Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

To VLAN or Not to VLAN

We have one big Segment interconnected by multiple layer3 Cisco Switches.

We have 500 PC's and 35 Servers shared by all Departments.

Is it beneficial to VLAN these Departments even though they all share the same resources - Servers


Re: To VLAN or Not to VLAN

One good thing by doing that , broadcasts seen and processed by each of those departments will be localized to their own vlan. With a Windows environment and if running AD, you will see a lot of Netbios traffic going back and forth, which could yield to more network utilization on the switch as well as on each PC if all the 500 PCs were in one flat vlan. Definitely you will see some improvement in performance when you split them into multiple vlans. 500 users in one vlan goes with best practices, but its right at the limit. I would prefer not more than one class C or even less per vlan.

Also, in future if you want to apply different policies (access rules) between departments, it will be easy to do it if you have multiple vlans defined (one for each department).

New Member

Re: To VLAN or Not to VLAN

Infact we also have more than 400 PCz on the network with 30 Servers, when we faced a broadcast problem on the network last year, that time we have decided to implement the vlan, once after implementing vlan we have never faced any problem in our network,network performance was very good. so it is best to implement VLAN on the network, bcoz it will be better if you implement VLAN when you have more than 200 PCz on the network.

Note: Broadcast should be less than 20% of your network utilization, if it exceeds more than 20% of your network utilization, then your network performance will be poor.

New Member

Re: To VLAN or Not to VLAN

I use the rule of thumb of about 200 devices but have smaller ones for security and phones,

REASON: VACLS to limit traffic, IP PHONES need (or should have) their own vlan, Security and QOS Reasons.

Ex if you have a BC virus or a chatty nic, IPX or Appletalk printers run amok or bad employees running ettercap and a sniffer on one vlan will not cause immediate problems on the other vlans (proper pruning)

I personally use a Server VLAN and put all workstations in their own vlans to reduce the possibility of problems on the server farm.

CreatePlease login to create content