I inherited a nice little nugget. I am curious how I can go about flattening these vlans so I can create some simple vlans that are easy to manage. They way this admin has it - is that if a printer needed to be physically moved within the office environment the port needed to be issues the switchport access command. This is not desirable and I am not certain why this practice was used. The switch is a L3 3750 switch.
The future state is noted below. I suppose I would like to know, how can I transition to the desired future state.:
Oh and of course I would like to do this with minimal interuption :)
FUTURE STATE: (where I want to be)
Vlan2: would be infrastructure this is where servers etc would be added that require a static IP.
VLAN12: Is where I would put any PBX related devices that require static IP
VLAN14 Guest wireless (can be DSL)
VLAN17 I would setup a RF GUN vlan (wireless)IP would be via DHCP
VLAN 99 is where my PC's and printers sit on. this is the vlan wheer almost 99 percent of the devices would sit on.
everything would be 22 bit mask.
The idea is if you plug a printer in to any port that is on vlan 99 it would give it an ip addy via dhcp then the admin can go into it and make it static. and does not need to manually flip ports for it to function and easy to administer. And of course same with pc's just plug and go and do not need to administer the switch. There are several IDF's and I would use VTP
"This is not desirable and I am not certain why this practice was used."
Looking at the config there is an Expand device in use. The Expand device is a WAN accelerator. On 2 of the L3 vlan interfaces there is a route-map for PBR applied which directs traffic to the Expand device. I suspect that this is the reason the admin separated printers from PC's altho i could well be wrong.
Do you know if WAN acceleration is in use ?
By the way. as a side issue, having your printers on their own dedicated vlan can be a good security move. What this allows you to do is to apply acl's to all the client PC vlans so that traffic is only allowed to
4) + any other company specific devices
ie. you do not allow client traffic from one vlan to go to another client vlan. Then if one of the clients gets infected you have at least limited the propogation of the virus and servers generally tend to be better protected than clients.
If you had printers mixed in with clients then you could not do this because client vlans would need to talk to other client vlans because of the printers.
there is no longer an expand device on the network that was something they were testing. That config needs to be removed. Thanks for pointing that out.
However the objective is to make this easier to manage. The current setup is not.
The enterprise does not have a fulltime or individual to manage cisco devices all day long. so ACL betweeen vlans is something that I do not require at this time. I wish for all the vlans to talk to each other.
I essentially want to flatten the current vlan 111 and 102 to a vlan called 99.
Understood, just wanted to make sure it wasn't going to create more problems than it solves. If all you want to is flatten 111 & 102 then i would migrate 111 to 102 as the printers will probably be statically addressed whereas your clients will presumably be using DHCP.
You say you want to use a /22 - is this for vlan 111 & 102. I would not use a /22 due to broacast traffic - /24 or even /25 would be my preference although you could get away with a /23.
Can you get a /23 from your existing subnets ie.
vlan 102 = 10.99.2.0/24
is 10.99.3.0/24 used anywhere as you could use this ie. 10.99.2.0/23.
Is this because to reduce the amount of broadcasts in a single subnet/vlan? Just looking for clarification on a 22 bit mask vs the 24.
There is potential to have more then 500 hosts in this vlan.
You are providing excellent suggestion regarding performance. But I am looking for it to be easy. So I am looking for the best of both worlds :) There isnt anyoen full tiem at this specific site to manage things.
Basically yes. /22 allows for over 1000 hosts in the same subnet. It does depend on the type of application traffic within that subnet but i have found /24 or /25 to be a good choice.
If you have a 1000 hosts and they are using apps that rely partially or wholly on broadcasts then that's a lot of traffic each host will need to process. In addition a virus will spread very quickly between the same hosts on the same subnet.
"Chuckle I still need the answer to my initial question. Which is - what is the process to flatten the two vlans to 1?"
Sorry, got sidetracked.
Like i say it make sense to flatten both vlans into the existing printer vlan - vlan 102 and change the subnet mask from 255.255.255.0 to 255.255.254.0 on the 10.99.2.0 network. As each vlan is only /24 then you only need a /23 to accomodate both vlans. This does assume 10.99.3.0/24 is not in use anywhere within your network.
The above has the advantage of not having to readdress your printers. But if you wanted to start from scratch then
1) Choose new IP subnet
2) Create new vlan at L2
3) Create new L3 vlan interface using address from 1)
4) Set up scope in DHCP
5) Set ip helper-address if DHCP server is not in new vlan
6) allocate existing switchports into the new vlan
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...