Switches, Hubs, and Modems
1745833 Members
4161 Online
108723 Solutions
New Discussion юеВ

Segmenting a large network

 
Roger Richards
Occasional Advisor

Segmenting a large network

We have a very huge network pertaining 18 locations (WAN). Each site has three vlans, Vlan1 DATA, Vlan2 VOICE, VLAN 11 Backbone. Each site has a 5300xl switch. We are using the 10. network class a addressing and we have quite a bit of devices at each location. What would be the best way for us to segment each site without having to re-stucture ip addressing. Can we change vlan1 from management? And use another? What is the best way? These sites are schools, and viruses are a problem too.
8 REPLIES 8
OLARU Dan
Trusted Contributor

Re: Segmenting a large network

How many devices do you have on each subnet? This will determine the subnet masks you may want to use for each subnet. By subnetting the 10.0.0.0 network you can make it work.
Mohieddin Kharnoub
Honored Contributor

Re: Segmenting a large network

Hi

Can you give us an estimated hosts required in each Vlan, and the IP for each Vlan at least for one Site (bigger one).

Good Luck !!!
Science for Everyone
Roger Richards
Occasional Advisor

Re: Segmenting a large network

In each vlan estimated hosts.

Vlan1 hosts 200 10.128.80.1 (default)

vlan 2 hosts 45 10.138.80.x(VOIP)no worries

vlan 11 hosts 25 172.16.2.x(backbone)no worries
Mohieddin Kharnoub
Honored Contributor

Re: Segmenting a large network

Roger,
The subnets are also important :)

Science for Everyone
Roger Richards
Occasional Advisor

Re: Segmenting a large network

subnets for switches 10.128.88.0/20

DCHP range 10.128.90 - 10.128.95.0/20

I hope this is what you want

Shane_33
Frequent Advisor

Re: Segmenting a large network

If you have a 5300 per network, the other option is to look into the Identity Driven Manager (IDM) software from ProCurve.

There are many sites I know of that are using this platform to handle network provisioning dynamically.

Then the network provisions itself based on the users identity - far less hassle and work in the long run and you get the benefit of all of the inherent security that comes with it.

Regards,
Shane.
Shane_33
Frequent Advisor

Re: Segmenting a large network

I should note this doesn't help the "without having to re-structure ip addressing" in the short term :)

Regards,
Shane.
OLARU Dan
Trusted Contributor

Re: Segmenting a large network

You should use 255.255.255.0 subnet mask for all subnets, since this gives you 254 usable IP addresses for hosts. I would put the switches' subnet in VLAN1 (DEFAULT_VLAN). Also DHCP scopes should reflect this subnetting for the hosts (for the switches I would use static addresses).