your broadcast domains, since you probably have more users than servers, it would make sense to actually start there. Breaking up the voice and data networks is a great start, logically defining VLAN boundaries (IE IT data and voice VLAN's, HQ Data and Voice VLAN's) you can use physical buildings as VLAN boundaries, departments, whatever you would like, so long as you pick a standard, document it, and enforce it.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...