Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 

VLAN IP scheme advice

Occasional Visitor

VLAN IP scheme advice

Where to begin...

I need advice on subnetting my LAN in some logical fashion. I am the sole network person at this company and most of my experience is in WAN. Consider me a newbie to VLANs.

I am migrating our LAN access and distribution switches from Dell to HP so I can implement VLANs. I am using a Cisco 3750G-12s-s stack for the core switch with a mix of 5412yl and 3500yl switches for access and distribution, all connected via fiber to the core. Our server farm is connected via a second Cisco 3750G stack off of the core.

Our campus is spread across three buildings and supports just over 300 workstations, numerous printers, three video conference suites, and some VoIP phones. We will be implementing a new IP phone system with VoIP phones on all desktops later this year. We also have IP-based card readers and HVAC control systems and a couple of wireless access points that I am actively trying to eliminate.

All workstations will use DHCP-assigned IPs, as will the VoIP phones. Printers are statically assigned but can be changed if necessary. Video gear, security endpoints, and HVAC systems are statically assigned as well.

Currently, our LAN uses one /16 for the entire campus and is completely flat. Routing is accommplished at the core switch. I want to segment the LAN in some logical fashion with routing enabled at the distribution layer to reduce backbone traffic where possible. I envision seperate VLANs for data, VoIP, video, security/HVAC, printers, wireless, and a guest VLAN, but I am having a difficult time figuring out an IP scheme for this VLAN implementation. I am hoping to get some insight on best practices in subnetting this network. I understand DHCP scopes and some of the nuts and bolts of this migration, it's the conceptual planning for what subnets go where and service what devices that I am having problems with.

Any advice would be greatly appreciated.

Regular Advisor

Re: VLAN IP scheme advice

What we use for years:

- VLAN for workstaions
- VLAN for high secure workstations (ones you don't want anybody to mess up with)
- VLAN for servers
- VLAN for management like iLO, switch addresses
- VLAN for VoIP
- VLAN for video surveillance
- VLAN for firewall (we usually put firewall in separate VLAN)

subnet for each vlan is decided per needs (how meny hosts you will have)

so this is pretty much what we use and no problems. no matter if is 50 device network or 5000 ...
Regular Advisor

Re: VLAN IP scheme advice

in addition to your questions I would use:
- separate VLAN for each function
- user two DHCP servers in 80-20 fashion for redundant
- use DHCP where ever you can

etc ..

I guess you would be fine with C class per VLAN...
Occasional Visitor

Re: VLAN IP scheme advice

Great suggestions. We've decided to follow several of them.

We're using DHCP wherever possible and doing the 80/20 thing to provide redundancy. We are implementing port-based VLANs according to function (Employee data, VoIP, Video, Servers, etc.) W're assigning a class C to each VLAN except where static IP assignments are required. This allows for future growth with minimal administration.

Some of our printers and plotters require static IPs and some don't, so I've set ip a DHCP scope for the Printer VLAN with address reservations for those that require a static IP. We are also implementing a Management VLAN with access restricted to specific ports.

We are implementing this across several sites. It's going well so far.

Thanks for the suggestions!
Occasional Advisor

Re: VLAN IP scheme advice

damiri...do you guys connect your vlan's via a router or are you doing routing on your switches?