We started out as a small organization with a core switch at each of our three sites. Each site as one or more buildings with multiple floors. Each department (10 total) was provided a routed VLAN on the core. We slowly, but surely ran out of IP addresses for departments. We next began assigning multiple VLANs to a single department, but it has become somewhat messy. We have departments at sister sites with differing VLAN numbers, etc. In addition, we have added a second core switch to a new building at our biggest site, so it is routed and subnetted separately. So to summarize we have:
Building 1 and 2
Core switch 1 (6509)
4 Servers 10.1.4.0/24
10 Marketing1 10.1.10.0/24
11 Marketing2 10.1.11.0/24
12 Business Office 10.1.12.0/24
18 Cisco 10.1.18.0/24
22 Facilities 10.1.22.0/24
25 Interactive Video 10.1.25.0/24
30 Voice 10.1.30.0/24
Core Switch 2 (4900)
4 Servers 10.2.4.0/24
10 Marketing1 10.2.10.0/24
13 Marketing2 10.2.13.0/24
15 Business Office 10.2.15.30.0/24
18 Cisco 10.2.18.0/24
22 Facilities 10.2.22.0/24
25 Interactive Video 10.2.25.0/24
30 Voice 10.2.30.0/24
So as we plan for future expansion, my question are:
•1. What addressing scheme would make the most sense? Should I base my VLANS on a scheme like function, building#, and floor. So for example, marketing in building one on floor one might be VLAN 411. The “4” would represent marketing, the “1” would be building one, and the next “1” would represent floor “1”. Or does it make more sense to subnet my network based on closets. For example, closet one (wherever that is) is subnet 10.1.0.0/24, closet two is subnet 10.2.0.0/24, closet 3 is subnet 10.3.0.0/24. Obviously the 3rd octet in every address would be the VLAN.
•2. What other better options are there in terms of addressing using IPv4?
If you want my advice, I prefer to use L3 connection between your access switches and the core switches. In this way, you will avoid problems like spanning tree and you can use redundant links and failing over in faster time than L2.
In this way, you will have different vlans in each one of these switches and so different subnets, and it will be easier to manager, so you can differntiate and know each subent where it belongs and to which department/application.
1. Do users all access services in the common server vlan? If so, then why segregate PC Vlans by department? You'd probably be better off segregating by geography (building, closet). 2. Agree with other poster that you should route from the access to the core. 3. There is a Cco document that recommends you segregate the address space of the voice vlan completely from the data so you can easily acl and prevent all access to the voice network. For example, use 172 16.10.0/24 for building 1, then 172.16.20.0/24 for building 2. Then you can put an acl at all layer 3 points that says from 172.16.0.0/16 to 172.16.0.0/16. This obviously has implications for the addressing of any ccm servers and associated voice gateways.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.